Ok done the delete and tried installing the tinyfirewall but theres a little much in there for me to go through right now....it says I have to go through each individual program to allow it to run properly....not a problem its downloaded I just have to go through the work of doing that....the chrome stuff is done since it's the only browser he uses with all the adobe, foxit, and all other updates done.....I'm working on the router password change right now...something I've never done with this company apparently it's a major en devour....thank you so much for your help...I really wasn't looking forward to having to format and reload everything onto this machine.....
Hacked
#16
Posted 04 April 2017 - 01:14 PM
#17
Posted 06 April 2017 - 11:01 AM
I wanted to thank you very much for all your help with this matter. I do however, have another question. I found out last night that my mother-in-law just got caught up in this same scam and the person involved hacked her banks and Facebook and everything else on her computer. I spent most of the night trying to scan and do alot of the changed. What I'm wondering is I need help with the logs...should I start a new thread or could you help me if I just add the scans here
#18
Posted 06 April 2017 - 01:36 PM
Go ahead and post your new logs here.
#19
Posted 07 April 2017 - 03:21 PM
Thank you so much.....she's just terrified to even turn the computer on now
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by owner (administrator) on OWNER-PC (05-04-2017 22:15:28)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{A62386F5-DD0F-4F00-8701-C86EB6D9910A}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{BBB3682C-3B8C-4B56-BDD6-A894846E1AAA}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {E830349A-E36E-4059-B46D-B67DA07D86B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-17] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 [2017-04-05]
FF Homepage: Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 -> www.yahoo.ca
FF Extension: (Adblock Plus) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-12] [not signed]
FF HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009-12-25] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-04-02] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-05] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-05] (Malwarebytes)
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
S3 cpuz134; \??\C:\Users\owner\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 22:15 - 2017-04-05 22:15 - 00015010 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-05 22:15 - 2017-04-05 22:15 - 00000000 ____D C:\FRST
2017-04-05 22:13 - 2017-04-05 22:13 - 05200384 _____ (AVAST Software) C:\Users\owner\Desktop\aswmbr.exe
2017-04-05 22:12 - 2017-04-05 22:12 - 02424832 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-05 21:45 - 2017-04-05 21:45 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-05 21:44 - 2017-04-05 21:44 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-05 21:44 - 2017-04-05 21:44 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-05 21:41 - 2017-04-05 21:41 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-05 21:41 - 2017-04-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-05 21:39 - 2017-04-05 21:39 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-05 21:30 - 2017-04-05 21:30 - 09274608 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup528.exe
2017-04-05 21:11 - 2017-04-05 22:05 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-05 21:11 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-05 21:03 - 2017-04-05 21:04 - 59272008 _____ (Malwarebytes ) C:\Users\owner\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-05 21:01 - 2017-04-05 21:01 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\owner\Downloads\AVG_Protection_Free_1606.exe
2017-04-05 20:03 - 2017-04-05 20:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\Sun
2017-04-05 20:02 - 2017-04-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-05 20:02 - 2017-04-05 20:02 - 00000000 ____D C:\ProgramData\Oracle
2017-04-05 19:54 - 2017-04-05 19:54 - 10619364 _____ C:\Users\owner\Downloads\CryptoPreventSetupV8.zip
2017-04-05 19:54 - 2017-04-05 19:54 - 00766994 _____ C:\Users\owner\Downloads\speedyfox.zip
2017-04-05 19:33 - 2017-04-05 19:33 - 00000870 _____ C:\Users\owner\Documents\startup.txt
2017-04-05 09:26 - 2017-04-05 09:26 - 00000000 ____D C:\Users\owner\AppData\Roaming\AnyDesk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-05 21:57 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-05 21:57 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-05 21:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-05 21:56 - 2011-08-12 15:42 - 00000000 ____D C:\Registry backup
2017-04-05 21:54 - 2011-01-26 14:46 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-05 21:53 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 21:49 - 2014-12-25 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-05 21:49 - 2014-11-16 14:45 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\Program Files\CCleaner
2017-04-05 21:49 - 2011-07-08 17:41 - 00000000 ____D C:\Program Files (x86)\Valusoft
2017-04-05 21:49 - 2009-12-24 23:23 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-05 21:49 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-05 21:48 - 2011-07-08 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valusoft
2017-04-05 21:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-04-05 21:46 - 2015-11-10 11:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\AVG
2017-04-05 21:45 - 2015-11-10 11:35 - 00000000 ____D C:\ProgramData\Avg
2017-04-05 21:42 - 2015-05-30 18:43 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-05 21:41 - 2015-11-10 11:33 - 00000000 ____D C:\Users\owner\AppData\Local\AvgSetupLog
2017-04-05 21:33 - 2009-07-13 21:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 21:26 - 2016-11-16 20:38 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla
2017-04-05 21:25 - 2009-12-18 14:19 - 00000000 ____D C:\Users\owner
2017-04-05 21:11 - 2011-08-12 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-05 21:09 - 2009-12-18 13:46 - 00058400 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 21:03 - 2011-03-18 18:57 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 20:59 - 2015-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2017-04-05 20:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-05 19:31 - 2016-12-13 17:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\TeamViewer
2017-04-05 19:15 - 2017-01-01 18:02 - 00000527 _____ C:\Users\owner\Desktop\Facebook.website
2017-04-04 21:21 - 2009-12-18 13:25 - 00523432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-31 22:20 - 2012-12-03 11:17 - 00002261 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2017-03-15 19:51 - 2009-07-13 22:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Roaming\9109
2014-04-15 22:25 - 2014-04-15 22:25 - 0000318 _____ () C:\Users\owner\AppData\Roaming\aps.uninstall.scan.results
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Local\8237
2010-12-25 14:01 - 2015-01-01 08:52 - 0005632 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 09:42 - 2015-06-19 09:42 - 0000000 _____ () C:\Users\owner\AppData\Local\{EF8E88AE-72D4-49D5-8AB1-263B7B3276F3}
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\1303
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8286
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8712
2009-12-24 23:23 - 2017-04-05 20:04 - 0002961 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\owner\jagex_runescape_preferences.dat
C:\Users\owner\jagex_runescape_preferences2.dat
C:\Users\owner\jagex__preferences3.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-03 00:30
==================== End of FRST.txt ============================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by owner (05-04-2017 22:16:26)
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-18 21:19:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2959822069-1377736154-2048073183-500 - Administrator - Disabled)
Guest (S-1-5-21-2959822069-1377736154-2048073183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2959822069-1377736154-2048073183-1002 - Limited - Enabled)
owner (S-1-5-21-2959822069-1377736154-2048073183-1000 - Administrator - Enabled) => C:\Users\owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
18 Wheels of Steel - Across America (HKLM-x32\...\18 Wheels of Steel - Across America) (Version: - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IncrediMail (x32 Version: 6.1.4.4685 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.1.4.4685 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
magicJack (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoMail Maker (HKLM-x32\...\PhotoMail) (Version: 6.0.0.1007 - IncrediMail Ltd.)
PhotoMail Maker (x32 Version: 6.0.0.1007 - IncrediMail) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FCB6017-7632-4DCD-92C7-764799C4D3B0} - System32\Tasks\{8663AC7D-024B-469E-9D9C-DB97E9E96C99} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {109E0171-FD70-40AE-97E4-3589AD20C647} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e90f64e60d7c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {168E5173-0A63-4BF1-AA8A-881F42B4BCA8} - System32\Tasks\{E1C142D3-0445-4CB6-A417-5F29CA56CF08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {24164C60-BD28-4955-9294-0EECC2729D42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {343FD46A-9284-4056-A237-A6C361287BAA} - \DTReg -> No File <==== ATTENTION
Task: {3452D0D6-BFB8-40EC-96C2-25AB1D22DB26} - System32\Tasks\{28CA1068-AD03-4ECE-8397-C58EF0A77C31} => pcalua.exe -a C:\Users\owner\Downloads\pse_350_enu.exe -d C:\Users\owner\Downloads
Task: {36764B3A-228A-42B4-837B-228B902CDA83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3F2517BF-FDB7-4710-AD54-F2669313B8B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {3F95ED2F-0003-4EC8-97BE-6ED10F55E93E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e90f65a1bc6e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {45252C08-3FF9-46C9-A059-E967850E13DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {488689F8-9595-4E63-BA01-9D27B6AC653D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5FB8FC66-CFE8-41AD-8E18-4CF226165944} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6A746BE5-C925-4CCD-ACED-4C5057638930} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {84023080-9B54-4DB6-8EA1-CC98CDCE119D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2959822069-1377736154-2048073183-1000
Task: {8BC215C6-80FC-413C-8109-5E0D24655866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C8867D8-96FA-4196-BC09-BDC997F4A6A6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {8F58478C-8669-4817-B66A-354A3E9C955D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {8FF87254-6364-4C13-88FA-40BCB0C9E24A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-05] (AVG Technologies CZ, s.r.o.)
Task: {9A85F727-6583-461C-9D71-48479AC6AC7D} - \eFix Reminder -> No File <==== ATTENTION
Task: {9A876989-567C-4458-8D09-F3C5372F3C41} - System32\Tasks\{BB9B192F-C1CB-4530-ABD0-D4C26AFF8DDF} => pcalua.exe -a "C:\Users\owner\Downloads\Firefox Setup 3.5.6.exe" -d C:\Users\owner\Desktop
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B02F401C-BBBF-47E8-908A-CC130053D8F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {B0E0A746-4EAF-44B6-9BCA-6AE2E759596C} - System32\Tasks\{AD5629E7-933B-4F71-8000-66756B4BF6A3} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C07769BC-9EC3-4E75-A71D-4124CA029E90} - System32\Tasks\{A86D5F52-AFC1-42F8-9D7B-65891E6DB17D} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C150783C-9F30-4237-ABA2-97BD9C5A45E1} - System32\Tasks\{2262C318-5803-4CE3-956E-FC53261DB2D1} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DFD5D05A-66EF-4F8A-8E02-07B2B5440057} - System32\Tasks\{58DCD2AC-561C-48D8-946B-0E5B53A07751} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-04-05 21:11 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-05 21:11 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-05 21:46 - 2017-04-05 21:46 - 05917184 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17040502\algo.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00231616 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-04-05 21:39 - 2017-04-05 21:38 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-04-05 21:43 - 2017-04-05 21:44 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_3friends-215113587 [2302]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{16E1A0C6-CDBD-4A58-961E-8BB2891EF866}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{70BF0703-A861-4923-99B0-3AE3B5B3F068}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3065BB1B-171F-4324-8398-4DC64F09EB17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{78512AB1-63FD-4202-864E-05BC39F57BF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{5BF3A8ED-32DC-452F-B660-B7C4AD1D77C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{B7CE2E73-BFE1-4785-9FC6-9F2D6E51109D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{99D45250-FAB3-473C-BD25-889D4C6078C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B6EC8D7D-BCD7-4149-AEE9-B148CA7076E6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0D2F1F23-E276-465E-8061-302F24CFC258}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{BB1396F1-5EF6-49E0-9980-B96315F02B5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{B3E66EAB-6566-410A-881B-53C20F907573}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C964DC88-07A8-43DE-94BA-BE040BD41E79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{96D9C359-6018-4815-A199-EDA0ACB50B31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F078691D-F5CC-49AF-B613-7FB410C54236}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E62704C4-3DC1-49C6-A3FC-5E6351CF6F84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{5C30B550-0929-4B9A-8B05-B26AFFE8DB08}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E5C15521-28DC-4408-BC83-DC5A72FE23BF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6A27687C-61C3-4AE3-89E0-08D6B1F2499A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{38F45121-22EF-4ED3-B9A8-BE9347BA76E6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{47783F37-A42E-4422-9310-66E8104D3A11}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{11EBE704-4096-42F3-8E17-41C4B7D85F45}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{88FF533D-E8FF-426F-A034-3DDD687F1CAD}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{C4031452-C863-4E8B-80A0-3B25685B3A07}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{B680F47E-F1CD-498C-82DC-159787CE78DE}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{41BA33C0-1A7E-4C18-8705-445589201EED}] => (Allow) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{28A06B2E-F845-4F11-AE7E-A8F5068925F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9A7CB8C-1F29-46AF-94AE-D1B74B438A9C}] => (Allow) LPort=2869
FirewallRules: [{AA569CCA-B27D-4A03-97E9-03082F150AEE}] => (Allow) LPort=1900
FirewallRules: [{A053DAEF-178D-4883-98C2-3A154A6F4B53}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1C7F055D-BB9D-4A2F-A7BC-1F2F905D506F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{F248002E-00EC-4A85-B0F3-1E57F0B60528}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{68BE95DC-DB7E-4A37-B55C-4E4EBE72BA7C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{A12C43C7-DB1F-4D29-AC59-82EC71A31A3F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{BB11835D-FA59-4753-AC0A-11CC35765E71}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{76043CCD-C68A-4AC0-9084-EF1C6F1C5C0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{55705D2B-3E70-403A-B452-63A6D206D6A8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{133B0E51-2A94-401C-BD76-A452CCD317FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6F20A3C-8C77-47F7-8FA6-CBF9BAE9B557}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54CFDB46-3967-459A-BABC-232885A73B23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{654C9C51-A471-442E-AB5C-44903D9499BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{775A7141-CCB4-428A-B1BC-E0F93B7584D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
05-03-2017 16:56:26 Windows Update
08-03-2017 18:27:30 Windows Update
11-03-2017 22:47:48 Windows Update
15-03-2017 16:48:12 Windows Update
19-03-2017 07:13:13 Windows Update
23-03-2017 11:18:42 Windows Update
27-03-2017 14:41:09 Windows Update
30-03-2017 19:16:23 Windows Update
03-04-2017 05:22:35 Windows Update
05-04-2017 21:03:57 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/05/2017 09:45:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/05/2017 09:45:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (04/05/2017 09:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (04/05/2017 09:34:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (04/05/2017 08:29:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The service has not been started.
Error: (04/05/2017 08:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Event-ID 2004
Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (04/05/2017 08:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (04/05/2017 08:29:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
CodeIntegrity:
===================================
Date: 2014-04-18 19:42:51.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:42:51.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:42:50.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:42:00.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:42:00.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:41:59.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:38:36.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:38:35.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:38:35.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-04-18 19:37:48.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 4085.18 MB
Available physical RAM: 2359.93 MB
Total Virtual: 8168.54 MB
Available Virtual: 6487.38 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:451.4 GB) (Free:383.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.92 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=451.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
#20
Posted 07 April 2017 - 03:32 PM
I've also done the asw and I copied her system info because i really need to find out what everything is saving to the recovery drive
asW:
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-04-05 22:17:22
-----------------------------
22:17:22.913 OS Version: Windows x64 6.1.7601 Service Pack 1
22:17:22.913 Number of processors: 2 586 0x170A
22:17:22.913 ComputerName: OWNER-PC UserName: owner
22:17:28.592 Initialize success
22:17:28.685 VM: initialized successfully
22:17:28.685 VM: Intel CPU BiosDisabled
22:19:11.237 AVAST engine defs: 17030301
22:20:33.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:20:33.683 Disk 0 Vendor: ST3500418AS HP22 Size: 476940MB BusType: 3
22:20:33.777 Disk 0 MBR read successfully
22:20:33.777 Disk 0 MBR scan
22:20:33.793 Disk 0 Windows 7 default MBR code
22:20:33.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462230 MB offset 63
22:20:33.808 Disk 0 Boot: NTFS code=1
22:20:33.839 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 449 MB offset 946649088
22:20:33.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14256 MB offset 947570400
22:20:33.949 Disk 0 scanning C:\Windows\system32\drivers
22:20:47.177 Service scanning
22:21:09.782 Modules scanning
22:21:09.797 Disk 0 trace - called modules:
22:21:09.829 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:21:09.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004938060]
22:21:09.844 3 CLASSPNP.SYS[fffff880018be43f] -> nt!IofCallDriver -> [0xfffffa8004326e40]
22:21:09.844 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044a0060]
22:21:18.455 AVAST engine scan C:\Windows
22:21:21.310 AVAST engine scan C:\Windows\system32
22:24:57.683 AVAST engine scan C:\Windows\system32\drivers
22:25:13.095 AVAST engine scan C:\Users\owner
22:29:13.008 AVAST engine scan C:\ProgramData
22:32:38.429 Disk 0 statistics 3720267/0/0 @ 3.59 MB/s
22:32:38.461 Scan finished successfully
22:37:03.474 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
22:37:03.489 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
I went through everything I could......Deleted all the programs for some reason that someone downloaded like "anydesk" and stuff like that...I've changed passwords on the gateway and all of her programs and for now she's only doing banking and such on her tablet....
#21
Posted 07 April 2017 - 10:29 PM
I don't see anything ugly. There is some deadwood we can clear out with a fixlist:
#22
Posted 08 April 2017 - 08:46 PM
#23
Posted 08 April 2017 - 09:52 PM
rogue log:
#24
Posted 09 April 2017 - 05:24 AM
You can let Rogue Killer remove everything it found.
sfc /scannow
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt
#25
Posted 19 April 2017 - 11:57 PM
I had some issues trying to do the command prompt scan it just kept coming back with another program was already running. And I'm sorry I ran out of time before I could try again....I swear I"m gonna start charging these ppl money they I could give you take.......sorry just seemed funny for a minute.....I will run the rest of scans .so far everything looks ok on my end other than certain programs none of her family have ever heard of have started showing up. I had been deleting the ones I could, but had a question about the command scan.....can I just reboot with command prompt and bypass the Windows entirely or for this scan to work I have to use command prompt through Windows?
I also don't think it's helpful for anything that this computer was bought pretty much in the last century from a so called BIGBOX electronics store...she dosn't even have her on working copy of Windows XP which is where it started its life, then progressed to Windows Vista and the just pulled a partial upgrade to Windows 7....would you think that could be causing some of the issues ?
sory I don't mean to keep asking.....until this new stupid Microsoft hack I could take about 20 minutes and clean out the crap her children download constantly ...now have the crap is locked and not available and she has drives she doesn't know where they came from.....She is eighty so that doesn't help
I so appreciate your help with this....I feel like I"m going around in circles
I will post what you ask for after I get back there this weekend and let you know if there's anything else that has come up since my last visit
#26
Posted 20 April 2017 - 05:54 AM
If you are fixing this for somebody else at their location then it's best to install TeamViewer on it so you can log on remotely and not have to go to their house.
See: http://www.geekstogo...s/#entry2595809
I believe you can run sfc /scannow in Safe Mode
#27
Posted 20 April 2017 - 11:53 AM
yea the other problem I have....she keeps a very nice house but when it comes to her computer anyone or anything can do whatever they want on no questions asked then she phones me because something's not working any more..I'm guessing she wouldn't even know how to dust out a keyboard never mind anything else, so I thank you for that information. It would have totally flew by me
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users