Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hacked


  • Please log in to reply

#1
dolface755

dolface755

    Member

  • Member
  • PipPipPip
  • 210 posts

Ok before I start I apologize if this isn't where I'm supposed to be posting this but I took a guess.

 

Long story short...my room mate's computer had been hacked by one of those stupid things saying he was hacked so he called the number and let whoever log onto his computer.....Obviously it was crap ...NOW I have to try and fix it

 

I've already run all the malware and virus and deleted all the files I could find that this person left behind to access his computer, what I'm wondering is....

Could I just change the ISP, login and password for the WEP would that help if this horrible person left something behind to allow him in the back door....or do I really have to formatt and start from scratch to make sure there's nothing hiding.

All Windows security patches and AVG updates etc have been done

I also did a search for any files added the day this happened and deleted what I found.

Please let me know if I can just change or if I have other things I need to scan for 

 

Thank you

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP

Can I see a FRST scan?

 

 
  •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
    Might as well also check for rootkits:
     

     
    Download aswMBR.exe  to your desktop.
    The link is a direct download so the page won't change.
     
    Right click the aswMBR.exe and select Run As Administrator to run it
    Wait until the AV Scan shows up at the bottom left.
    Change AV Scan: from Quick Scan to  C:\
    Click the "Scan" button to start scan
    If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
    On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
     
    If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.
     
     
     

    • 0

    #3
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    I apologize for delay. We had some health issues to deal with lately. I will run the two scan now and post the results.

    truly thank you for your help 


    • 0

    #4
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    Here are the results from the FRST scan plus the Addition one......

     

     

     

    FRST:

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by David Salter (administrator) on DAVIDSALTER-PC (29-03-2017 07:53:29)
    Running from C:\Users\David Salter\Desktop
    Loaded Profiles: David Salter & Donna (Available Profiles: David Salter & Donna)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-07] ()
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe
    Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2017-03-19]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{DEEDC928-EEC6-4D3D-B02D-AE2A38095361}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E0B8131A-07A6-4117-948B-46763AE840E6}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-306836380-3015734-3570109687-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={60ED2CFE-39B0-4E63-B691-7A7A407A742C}&mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-04 19:02:55&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-07] (AVG)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default [2017-03-29]
    FF Homepage: Mozilla\Firefox\Profiles\60ew1kf0.default -> hxxps://ca.yahoo.com/
    FF Keyword.URL: Mozilla\Firefox\Profiles\60ew1kf0.default -> 
    FF Extension: (Garmin Communicator) - C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-09-26] [not signed]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-10-07]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David Salter\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll [No File]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://ca.yahoo.ca/
    CHR StartupUrls: Default -> "hxxps://ca.yahoo.com/"
    CHR NewTab: Default ->  Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default [2017-03-29]
    CHR Extension: (YouTube) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (OnlineMapFinder) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-03-23]
    CHR Extension: (Google Search) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
    CHR Extension: (Gmail) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-02-22] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-02-22] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-02-22] (AVG Technologies CZ, s.r.o.)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
    S2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-07] (AVG Secure Search)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-07] ()
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-29 07:53 - 2017-03-29 07:53 - 00013821 _____ C:\Users\David Salter\Desktop\FRST.txt
    2017-03-29 07:47 - 2017-03-29 07:47 - 05200384 _____ (AVAST Software) C:\Users\David Salter\Desktop\aswmbr.exe
    2017-03-29 07:47 - 2017-03-29 07:47 - 02424832 _____ (Farbar) C:\Users\David Salter\Desktop\FRST64.exe
    2017-03-21 05:01 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-03-21 05:01 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-03-21 05:01 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-03-21 05:01 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-03-21 05:01 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-03-21 05:01 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-03-21 05:01 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-03-21 05:01 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-03-21 05:01 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-03-21 05:01 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-03-21 05:01 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-03-21 05:01 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-03-21 05:01 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-03-21 05:01 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-03-21 05:01 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-03-21 05:01 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-03-21 05:01 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-03-21 05:01 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-03-21 05:01 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-03-21 05:01 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-03-21 05:01 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-03-21 05:01 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-03-21 05:01 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-03-21 05:01 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-03-21 05:01 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-03-21 05:01 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-03-21 05:01 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-03-21 05:01 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-03-21 05:01 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-03-21 05:01 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-03-21 05:01 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-03-21 05:01 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-03-21 05:01 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-03-21 05:01 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-03-21 05:01 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-03-21 05:01 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-03-21 05:01 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-03-21 05:01 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-03-21 05:01 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-03-21 05:01 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-03-21 05:01 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-03-21 05:01 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-03-21 05:01 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-03-21 05:01 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-03-21 05:01 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-03-21 05:01 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-03-21 05:01 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-03-21 05:01 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-03-21 05:01 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-03-21 05:01 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-03-21 05:01 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-03-21 05:01 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-03-21 05:01 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-03-21 05:01 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-03-21 05:01 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-03-21 05:01 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-03-21 05:01 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-03-21 05:01 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-03-21 05:01 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-03-21 05:01 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-03-21 05:01 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-03-21 05:01 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-03-21 05:01 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-03-21 05:01 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-03-21 05:01 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-03-21 05:01 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-03-21 05:01 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-03-21 05:01 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-03-21 05:01 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-03-21 05:01 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-03-21 05:01 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-03-21 05:01 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-03-21 05:01 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-03-21 05:01 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-03-21 05:01 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-03-21 05:01 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-03-21 05:01 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-03-21 05:01 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-03-21 05:01 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-03-21 05:01 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-03-21 05:01 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-03-21 05:01 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-03-21 05:01 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-03-21 05:01 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-03-21 05:01 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-03-21 05:01 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-03-21 05:01 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-03-21 05:01 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-03-21 05:01 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-03-21 05:01 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-03-21 05:01 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-03-21 05:01 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
    2017-03-21 05:01 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-03-21 05:01 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-03-21 05:01 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-03-21 05:01 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-03-21 05:01 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-03-21 05:01 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-03-21 05:01 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-03-21 05:01 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-03-21 05:01 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-03-21 05:01 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-03-21 05:01 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-03-21 05:01 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2017-03-21 05:01 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2017-03-21 05:01 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2017-03-21 05:01 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2017-03-21 05:01 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-03-21 05:01 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-03-09 15:58 - 2017-03-09 15:58 - 00002150 _____ C:\Users\David Salter\Documents\datemodified‎2-‎24-‎2017.search-ms
    2017-03-09 15:36 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-03-09 15:36 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-03-09 15:36 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-03-09 15:36 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-29 07:53 - 2014-08-12 09:44 - 00000000 ____D C:\FRST
    2017-03-29 04:56 - 2014-01-09 18:31 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-29 03:31 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-29 03:31 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-28 16:03 - 2014-02-20 17:03 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
    2017-03-28 09:51 - 2016-10-15 23:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-03-21 15:23 - 2016-07-26 09:30 - 00000000 ____D C:\ProgramData\Foxit Software
    2017-03-21 15:23 - 2014-01-10 21:29 - 00002816 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-03-21 05:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-03-21 05:17 - 2009-07-13 22:13 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-21 05:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-03-21 05:13 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-21 05:13 - 2009-07-13 21:45 - 00438384 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-03-21 05:10 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
    2017-03-21 05:05 - 2014-01-09 15:42 - 00000000 ____D C:\Windows\system32\MRT
    2017-03-21 05:04 - 2014-01-09 15:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-03-21 05:03 - 2014-10-16 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-15 20:45 - 2016-10-15 23:03 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2017-03-15 20:45 - 2016-10-15 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-03-14 18:20 - 2015-01-13 17:31 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-03-14 18:20 - 2014-01-10 21:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-14 18:20 - 2014-01-10 21:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ____D C:\Windows\system32\appraiser
     
    ==================== Files in the root of some directories =======
     
    2010-05-02 17:31 - 2010-05-02 17:31 - 4952064 _____ (M&R Technologies, Inc.) C:\Program Files (x86)\PCStitch 9.exe
    2014-01-29 19:47 - 2014-01-29 19:47 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-12-24 10:44 - 2016-12-24 10:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-03-24 03:32
     
    ==================== End of FRST.txt ============================
     
     
     
     
    Addition :
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by David Salter (29-03-2017 07:53:58)
    Running from C:\Users\David Salter\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2014-01-09 22:06:49)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-306836380-3015734-3570109687-500 - Administrator - Disabled)
    David Salter (S-1-5-21-306836380-3015734-3570109687-1000 - Administrator - Enabled) => C:\Users\David Salter
    Donna (S-1-5-21-306836380-3015734-3570109687-1003 - Administrator - Enabled) => C:\Users\Donna
    Guest (S-1-5-21-306836380-3015734-3570109687-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-306836380-3015734-3570109687-1002 - Limited - Enabled)
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Ancient Quest of Saqqarah (HKLM-x32\...\Ancient Quest of Saqqarah/EN/ES/FR-English_is1) (Version:  - City Interactive)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
    AVG (Version: 16.151.8007 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.151.8007 - AVG Technologies)
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
    Awakening 2  Moonfell Wood 1.00 (HKLM-x32\...\Awakening 2  Moonfell Wood 1.00) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
    Dungeon Lords (HKLM-x32\...\{F41D7749-D973-42E7-BD80-64309766C39E}) (Version: 1.50.0 - DreamCatcher Interactive, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Hidden Mysteries Salem Secrets 1.00 (HKLM-x32\...\Hidden Mysteries Salem Secrets 1.00) (Version:  - )
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    ISO to USB version 1.0 (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: 1.0 - isotousb.com)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Moraff's MahJongg 2005 Luxury Edition (HKLM-x32\...\setup_is1) (Version:  - MoraffWare)
    Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
    NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
    Paradise Quest 1.00 (HKLM-x32\...\Paradise Quest 1.00) (Version:  - )
    PCStitch Pro 9 (HKLM-x32\...\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}) (Version: 9.01.11 - M&R Technologies, Inc.)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
    PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
    Reincarnations Awakening 1.00 (HKLM-x32\...\Reincarnations Awakening 1.00) (Version:  - )
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The 'Jongg CDs - Additional Tilesets (HKLM-x32\...\tilesets_is1) (Version:  - MoraffWare)
    The Serpent of Isis 1.00 (HKLM-x32\...\The Serpent of Isis 1.00) (Version:  - )
    Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
    Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
    Unity Web Player (HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {291AD49A-9B6B-48D6-9E68-DDF650F7D04A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {3CC7440A-175F-4383-B163-13330CC253B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
    Task: {48673C3D-FB12-46E2-815E-780ED8A78075} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {7740263B-4F8D-454F-807E-D4954B0E9038} - System32\Tasks\{DA237C39-3DCC-416C-A1FB-AF45AD608A2A} => pcalua.exe -a C:\Users\Donna\Desktop\RecipeMaster_Install.exe -d C:\Users\Donna\Desktop
    Task: {7CF20AA0-7F1B-4A2C-A7C1-F4E00FAF8F6A} - System32\Tasks\{A46260D0-AAA0-4108-BAB1-EB91E01CC0B2} => pcalua.exe -a C:\Users\Donna\Downloads\RecipeToGo\setup.exe -d C:\Users\Donna\Downloads\RecipeToGo
    Task: {8B9D12A0-F9F4-4DCC-A1BC-D32B8D51C17A} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
    Task: {A8040B01-49FB-4EBA-9C57-F1B6CCFA351E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
    Task: {B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe 
    Task: {C5BE8C7B-793A-4332-BD97-E7632BBCFF25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {D65A09D2-C198-4274-B57C-E58EDECF1659} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-12] ()
    Task: {F5821A6F-F266-45C2-81AF-FFFE07E983BC} - System32\Tasks\{5DFE0486-73CE-4379-B5AF-02FF23977228} => pcalua.exe -a C:\Users\Donna\AppData\Local\Temp\{FD4AC1DB-A979-4B87-8D73-47FCB2F07481}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
    Task: {F63FF410-4E8B-48C8-AB33-05F425ED82F8} - System32\Tasks\{268A3B25-2134-4438-8224-B5F7C756505E} => pcalua.exe -a D:\TW08_inst.exe -d D:\
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2015-11-04 20:02 - 2016-10-07 05:07 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    2016-11-28 10:16 - 2016-11-28 10:16 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
    2017-02-10 14:01 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
    2017-02-10 14:01 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 19:34 - 2015-05-21 07:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Donna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PC Stitch.lnk => C:\Windows\pss\PC Stitch.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\David Salter\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16 /CMPID=0214c
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    MSCONFIG\startupreg: NPSStartup => 
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{B591E1CD-B63D-4A9C-A2E0-E61E19069CE9}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
    FirewallRules: [TCP Query User{5185CBBC-B777-4D20-9426-CEC3443AEC56}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{83FE669B-9257-4134-9CA0-18E5CCD40281}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{9CC7721A-9468-4997-8AC9-4C6C0D125B1E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    FirewallRules: [{D0B968B3-1F36-432A-8875-AAE815DB1E57}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    FirewallRules: [{ED7F4B37-9B17-4C7A-BEF3-7FEF1E49ADB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3567C20D-95DD-469D-B7E9-34C14A36C8FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{460BD3FD-6F17-4208-85C9-1D2EA33F8784}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{50BC1494-936E-451F-9B39-8FEE49E37B8D}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{B49C379D-CBE0-4569-A710-3903199B8A64}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FA93C595-95CA-43F7-94C9-F35226ECC686}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{9E588E6E-A612-4679-98FE-AF8BF2F3ECAE}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{B539E71B-AE39-4AFD-9602-2E56C066CB51}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{CF2A0CAF-58F6-4243-8F1D-64D54729597B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6D1C639E-660F-40A2-87DC-02AF9CADF681}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{3E74B4CD-9D89-46DE-B2D3-16ED5D6FB2C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D1DDCCF3-F5EE-4843-9348-3CEF2969786F}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D09FC1CF-C58B-468B-BBF7-8B4C63FEAC73}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A4353E21-F530-4E12-A88B-9ED70AB8DBAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{C03F8560-928E-4330-BE09-6E91A4A54AAF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{273A45F4-A6CD-418B-9D49-932E2D2803F5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{0F5B7183-FAAD-4A7D-896C-11E8FB3E31C7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{05C0954E-4552-40A4-93F0-38B7A43AB940}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{234C183C-FBCC-4F54-BCC0-45822A3C13F7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{E1C1A209-E8C3-4383-8A69-319776F03753}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{12543FE9-1D4D-42FF-A84E-26B7D046E6A5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{51528EB7-1B02-4EB9-A55A-E9A3B3C5DC5C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{D7678B66-FA57-4363-9C69-BEA5154AD824}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{1B26226D-E8F3-4730-9BBC-80B5467E6C2D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
     
    ==================== Restore Points =========================
     
    03-03-2017 16:22:48 Windows Update
    09-03-2017 15:36:33 Windows Update
    17-03-2017 05:02:47 Scheduled Checkpoint
    21-03-2017 05:02:02 Windows Update
    27-03-2017 12:26:44 Windows Update
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/29/2017 03:27:20 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/28/2017 03:49:21 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/27/2017 04:11:05 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/26/2017 04:28:11 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/25/2017 03:52:08 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/24/2017 03:55:36 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/23/2017 03:20:21 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/22/2017 03:01:42 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
    Error: (03/21/2017 05:13:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
    Error: (03/21/2017 03:32:24 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
     
     
    System errors:
    =============
    Error: (03/22/2017 01:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The vToolbarUpdater40.3.6 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/21/2017 05:13:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/21/2017 05:13:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/21/2017 05:13:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.
     
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126
     
    Error: (03/21/2017 05:10:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/13/2017 11:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The vToolbarUpdater40.3.6 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/12/2017 03:32:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/12/2017 03:32:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/12/2017 03:32:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.
     
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126
     
    Error: (03/12/2017 03:32:45 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:50:09 PM on ‎3/‎12/‎2017 was unexpected.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A6-5400K APU with Radeon™ HD Graphics 
    Percentage of memory in use: 29%
    Total physical RAM: 7364.72 MB
    Available physical RAM: 5187.75 MB
    Total Virtual: 14727.63 MB
    Available Virtual: 12582.64 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:931.41 GB) (Free:821.27 GB) NTFS
    Drive d: (TW08) (CDROM) (Total:2.04 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 514949C7)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================
     
     
     
     
     
    I will send the last scan you requested a little later today..
    thank you for your help in the situation....I'm really not physically up to starting from scratch on this machine if there isn't a way around this problem./

    • 0

    #5
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP
    Doesn't look too bad.
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 8 Update 25
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    Also uninstall ESET Online Scanner v3  as it is not working correctly.  
     
    Search for
    msconfig
    Hit Enter.
     
    Under Startup please check everything that you have unchecked.  OK.  Don't reboot yet.
     
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    Attached File  fixlist.txt   2.84KB   23 downloads
    Run FRST and press Fix
    A fix log will be generated please post that 
    (PC will reboot in the process)
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #6
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    this is last scan requested and it did come up with fix

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2017-03-29 08:06:27
    -----------------------------
    08:06:27.201    OS Version: Windows x64 6.1.7601 Service Pack 1
    08:06:27.201    Number of processors: 2 586 0x1001
    08:06:27.201    ComputerName: DAVIDSALTER-PC  UserName: David Salter
    08:06:30.087    Initialize success
    08:06:30.087    VM: initialized successfully
    08:06:30.087    VM: Amd CPU supported 
    08:10:09.229    AVAST engine defs: 17030301
    08:10:32.179    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
    08:10:32.194    Disk 0 Vendor: WDC_WD10 03.0 Size: 953869MB BusType: 11
    08:10:32.288    Disk 0 MBR read successfully
    08:10:32.288    Disk 0 MBR scan
    08:10:32.303    Disk 0 Windows 7 default MBR code
    08:10:32.303    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
    08:10:32.319    Disk 0 default boot code
    08:10:32.350    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       953767 MB offset 206848
    08:10:32.366    Disk 0 scanning C:\Windows\system32\drivers
    08:10:39.776    Service scanning
    08:10:55.254    Modules scanning
    08:10:55.270    Disk 0 trace - called modules:
    08:10:55.285    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
    08:10:55.285    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007684060]
    08:10:55.301    3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8007356ac0]
    08:10:55.301    5 amd_xata.sys[fffff8800114bd00] -> nt!IofCallDriver -> \Device\00000060[0xfffffa800721f410]
    08:10:57.407    AVAST engine scan C:\
    10:13:58.875    Disk 0 statistics 32202114/0/0 @ 2.64 MB/s
    10:13:58.891    Scan finished successfully
    10:56:36.584    Disk 0 MBR has been saved successfully to "C:\Users\David Salter\Desktop\MBR.dat"
    10:56:36.599    The log file has been saved successfully to "C:\Users\David Salter\Desktop\aswMBR.txt"

    • 0

    #7
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    this is last scan requested and it did come up with fix

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2017-03-29 08:06:27
    -----------------------------
    08:06:27.201    OS Version: Windows x64 6.1.7601 Service Pack 1
    08:06:27.201    Number of processors: 2 586 0x1001
    08:06:27.201    ComputerName: DAVIDSALTER-PC  UserName: David Salter
    08:06:30.087    Initialize success
    08:06:30.087    VM: initialized successfully
    08:06:30.087    VM: Amd CPU supported 
    08:10:09.229    AVAST engine defs: 17030301
    08:10:32.179    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
    08:10:32.194    Disk 0 Vendor: WDC_WD10 03.0 Size: 953869MB BusType: 11
    08:10:32.288    Disk 0 MBR read successfully
    08:10:32.288    Disk 0 MBR scan
    08:10:32.303    Disk 0 Windows 7 default MBR code
    08:10:32.303    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
    08:10:32.319    Disk 0 default boot code
    08:10:32.350    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       953767 MB offset 206848
    08:10:32.366    Disk 0 scanning C:\Windows\system32\drivers
    08:10:39.776    Service scanning
    08:10:55.254    Modules scanning
    08:10:55.270    Disk 0 trace - called modules:
    08:10:55.285    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
    08:10:55.285    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007684060]
    08:10:55.301    3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8007356ac0]
    08:10:55.301    5 amd_xata.sys[fffff8800114bd00] -> nt!IofCallDriver -> \Device\00000060[0xfffffa800721f410]
    08:10:57.407    AVAST engine scan C:\
    10:13:58.875    Disk 0 statistics 32202114/0/0 @ 2.64 MB/s
    10:13:58.891    Scan finished successfully
    10:56:36.584    Disk 0 MBR has been saved successfully to "C:\Users\David Salter\Desktop\MBR.dat"
    10:56:36.599    The log file has been saved successfully to "C:\Users\David Salter\Desktop\aswMBR.txt"

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    aswMBR didn't find anything interesting.  That's a good thing.


    • 0

    #9
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    Ok sorry one stupid question...there are already addition and FRST logs from first scan on desktop.....am I deleting them after running fix and before running FRST again?


    • 0

    #10
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts
    Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by David Salter (31-03-2017 13:41:51) Run:4
    Running from C:\Users\David Salter\Desktop
    Loaded Profiles: David Salter & Donna (Available Profiles: David Salter & Donna)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-10-07]
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] 
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll [No File]
    CHR NewTab: Default ->  Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html"
    Task: {7740263B-4F8D-454F-807E-D4954B0E9038} - System32\Tasks\{DA237C39-3DCC-416C-A1FB-AF45AD608A2A} => pcalua.exe -a C:\Users\Donna\Desktop\RecipeMaster_Install.exe -d C:\Users\Donna\Desktop
    Task: {7CF20AA0-7F1B-4A2C-A7C1-F4E00FAF8F6A} - System32\Tasks\{A46260D0-AAA0-4108-BAB1-EB91E01CC0B2} => pcalua.exe -a C:\Users\Donna\Downloads\RecipeToGo\setup.exe -d C:\Users\Donna\Downloads\RecipeToGo
    Task: {B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe 
    Task: {F5821A6F-F266-45C2-81AF-FFFE07E983BC} - System32\Tasks\{5DFE0486-73CE-4379-B5AF-02FF23977228} => pcalua.exe -a C:\Users\Donna\AppData\Local\Temp\{FD4AC1DB-A979-4B87-8D73-47FCB2F07481}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
    Task: {F63FF410-4E8B-48C8-AB33-05F425ED82F8} - System32\Tasks\{268A3B25-2134-4438-8224-B5F7C756505E} => pcalua.exe -a D:\TW08_inst.exe -d D:\
    Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe 
    Shortcut: C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
    EmptyTemp:
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************
     
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39d3fbda-7b0d-11e3-a71a-806e6f6e6963} => key removed successfully
    HKCR\CLSID\{39d3fbda-7b0d-11e3-a71a-806e6f6e6963} => key not found. 
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39d3fbda-7b0d-11e3-a71a-806e6f6e6963} => key removed successfully
    HKCR\CLSID\{39d3fbda-7b0d-11e3-a71a-806e6f6e6963} => key not found. 
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
    C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\Software\MozillaPlugins\iMeshPlugin => key removed successfully
    C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll => not found.
    Chrome NewTab => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7740263B-4F8D-454F-807E-D4954B0E9038} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7740263B-4F8D-454F-807E-D4954B0E9038} => key removed successfully
    C:\Windows\System32\Tasks\{DA237C39-3DCC-416C-A1FB-AF45AD608A2A} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA237C39-3DCC-416C-A1FB-AF45AD608A2A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CF20AA0-7F1B-4A2C-A7C1-F4E00FAF8F6A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CF20AA0-7F1B-4A2C-A7C1-F4E00FAF8F6A} => key removed successfully
    C:\Windows\System32\Tasks\{A46260D0-AAA0-4108-BAB1-EB91E01CC0B2} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A46260D0-AAA0-4108-BAB1-EB91E01CC0B2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} => key removed successfully
    C:\Windows\System32\Tasks\AutoKMS => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5821A6F-F266-45C2-81AF-FFFE07E983BC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5821A6F-F266-45C2-81AF-FFFE07E983BC} => key removed successfully
    C:\Windows\System32\Tasks\{5DFE0486-73CE-4379-B5AF-02FF23977228} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DFE0486-73CE-4379-B5AF-02FF23977228} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F63FF410-4E8B-48C8-AB33-05F425ED82F8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F63FF410-4E8B-48C8-AB33-05F425ED82F8} => key removed successfully
    C:\Windows\System32\Tasks\{268A3B25-2134-4438-8224-B5F7C756505E} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{268A3B25-2134-4438-8224-B5F7C756505E} => key removed successfully
    C:\Windows\Tasks\AutoKMS.job => moved successfully
    C:\Windows\Tasks\HP Photo Creations Communicator.job => moved successfully
    C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk => moved successfully
     
    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
     
     
    ========= End of CMD: =========
     
     
    =========== EmptyTemp: ==========
     
    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71108166 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 52270885 B
    Firefox => 23060964 B
    Opera => 0 B
     
    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 128 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 67286 B
    David Salter => 73145 B
    Donna => 61949299 B
     
    RecycleBin => 0 B
    EmptyTemp: => 206.9 MB temporary data Removed.
     
    ================================
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 13:42:14 ====

    • 0

    Advertisements


    #11
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    new addition log: 

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by David Salter (31-03-2017 13:52:45)
    Running from C:\Users\David Salter\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2014-01-09 22:06:49)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-306836380-3015734-3570109687-500 - Administrator - Disabled)
    David Salter (S-1-5-21-306836380-3015734-3570109687-1000 - Administrator - Enabled) => C:\Users\David Salter
    Donna (S-1-5-21-306836380-3015734-3570109687-1003 - Administrator - Enabled) => C:\Users\Donna
    Guest (S-1-5-21-306836380-3015734-3570109687-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-306836380-3015734-3570109687-1002 - Limited - Enabled)
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Ancient Quest of Saqqarah (HKLM-x32\...\Ancient Quest of Saqqarah/EN/ES/FR-English_is1) (Version:  - City Interactive)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
    AVG (Version: 16.151.8012 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
    Awakening 2  Moonfell Wood 1.00 (HKLM-x32\...\Awakening 2  Moonfell Wood 1.00) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
    Dungeon Lords (HKLM-x32\...\{F41D7749-D973-42E7-BD80-64309766C39E}) (Version: 1.50.0 - DreamCatcher Interactive, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Hidden Mysteries Salem Secrets 1.00 (HKLM-x32\...\Hidden Mysteries Salem Secrets 1.00) (Version:  - )
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    ISO to USB version 1.0 (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: 1.0 - isotousb.com)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Moraff's MahJongg 2005 Luxury Edition (HKLM-x32\...\setup_is1) (Version:  - MoraffWare)
    Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
    NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
    Paradise Quest 1.00 (HKLM-x32\...\Paradise Quest 1.00) (Version:  - )
    PCStitch Pro 9 (HKLM-x32\...\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}) (Version: 9.01.11 - M&R Technologies, Inc.)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
    PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
    Reincarnations Awakening 1.00 (HKLM-x32\...\Reincarnations Awakening 1.00) (Version:  - )
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The 'Jongg CDs - Additional Tilesets (HKLM-x32\...\tilesets_is1) (Version:  - MoraffWare)
    The Serpent of Isis 1.00 (HKLM-x32\...\The Serpent of Isis 1.00) (Version:  - )
    Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
    Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
    Unity Web Player (HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {291AD49A-9B6B-48D6-9E68-DDF650F7D04A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {3CC7440A-175F-4383-B163-13330CC253B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
    Task: {48673C3D-FB12-46E2-815E-780ED8A78075} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {8B9D12A0-F9F4-4DCC-A1BC-D32B8D51C17A} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
    Task: {A8040B01-49FB-4EBA-9C57-F1B6CCFA351E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
    Task: {C5BE8C7B-793A-4332-BD97-E7632BBCFF25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {D65A09D2-C198-4274-B57C-E58EDECF1659} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-12] ()
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2015-11-04 20:02 - 2016-10-07 05:07 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    2014-02-22 18:34 - 2004-07-26 18:11 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
    2016-11-28 10:16 - 2016-11-28 10:16 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 19:34 - 2015-05-21 07:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{B591E1CD-B63D-4A9C-A2E0-E61E19069CE9}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
    FirewallRules: [TCP Query User{5185CBBC-B777-4D20-9426-CEC3443AEC56}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{83FE669B-9257-4134-9CA0-18E5CCD40281}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{9CC7721A-9468-4997-8AC9-4C6C0D125B1E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    FirewallRules: [{D0B968B3-1F36-432A-8875-AAE815DB1E57}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
    FirewallRules: [{ED7F4B37-9B17-4C7A-BEF3-7FEF1E49ADB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3567C20D-95DD-469D-B7E9-34C14A36C8FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{460BD3FD-6F17-4208-85C9-1D2EA33F8784}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{50BC1494-936E-451F-9B39-8FEE49E37B8D}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{B49C379D-CBE0-4569-A710-3903199B8A64}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FA93C595-95CA-43F7-94C9-F35226ECC686}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{9E588E6E-A612-4679-98FE-AF8BF2F3ECAE}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{B539E71B-AE39-4AFD-9602-2E56C066CB51}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{CF2A0CAF-58F6-4243-8F1D-64D54729597B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6D1C639E-660F-40A2-87DC-02AF9CADF681}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{3E74B4CD-9D89-46DE-B2D3-16ED5D6FB2C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D1DDCCF3-F5EE-4843-9348-3CEF2969786F}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D09FC1CF-C58B-468B-BBF7-8B4C63FEAC73}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A4353E21-F530-4E12-A88B-9ED70AB8DBAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{C03F8560-928E-4330-BE09-6E91A4A54AAF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{273A45F4-A6CD-418B-9D49-932E2D2803F5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{0F5B7183-FAAD-4A7D-896C-11E8FB3E31C7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{05C0954E-4552-40A4-93F0-38B7A43AB940}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{234C183C-FBCC-4F54-BCC0-45822A3C13F7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{E1C1A209-E8C3-4383-8A69-319776F03753}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
    FirewallRules: [{12543FE9-1D4D-42FF-A84E-26B7D046E6A5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{51528EB7-1B02-4EB9-A55A-E9A3B3C5DC5C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{D7678B66-FA57-4363-9C69-BEA5154AD824}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{1B26226D-E8F3-4730-9BBC-80B5467E6C2D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
     
    ==================== Restore Points =========================
     
    09-03-2017 15:36:33 Windows Update
    17-03-2017 05:02:47 Scheduled Checkpoint
    21-03-2017 05:02:02 Windows Update
    27-03-2017 12:26:44 Windows Update
    31-03-2017 13:25:03 Windows Update
    31-03-2017 13:46:31 Removed Java 8 Update 25
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/31/2017 01:45:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
     
    System errors:
    =============
    Error: (03/31/2017 01:44:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The vToolbarUpdater40.3.6 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/31/2017 01:43:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/31/2017 01:43:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
    Error: (03/31/2017 01:43:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.
     
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126
     
    Error: (03/31/2017 01:42:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
    Access is denied.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A6-5400K APU with Radeon™ HD Graphics 
    Percentage of memory in use: 33%
    Total physical RAM: 7364.72 MB
    Available physical RAM: 4875.93 MB
    Total Virtual: 14727.63 MB
    Available Virtual: 12474.19 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:931.41 GB) (Free:823.1 GB) NTFS
    Drive d: (TW08) (CDROM) (Total:2.04 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 514949C7)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #12
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    New Frst log:

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by David Salter (administrator) on DAVIDSALTER-PC (31-03-2017 13:51:44)
    Running from C:\Users\David Salter\Desktop
    Loaded Profiles: David Salter & Donna (Available Profiles: David Salter & Donna)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
    HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
    HKLM-x32\...\Run: [NPSStartup] => [X]
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-06-02] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1571504 2016-06-02] (Samsung)
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\David Salter\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16 /CMPID=0214c
    HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-01-27]
    ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (No File)
    Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2017-03-19]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC Stitch.lnk [2015-04-23]
    ShortcutTarget: PC Stitch.lnk -> C:\ProgramData\{c30b3072-3dbd-315e-c30b-b30723dbc1c8}\PC Stitch.exe (No File)
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{DEEDC928-EEC6-4D3D-B02D-AE2A38095361}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E0B8131A-07A6-4117-948B-46763AE840E6}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKU\S-1-5-21-306836380-3015734-3570109687-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={60ED2CFE-39B0-4E63-B691-7A7A407A742C}&mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-04 19:02:55&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-07] (AVG)
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default [2017-03-31]
    FF Homepage: Mozilla\Firefox\Profiles\60ew1kf0.default -> hxxps://ca.yahoo.com/
    FF Keyword.URL: Mozilla\Firefox\Profiles\60ew1kf0.default -> 
    FF Extension: (Garmin Communicator) - C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-09-26] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David Salter\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://ca.yahoo.ca/
    CHR StartupUrls: Default -> "hxxps://ca.yahoo.com/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
    CHR Extension: (YouTube) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (OnlineMapFinder) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-03-30]
    CHR Extension: (Google Search) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
    CHR Extension: (Gmail) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-03-23] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-03-23] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-03-23] (AVG Technologies CZ, s.r.o.)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
    S2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-07] (AVG Secure Search)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-07] ()
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-31 13:51 - 2017-03-31 13:52 - 00013841 _____ C:\Users\David Salter\Desktop\FRST.txt
    2017-03-29 07:47 - 2017-03-29 07:47 - 02424832 _____ (Farbar) C:\Users\David Salter\Desktop\FRST64.exe
    2017-03-21 05:01 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-03-21 05:01 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-03-21 05:01 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-03-21 05:01 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-03-21 05:01 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-03-21 05:01 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-03-21 05:01 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-03-21 05:01 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-03-21 05:01 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-03-21 05:01 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-03-21 05:01 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-03-21 05:01 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-03-21 05:01 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-03-21 05:01 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-03-21 05:01 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-03-21 05:01 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-03-21 05:01 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-03-21 05:01 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-03-21 05:01 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-03-21 05:01 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-03-21 05:01 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-03-21 05:01 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-03-21 05:01 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-03-21 05:01 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-03-21 05:01 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-03-21 05:01 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-03-21 05:01 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-03-21 05:01 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-03-21 05:01 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-03-21 05:01 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-03-21 05:01 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-03-21 05:01 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-03-21 05:01 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-03-21 05:01 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-03-21 05:01 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-03-21 05:01 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-03-21 05:01 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-03-21 05:01 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-03-21 05:01 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-03-21 05:01 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-03-21 05:01 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-03-21 05:01 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-03-21 05:01 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-03-21 05:01 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-03-21 05:01 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-03-21 05:01 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-03-21 05:01 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-03-21 05:01 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-03-21 05:01 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-03-21 05:01 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-03-21 05:01 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-03-21 05:01 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-03-21 05:01 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-03-21 05:01 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-03-21 05:01 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-03-21 05:01 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-03-21 05:01 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-03-21 05:01 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-03-21 05:01 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-03-21 05:01 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-03-21 05:01 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-03-21 05:01 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-03-21 05:01 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-03-21 05:01 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-03-21 05:01 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-03-21 05:01 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-03-21 05:01 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-03-21 05:01 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-03-21 05:01 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-03-21 05:01 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-03-21 05:01 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-03-21 05:01 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-03-21 05:01 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-03-21 05:01 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-03-21 05:01 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-03-21 05:01 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-03-21 05:01 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-03-21 05:01 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-03-21 05:01 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-03-21 05:01 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-03-21 05:01 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-03-21 05:01 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-03-21 05:01 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-03-21 05:01 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-03-21 05:01 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-03-21 05:01 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-03-21 05:01 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-03-21 05:01 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-03-21 05:01 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-03-21 05:01 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-03-21 05:01 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-03-21 05:01 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-03-21 05:01 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-03-21 05:01 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
    2017-03-21 05:01 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-03-21 05:01 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-03-21 05:01 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-03-21 05:01 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-03-21 05:01 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-03-21 05:01 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-03-21 05:01 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-03-21 05:01 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-03-21 05:01 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-03-21 05:01 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-03-21 05:01 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-03-21 05:01 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-03-21 05:01 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2017-03-21 05:01 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2017-03-21 05:01 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2017-03-21 05:01 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2017-03-21 05:01 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-03-21 05:01 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-03-09 15:58 - 2017-03-09 15:58 - 00002150 _____ C:\Users\David Salter\Documents\datemodified‎2-‎24-‎2017.search-ms
    2017-03-09 15:36 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-03-09 15:36 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-03-09 15:36 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-03-09 15:36 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-03-09 15:36 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-31 13:51 - 2014-08-12 09:44 - 00000000 ____D C:\FRST
    2017-03-31 13:51 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-31 13:51 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-31 13:49 - 2009-07-13 22:13 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-31 13:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-03-31 13:48 - 2014-01-11 15:05 - 00000000 ____D C:\Windows\system32\appmgmt
    2017-03-31 13:43 - 2016-07-26 09:30 - 00000000 ____D C:\ProgramData\Foxit Software
    2017-03-31 13:43 - 2014-01-09 18:31 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-31 13:43 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-31 13:40 - 2015-10-14 21:05 - 00000000 ____D C:\Windows\pss
    2017-03-31 13:36 - 2016-10-15 23:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-03-30 13:26 - 2016-10-15 23:03 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2017-03-30 13:26 - 2016-10-15 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-03-21 15:23 - 2014-01-10 21:29 - 00002816 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-03-21 05:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-03-21 05:13 - 2009-07-13 21:45 - 00438384 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-03-21 05:10 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
    2017-03-21 05:05 - 2014-01-09 15:42 - 00000000 ____D C:\Windows\system32\MRT
    2017-03-21 05:04 - 2014-01-09 15:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-03-21 05:03 - 2014-10-16 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-14 18:20 - 2015-01-13 17:31 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-03-14 18:20 - 2014-01-10 21:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-14 18:20 - 2014-01-10 21:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ____D C:\Windows\system32\appraiser
     
    ==================== Files in the root of some directories =======
     
    2010-05-02 17:31 - 2010-05-02 17:31 - 4952064 _____ (M&R Technologies, Inc.) C:\Program Files (x86)\PCStitch 9.exe
    2014-01-29 19:47 - 2014-01-29 19:47 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-12-24 10:44 - 2016-12-24 10:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-03-24 03:32
     
    ==================== End of FRST.txt ============================

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    One more fix list to get some deadwood:

     

    Attached File  fixlist.txt   692bytes   18 downloads

     

    It shouldn't  need to reboot.

     

    How is it running now?

     

     

     

     

     

     


    • 0

    #14
    dolface755

    dolface755

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    it seems to be running fine..like I said I was just worried that he had let that person that said they were from Microsoft in the back door...that maybe they had left something behind to steal info from him......I'm running the updated Windows 7 with their "firewall" settings but I've never really trusted them and I'm not sure if there is even a free option other than them....I will run the fix and send you that completed log....

    thank you so much for your help


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    I don't see anything ugly on your PC.  I would change all passwords that you use including those on online sites.  

     

    You might try tiny firewall:

     

    https://tinywall.pados.hu/

     

    I think we can cleanup now:

     

    Time to clean up:
     
    To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
    
    DeleteQuarantine:
     
    Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
     
    If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP