Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacked

Started by dolface755 , Mar 09 2017 03:45 PM

  • Please log in to reply

#16
dolface755
Posted 04 April 2017 - 01:14 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

Ok done the delete and tried installing the tinyfirewall but theres a little much in there for me to go through right now....it says I have to go through each individual program to allow it to run properly....not a problem its downloaded I just have to go through the work of doing that....the chrome stuff is done since it's the only browser he uses with all the adobe, foxit, and all other updates done.....I'm working on the router password change right now...something I've never done with this company apparently it's a major en devour....thank you so much for your help...I really wasn't looking forward to having to format and reload everything onto this machine..... 


  • 0

Advertisements

#17
dolface755
Posted 06 April 2017 - 11:01 AM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

I wanted to thank you very much for all your help with this matter.  I do however, have another question. I found out last night that my mother-in-law just got caught up in this same scam and the person involved hacked her banks and Facebook and everything else on her computer. I spent most of the night trying to scan and do alot of the changed. What I'm wondering is I need help with the logs...should I start a new thread or could you help me if I just add the scans here


  • 0

#18
RKinner
Posted 06 April 2017 - 01:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Go ahead and post your new logs here.


  • 0

#19
dolface755
Posted 07 April 2017 - 03:21 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

Thank you so much.....she's just terrified to even turn the computer on now  

 

 

 

FRST LOG: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by owner (administrator) on OWNER-PC (05-04-2017 22:15:28)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{A62386F5-DD0F-4F00-8701-C86EB6D9910A}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{BBB3682C-3B8C-4B56-BDD6-A894846E1AAA}: [DhcpNameServer] 192.168.1.254 75.153.171.122

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {E830349A-E36E-4059-B46D-B67DA07D86B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-17] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 [2017-04-05]
FF Homepage: Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 -> www.yahoo.ca
FF Extension: (Adblock Plus) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-12] [not signed]
FF HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009-12-25] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-04-02] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-05] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-05] (Malwarebytes)
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
S3 cpuz134; \??\C:\Users\owner\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 22:15 - 2017-04-05 22:15 - 00015010 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-05 22:15 - 2017-04-05 22:15 - 00000000 ____D C:\FRST
2017-04-05 22:13 - 2017-04-05 22:13 - 05200384 _____ (AVAST Software) C:\Users\owner\Desktop\aswmbr.exe
2017-04-05 22:12 - 2017-04-05 22:12 - 02424832 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-05 21:45 - 2017-04-05 21:45 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-05 21:44 - 2017-04-05 21:44 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-05 21:44 - 2017-04-05 21:44 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-05 21:41 - 2017-04-05 21:41 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-05 21:41 - 2017-04-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-05 21:39 - 2017-04-05 21:39 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-05 21:30 - 2017-04-05 21:30 - 09274608 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup528.exe
2017-04-05 21:11 - 2017-04-05 22:05 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-05 21:11 - 2017-04-05 21:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-05 21:11 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-05 21:03 - 2017-04-05 21:04 - 59272008 _____ (Malwarebytes ) C:\Users\owner\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-05 21:01 - 2017-04-05 21:01 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\owner\Downloads\AVG_Protection_Free_1606.exe
2017-04-05 20:03 - 2017-04-05 20:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\Sun
2017-04-05 20:02 - 2017-04-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-05 20:02 - 2017-04-05 20:02 - 00000000 ____D C:\ProgramData\Oracle
2017-04-05 19:54 - 2017-04-05 19:54 - 10619364 _____ C:\Users\owner\Downloads\CryptoPreventSetupV8.zip
2017-04-05 19:54 - 2017-04-05 19:54 - 00766994 _____ C:\Users\owner\Downloads\speedyfox.zip
2017-04-05 19:33 - 2017-04-05 19:33 - 00000870 _____ C:\Users\owner\Documents\startup.txt
2017-04-05 09:26 - 2017-04-05 09:26 - 00000000 ____D C:\Users\owner\AppData\Roaming\AnyDesk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 21:57 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-05 21:57 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-05 21:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-05 21:56 - 2011-08-12 15:42 - 00000000 ____D C:\Registry backup
2017-04-05 21:54 - 2011-01-26 14:46 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-05 21:53 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 21:49 - 2014-12-25 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-05 21:49 - 2014-11-16 14:45 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\Program Files\CCleaner
2017-04-05 21:49 - 2011-07-08 17:41 - 00000000 ____D C:\Program Files (x86)\Valusoft
2017-04-05 21:49 - 2009-12-24 23:23 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-05 21:49 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-05 21:48 - 2011-07-08 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valusoft
2017-04-05 21:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-04-05 21:46 - 2015-11-10 11:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\AVG
2017-04-05 21:45 - 2015-11-10 11:35 - 00000000 ____D C:\ProgramData\Avg
2017-04-05 21:42 - 2015-05-30 18:43 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-05 21:41 - 2015-11-10 11:33 - 00000000 ____D C:\Users\owner\AppData\Local\AvgSetupLog
2017-04-05 21:33 - 2009-07-13 21:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 21:26 - 2016-11-16 20:38 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla
2017-04-05 21:25 - 2009-12-18 14:19 - 00000000 ____D C:\Users\owner
2017-04-05 21:11 - 2011-08-12 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-05 21:09 - 2009-12-18 13:46 - 00058400 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 21:03 - 2011-03-18 18:57 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 20:59 - 2015-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2017-04-05 20:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-05 19:31 - 2016-12-13 17:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\TeamViewer
2017-04-05 19:15 - 2017-01-01 18:02 - 00000527 _____ C:\Users\owner\Desktop\Facebook.website
2017-04-04 21:21 - 2009-12-18 13:25 - 00523432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-31 22:20 - 2012-12-03 11:17 - 00002261 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2017-03-15 19:51 - 2009-07-13 22:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Roaming\9109
2014-04-15 22:25 - 2014-04-15 22:25 - 0000318 _____ () C:\Users\owner\AppData\Roaming\aps.uninstall.scan.results
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Local\8237
2010-12-25 14:01 - 2015-01-01 08:52 - 0005632 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 09:42 - 2015-06-19 09:42 - 0000000 _____ () C:\Users\owner\AppData\Local\{EF8E88AE-72D4-49D5-8AB1-263B7B3276F3}
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\1303
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8286
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8712
2009-12-24 23:23 - 2017-04-05 20:04 - 0002961 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\owner\jagex_runescape_preferences.dat
C:\Users\owner\jagex_runescape_preferences2.dat
C:\Users\owner\jagex__preferences3.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 00:30

==================== End of FRST.txt ============================

 

 

 

ADDITION: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by owner (05-04-2017 22:16:26)
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-18 21:19:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2959822069-1377736154-2048073183-500 - Administrator - Disabled)
Guest (S-1-5-21-2959822069-1377736154-2048073183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2959822069-1377736154-2048073183-1002 - Limited - Enabled)
owner (S-1-5-21-2959822069-1377736154-2048073183-1000 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - Across America (HKLM-x32\...\18 Wheels of Steel - Across America) (Version: - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IncrediMail (x32 Version: 6.1.4.4685 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.1.4.4685 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
magicJack (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoMail Maker (HKLM-x32\...\PhotoMail) (Version: 6.0.0.1007 - IncrediMail Ltd.)
PhotoMail Maker (x32 Version: 6.0.0.1007 - IncrediMail) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FCB6017-7632-4DCD-92C7-764799C4D3B0} - System32\Tasks\{8663AC7D-024B-469E-9D9C-DB97E9E96C99} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {109E0171-FD70-40AE-97E4-3589AD20C647} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e90f64e60d7c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {168E5173-0A63-4BF1-AA8A-881F42B4BCA8} - System32\Tasks\{E1C142D3-0445-4CB6-A417-5F29CA56CF08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {24164C60-BD28-4955-9294-0EECC2729D42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {343FD46A-9284-4056-A237-A6C361287BAA} - \DTReg -> No File <==== ATTENTION
Task: {3452D0D6-BFB8-40EC-96C2-25AB1D22DB26} - System32\Tasks\{28CA1068-AD03-4ECE-8397-C58EF0A77C31} => pcalua.exe -a C:\Users\owner\Downloads\pse_350_enu.exe -d C:\Users\owner\Downloads
Task: {36764B3A-228A-42B4-837B-228B902CDA83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3F2517BF-FDB7-4710-AD54-F2669313B8B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {3F95ED2F-0003-4EC8-97BE-6ED10F55E93E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e90f65a1bc6e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {45252C08-3FF9-46C9-A059-E967850E13DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {488689F8-9595-4E63-BA01-9D27B6AC653D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5FB8FC66-CFE8-41AD-8E18-4CF226165944} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6A746BE5-C925-4CCD-ACED-4C5057638930} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {84023080-9B54-4DB6-8EA1-CC98CDCE119D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2959822069-1377736154-2048073183-1000
Task: {8BC215C6-80FC-413C-8109-5E0D24655866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C8867D8-96FA-4196-BC09-BDC997F4A6A6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {8F58478C-8669-4817-B66A-354A3E9C955D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {8FF87254-6364-4C13-88FA-40BCB0C9E24A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-05] (AVG Technologies CZ, s.r.o.)
Task: {9A85F727-6583-461C-9D71-48479AC6AC7D} - \eFix Reminder -> No File <==== ATTENTION
Task: {9A876989-567C-4458-8D09-F3C5372F3C41} - System32\Tasks\{BB9B192F-C1CB-4530-ABD0-D4C26AFF8DDF} => pcalua.exe -a "C:\Users\owner\Downloads\Firefox Setup 3.5.6.exe" -d C:\Users\owner\Desktop
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B02F401C-BBBF-47E8-908A-CC130053D8F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {B0E0A746-4EAF-44B6-9BCA-6AE2E759596C} - System32\Tasks\{AD5629E7-933B-4F71-8000-66756B4BF6A3} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C07769BC-9EC3-4E75-A71D-4124CA029E90} - System32\Tasks\{A86D5F52-AFC1-42F8-9D7B-65891E6DB17D} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C150783C-9F30-4237-ABA2-97BD9C5A45E1} - System32\Tasks\{2262C318-5803-4CE3-956E-FC53261DB2D1} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DFD5D05A-66EF-4F8A-8E02-07B2B5440057} - System32\Tasks\{58DCD2AC-561C-48D8-946B-0E5B53A07751} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-05 21:11 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-05 21:11 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-05 21:46 - 2017-04-05 21:46 - 05917184 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17040502\algo.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00231616 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-04-05 21:39 - 2017-04-05 21:38 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-04-05 21:43 - 2017-04-05 21:44 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_3friends-215113587 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{16E1A0C6-CDBD-4A58-961E-8BB2891EF866}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{70BF0703-A861-4923-99B0-3AE3B5B3F068}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3065BB1B-171F-4324-8398-4DC64F09EB17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{78512AB1-63FD-4202-864E-05BC39F57BF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{5BF3A8ED-32DC-452F-B660-B7C4AD1D77C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{B7CE2E73-BFE1-4785-9FC6-9F2D6E51109D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{99D45250-FAB3-473C-BD25-889D4C6078C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B6EC8D7D-BCD7-4149-AEE9-B148CA7076E6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0D2F1F23-E276-465E-8061-302F24CFC258}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{BB1396F1-5EF6-49E0-9980-B96315F02B5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{B3E66EAB-6566-410A-881B-53C20F907573}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C964DC88-07A8-43DE-94BA-BE040BD41E79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{96D9C359-6018-4815-A199-EDA0ACB50B31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F078691D-F5CC-49AF-B613-7FB410C54236}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E62704C4-3DC1-49C6-A3FC-5E6351CF6F84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{5C30B550-0929-4B9A-8B05-B26AFFE8DB08}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E5C15521-28DC-4408-BC83-DC5A72FE23BF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6A27687C-61C3-4AE3-89E0-08D6B1F2499A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{38F45121-22EF-4ED3-B9A8-BE9347BA76E6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{47783F37-A42E-4422-9310-66E8104D3A11}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{11EBE704-4096-42F3-8E17-41C4B7D85F45}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{88FF533D-E8FF-426F-A034-3DDD687F1CAD}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{C4031452-C863-4E8B-80A0-3B25685B3A07}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{B680F47E-F1CD-498C-82DC-159787CE78DE}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{41BA33C0-1A7E-4C18-8705-445589201EED}] => (Allow) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{28A06B2E-F845-4F11-AE7E-A8F5068925F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9A7CB8C-1F29-46AF-94AE-D1B74B438A9C}] => (Allow) LPort=2869
FirewallRules: [{AA569CCA-B27D-4A03-97E9-03082F150AEE}] => (Allow) LPort=1900
FirewallRules: [{A053DAEF-178D-4883-98C2-3A154A6F4B53}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1C7F055D-BB9D-4A2F-A7BC-1F2F905D506F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{F248002E-00EC-4A85-B0F3-1E57F0B60528}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{68BE95DC-DB7E-4A37-B55C-4E4EBE72BA7C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{A12C43C7-DB1F-4D29-AC59-82EC71A31A3F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{BB11835D-FA59-4753-AC0A-11CC35765E71}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{76043CCD-C68A-4AC0-9084-EF1C6F1C5C0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{55705D2B-3E70-403A-B452-63A6D206D6A8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{133B0E51-2A94-401C-BD76-A452CCD317FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6F20A3C-8C77-47F7-8FA6-CBF9BAE9B557}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54CFDB46-3967-459A-BABC-232885A73B23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{654C9C51-A471-442E-AB5C-44903D9499BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{775A7141-CCB4-428A-B1BC-E0F93B7584D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-03-2017 16:56:26 Windows Update
08-03-2017 18:27:30 Windows Update
11-03-2017 22:47:48 Windows Update
15-03-2017 16:48:12 Windows Update
19-03-2017 07:13:13 Windows Update
23-03-2017 11:18:42 Windows Update
27-03-2017 14:41:09 Windows Update
30-03-2017 19:16:23 Windows Update
03-04-2017 05:22:35 Windows Update
05-04-2017 21:03:57 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2017 09:45:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2017 09:45:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2017 09:33:57 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2017 09:33:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/05/2017 09:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/05/2017 09:34:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/05/2017 08:29:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The service has not been started.

Error: (04/05/2017 08:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Event-ID 2004

Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/05/2017 08:29:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/05/2017 08:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/05/2017 08:29:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
Date: 2014-04-18 19:42:51.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:42:51.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:42:50.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:42:00.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:42:00.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:41:59.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:38:36.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:38:35.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:38:35.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:37:48.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 4085.18 MB
Available physical RAM: 2359.93 MB
Total Virtual: 8168.54 MB
Available Virtual: 6487.38 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:451.4 GB) (Free:383.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.92 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=451.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)


  • 0

#20
dolface755
Posted 07 April 2017 - 03:32 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

I've also done the asw and I copied her system info because i really need to find out what everything is saving to the recovery drive

 

 

asW:

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-04-05 22:17:22
-----------------------------
22:17:22.913 OS Version: Windows x64 6.1.7601 Service Pack 1
22:17:22.913 Number of processors: 2 586 0x170A
22:17:22.913 ComputerName: OWNER-PC UserName: owner
22:17:28.592 Initialize success
22:17:28.685 VM: initialized successfully
22:17:28.685 VM: Intel CPU BiosDisabled
22:19:11.237 AVAST engine defs: 17030301
22:20:33.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:20:33.683 Disk 0 Vendor: ST3500418AS HP22 Size: 476940MB BusType: 3
22:20:33.777 Disk 0 MBR read successfully
22:20:33.777 Disk 0 MBR scan
22:20:33.793 Disk 0 Windows 7 default MBR code
22:20:33.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462230 MB offset 63
22:20:33.808 Disk 0 Boot: NTFS code=1
22:20:33.839 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 449 MB offset 946649088
22:20:33.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14256 MB offset 947570400
22:20:33.949 Disk 0 scanning C:\Windows\system32\drivers
22:20:47.177 Service scanning
22:21:09.782 Modules scanning
22:21:09.797 Disk 0 trace - called modules:
22:21:09.829 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:21:09.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004938060]
22:21:09.844 3 CLASSPNP.SYS[fffff880018be43f] -> nt!IofCallDriver -> [0xfffffa8004326e40]
22:21:09.844 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044a0060]
22:21:18.455 AVAST engine scan C:\Windows
22:21:21.310 AVAST engine scan C:\Windows\system32
22:24:57.683 AVAST engine scan C:\Windows\system32\drivers
22:25:13.095 AVAST engine scan C:\Users\owner
22:29:13.008 AVAST engine scan C:\ProgramData
22:32:38.429 Disk 0 statistics 3720267/0/0 @ 3.59 MB/s
22:32:38.461 Scan finished successfully
22:37:03.474 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
22:37:03.489 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

 

 

I went through everything I could......Deleted all the programs for some reason that someone downloaded like "anydesk" and stuff like that...I've changed passwords on the gateway and all of her programs and for now she's only doing banking and such on her tablet....     


  • 0

#21
RKinner
Posted 07 April 2017 - 10:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I don't see anything ugly.  There is some deadwood we can clear out with a fixlist:

 

 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=84662:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
We can run Rogue Killer if you like:
 
Let's run Rogue Killer
 
 
Portable 64 bits  <==Use this one
 
Download and Save.
 
 
 
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin
 
Start Scan
Start Scan
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.
 
Open rk.txt and copy and paste it to your next Reply. 
 
 

  • 0

#22
dolface755
Posted 08 April 2017 - 08:46 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by owner (administrator) on OWNER-PC (08-04-2017 19:42:25)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{BBB3682C-3B8C-4B56-BDD6-A894846E1AAA}: [DhcpNameServer] 192.168.1.254 75.153.171.122
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {E830349A-E36E-4059-B46D-B67DA07D86B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 [2017-04-08]
FF Homepage: Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211 -> www.yahoo.ca
FF Extension: (Adblock Plus) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\skspr2zw.default-1481671341211\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-12] [not signed]
FF HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009-12-25] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-04-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-04-02] (Apple Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-05] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-05] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-08] (Malwarebytes)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
S3 cpuz134; \??\C:\Users\owner\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-08 19:42 - 2017-04-08 19:42 - 00014488 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-08 19:36 - 2017-04-08 19:37 - 00012553 _____ C:\Users\owner\Desktop\Fixlog.txt
2017-04-08 19:35 - 2017-04-08 19:36 - 00000000 ____D C:\Users\owner\Desktop\temp fix
2017-04-05 22:15 - 2017-04-08 19:42 - 00000000 ____D C:\FRST
2017-04-05 22:13 - 2017-04-05 22:13 - 05200384 _____ (AVAST Software) C:\Users\owner\Desktop\aswmbr.exe
2017-04-05 22:12 - 2017-04-05 22:12 - 02424832 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-05 21:45 - 2017-04-05 21:45 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-05 21:44 - 2017-04-05 21:44 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-05 21:44 - 2017-04-05 21:44 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-05 21:44 - 2017-04-05 21:44 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-05 21:44 - 2017-04-05 21:43 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-05 21:41 - 2017-04-05 21:41 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-05 21:41 - 2017-04-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-05 21:39 - 2017-04-08 06:54 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-05 21:30 - 2017-04-05 21:30 - 09274608 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup528.exe
2017-04-05 21:11 - 2017-04-08 19:39 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-05 21:11 - 2017-04-08 19:39 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-05 21:11 - 2017-04-08 19:39 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 21:11 - 2017-04-08 19:39 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-05 21:11 - 2017-04-05 21:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-05 21:11 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-05 21:03 - 2017-04-05 21:04 - 59272008 _____ (Malwarebytes ) C:\Users\owner\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-05 21:01 - 2017-04-05 21:01 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\owner\Downloads\AVG_Protection_Free_1606.exe
2017-04-05 20:03 - 2017-04-05 20:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\Sun
2017-04-05 20:02 - 2017-04-05 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-05 20:02 - 2017-04-05 20:02 - 00000000 ____D C:\ProgramData\Oracle
2017-04-05 19:54 - 2017-04-05 19:54 - 10619364 _____ C:\Users\owner\Downloads\CryptoPreventSetupV8.zip
2017-04-05 19:54 - 2017-04-05 19:54 - 00766994 _____ C:\Users\owner\Downloads\speedyfox.zip
2017-04-05 19:33 - 2017-04-05 19:33 - 00000870 _____ C:\Users\owner\Documents\startup.txt
2017-04-05 09:26 - 2017-04-05 09:26 - 00000000 ____D C:\Users\owner\AppData\Roaming\AnyDesk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-08 19:39 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 19:37 - 2013-04-05 17:14 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Temp
2017-04-08 19:36 - 2009-12-18 13:58 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-04-08 19:26 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-08 19:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-08 18:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-08 18:03 - 2017-01-01 18:02 - 00000527 _____ C:\Users\owner\Desktop\Facebook.website
2017-04-08 07:01 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-08 07:01 - 2009-07-13 21:45 - 00022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-05 23:42 - 2015-11-10 11:35 - 00000000 ____D C:\ProgramData\Avg
2017-04-05 21:56 - 2011-08-12 15:42 - 00000000 ____D C:\Registry backup
2017-04-05 21:54 - 2011-01-26 14:46 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-05 21:49 - 2014-12-25 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-05 21:49 - 2014-11-16 14:45 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-05 21:49 - 2011-08-12 15:38 - 00000000 ____D C:\Program Files\CCleaner
2017-04-05 21:49 - 2011-07-08 17:41 - 00000000 ____D C:\Program Files (x86)\Valusoft
2017-04-05 21:49 - 2009-12-24 23:23 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-05 21:48 - 2011-07-08 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valusoft
2017-04-05 21:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-04-05 21:46 - 2015-11-10 11:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\AVG
2017-04-05 21:42 - 2015-05-30 18:43 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-05 21:41 - 2015-11-10 11:33 - 00000000 ____D C:\Users\owner\AppData\Local\AvgSetupLog
2017-04-05 21:33 - 2009-07-13 21:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 21:26 - 2016-11-16 20:38 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla
2017-04-05 21:25 - 2009-12-18 14:19 - 00000000 ____D C:\Users\owner
2017-04-05 21:11 - 2011-08-12 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-05 21:09 - 2009-12-18 13:46 - 00058400 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 21:03 - 2011-03-18 18:57 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 20:59 - 2015-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2017-04-05 20:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-05 19:31 - 2016-12-13 17:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\TeamViewer
2017-04-04 21:21 - 2009-12-18 13:25 - 00523432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-31 22:20 - 2012-12-03 11:17 - 00002261 _____ C:\Users\owner\Desktop\Google Chrome.lnk
2017-03-15 19:51 - 2009-07-13 22:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Roaming\9109
2014-04-15 22:25 - 2014-04-15 22:25 - 0000318 _____ () C:\Users\owner\AppData\Roaming\aps.uninstall.scan.results
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\Users\owner\AppData\Local\8237
2010-12-25 14:01 - 2015-01-01 08:52 - 0005632 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 09:42 - 2015-06-19 09:42 - 0000000 _____ () C:\Users\owner\AppData\Local\{EF8E88AE-72D4-49D5-8AB1-263B7B3276F3}
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\1303
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8286
2011-05-28 17:55 - 2011-05-28 17:55 - 0000012 _____ () C:\ProgramData\8712
2009-12-24 23:23 - 2017-04-05 20:04 - 0002961 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\owner\jagex_runescape_preferences.dat
C:\Users\owner\jagex_runescape_preferences2.dat
C:\Users\owner\jagex__preferences3.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-03 00:30
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by owner (08-04-2017 19:43:45)
Running from C:\Users\owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-18 21:19:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2959822069-1377736154-2048073183-500 - Administrator - Disabled)
Guest (S-1-5-21-2959822069-1377736154-2048073183-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2959822069-1377736154-2048073183-1002 - Limited - Enabled)
owner (S-1-5-21-2959822069-1377736154-2048073183-1000 - Administrator - Enabled) => C:\Users\owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - Across America (HKLM-x32\...\18 Wheels of Steel - Across America) (Version:  - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IncrediMail (x32 Version: 6.1.4.4685 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.1.4.4685 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
magicJack (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoMail Maker (HKLM-x32\...\PhotoMail) (Version: 6.0.0.1007 - IncrediMail Ltd.)
PhotoMail Maker (x32 Version: 6.0.0.1007 - IncrediMail) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FCB6017-7632-4DCD-92C7-764799C4D3B0} - System32\Tasks\{8663AC7D-024B-469E-9D9C-DB97E9E96C99} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {109E0171-FD70-40AE-97E4-3589AD20C647} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e90f64e60d7c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {168E5173-0A63-4BF1-AA8A-881F42B4BCA8} - System32\Tasks\{E1C142D3-0445-4CB6-A417-5F29CA56CF08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {24164C60-BD28-4955-9294-0EECC2729D42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {36764B3A-228A-42B4-837B-228B902CDA83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3F2517BF-FDB7-4710-AD54-F2669313B8B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {3F95ED2F-0003-4EC8-97BE-6ED10F55E93E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e90f65a1bc6e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {45252C08-3FF9-46C9-A059-E967850E13DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {488689F8-9595-4E63-BA01-9D27B6AC653D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A746BE5-C925-4CCD-ACED-4C5057638930} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe 
Task: {8BC215C6-80FC-413C-8109-5E0D24655866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8FF87254-6364-4C13-88FA-40BCB0C9E24A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-05] (AVG Technologies CZ, s.r.o.)
Task: {9A876989-567C-4458-8D09-F3C5372F3C41} - System32\Tasks\{BB9B192F-C1CB-4530-ABD0-D4C26AFF8DDF} => pcalua.exe -a "C:\Users\owner\Downloads\Firefox Setup 3.5.6.exe" -d C:\Users\owner\Desktop
Task: {B02F401C-BBBF-47E8-908A-CC130053D8F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {B0E0A746-4EAF-44B6-9BCA-6AE2E759596C} - System32\Tasks\{AD5629E7-933B-4F71-8000-66756B4BF6A3} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C07769BC-9EC3-4E75-A71D-4124CA029E90} - System32\Tasks\{A86D5F52-AFC1-42F8-9D7B-65891E6DB17D} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {C150783C-9F30-4237-ABA2-97BD9C5A45E1} - System32\Tasks\{2262C318-5803-4CE3-956E-FC53261DB2D1} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {DFD5D05A-66EF-4F8A-8E02-07B2B5440057} - System32\Tasks\{58DCD2AC-561C-48D8-946B-0E5B53A07751} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-05 21:11 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-05 21:11 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-08 06:55 - 2017-04-08 06:55 - 05918208 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17040800\algo.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-04-05 21:43 - 2017-04-05 21:43 - 00231616 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-04-05 21:39 - 2017-04-05 21:38 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-04-05 21:43 - 2017-04-05 21:44 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2017-04-08 19:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{16E1A0C6-CDBD-4A58-961E-8BB2891EF866}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{70BF0703-A861-4923-99B0-3AE3B5B3F068}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3065BB1B-171F-4324-8398-4DC64F09EB17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{78512AB1-63FD-4202-864E-05BC39F57BF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{5BF3A8ED-32DC-452F-B660-B7C4AD1D77C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{B7CE2E73-BFE1-4785-9FC6-9F2D6E51109D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{99D45250-FAB3-473C-BD25-889D4C6078C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B6EC8D7D-BCD7-4149-AEE9-B148CA7076E6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0D2F1F23-E276-465E-8061-302F24CFC258}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{BB1396F1-5EF6-49E0-9980-B96315F02B5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{B3E66EAB-6566-410A-881B-53C20F907573}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C964DC88-07A8-43DE-94BA-BE040BD41E79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{96D9C359-6018-4815-A199-EDA0ACB50B31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F078691D-F5CC-49AF-B613-7FB410C54236}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E62704C4-3DC1-49C6-A3FC-5E6351CF6F84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{5C30B550-0929-4B9A-8B05-B26AFFE8DB08}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E5C15521-28DC-4408-BC83-DC5A72FE23BF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{6A27687C-61C3-4AE3-89E0-08D6B1F2499A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{38F45121-22EF-4ED3-B9A8-BE9347BA76E6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{47783F37-A42E-4422-9310-66E8104D3A11}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{11EBE704-4096-42F3-8E17-41C4B7D85F45}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{88FF533D-E8FF-426F-A034-3DDD687F1CAD}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{C4031452-C863-4E8B-80A0-3B25685B3A07}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{B680F47E-F1CD-498C-82DC-159787CE78DE}] => (Allow) C:\Users\owner\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{41BA33C0-1A7E-4C18-8705-445589201EED}] => (Allow) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{28A06B2E-F845-4F11-AE7E-A8F5068925F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9A7CB8C-1F29-46AF-94AE-D1B74B438A9C}] => (Allow) LPort=2869
FirewallRules: [{AA569CCA-B27D-4A03-97E9-03082F150AEE}] => (Allow) LPort=1900
FirewallRules: [{A053DAEF-178D-4883-98C2-3A154A6F4B53}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{1C7F055D-BB9D-4A2F-A7BC-1F2F905D506F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{F248002E-00EC-4A85-B0F3-1E57F0B60528}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{68BE95DC-DB7E-4A37-B55C-4E4EBE72BA7C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{A12C43C7-DB1F-4D29-AC59-82EC71A31A3F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{BB11835D-FA59-4753-AC0A-11CC35765E71}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{76043CCD-C68A-4AC0-9084-EF1C6F1C5C0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{55705D2B-3E70-403A-B452-63A6D206D6A8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{133B0E51-2A94-401C-BD76-A452CCD317FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6F20A3C-8C77-47F7-8FA6-CBF9BAE9B557}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54CFDB46-3967-459A-BABC-232885A73B23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{654C9C51-A471-442E-AB5C-44903D9499BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{775A7141-CCB4-428A-B1BC-E0F93B7584D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-03-2017 16:56:26 Windows Update
08-03-2017 18:27:30 Windows Update
11-03-2017 22:47:48 Windows Update
15-03-2017 16:48:12 Windows Update
19-03-2017 07:13:13 Windows Update
23-03-2017 11:18:42 Windows Update
27-03-2017 14:41:09 Windows Update
30-03-2017 19:16:23 Windows Update
03-04-2017 05:22:35 Windows Update
05-04-2017 21:03:57 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 49%
Total physical RAM: 4085.18 MB
Available physical RAM: 2063.94 MB
Total Virtual: 8168.54 MB
Available Virtual: 6191.82 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:451.4 GB) (Free:379.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.92 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=451.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
There's the fix log here:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by owner (08-04-2017 19:36:16) Run:1
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2959822069-1377736154-2048073183-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-17] (Oracle Corporation)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {343FD46A-9284-4056-A237-A6C361287BAA} - \DTReg -> No File <==== ATTENTION
Task: {3452D0D6-BFB8-40EC-96C2-25AB1D22DB26} - System32\Tasks\{28CA1068-AD03-4ECE-8397-C58EF0A77C31} => pcalua.exe -a C:\Users\owner\Downloads\pse_350_enu.exe -d C:\Users\owner\Downloads
Task: {5FB8FC66-CFE8-41AD-8E18-4CF226165944} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {84023080-9B54-4DB6-8EA1-CC98CDCE119D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2959822069-1377736154-2048073183-1000
Task: {8C8867D8-96FA-4196-BC09-BDC997F4A6A6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {8F58478C-8669-4817-B66A-354A3E9C955D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {9A85F727-6583-461C-9D71-48479AC6AC7D} - \eFix Reminder -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\owner\Desktop\Facebook.website:TASKICON_3friends-215113587 [2302]
hosts:
EmptyTemp:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKU\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKCR\PROTOCOLS\Handler\inbox => key not found. 
HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => key not found. 
HKCR\PROTOCOLS\Handler\livecall => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKCR\PROTOCOLS\Handler\msnim => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2 => key removed successfully
C:\Windows\SysWOW64\npDeployJava1.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2 => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{343FD46A-9284-4056-A237-A6C361287BAA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{343FD46A-9284-4056-A237-A6C361287BAA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3452D0D6-BFB8-40EC-96C2-25AB1D22DB26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3452D0D6-BFB8-40EC-96C2-25AB1D22DB26} => key removed successfully
C:\Windows\System32\Tasks\{28CA1068-AD03-4ECE-8397-C58EF0A77C31} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28CA1068-AD03-4ECE-8397-C58EF0A77C31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FB8FC66-CFE8-41AD-8E18-4CF226165944} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FB8FC66-CFE8-41AD-8E18-4CF226165944} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84023080-9B54-4DB6-8EA1-CC98CDCE119D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84023080-9B54-4DB6-8EA1-CC98CDCE119D} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-2959822069-1377736154-2048073183-1000 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-2959822069-1377736154-2048073183-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C8867D8-96FA-4196-BC09-BDC997F4A6A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C8867D8-96FA-4196-BC09-BDC997F4A6A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F58478C-8669-4817-B66A-354A3E9C955D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F58478C-8669-4817-B66A-354A3E9C955D} => key removed successfully
C:\Windows\System32\Tasks\LaunchApp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A85F727-6583-461C-9D71-48479AC6AC7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A85F727-6583-461C-9D71-48479AC6AC7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eFix Reminder => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Users\owner\Desktop\Facebook.website => ":TASKICON_0news-1751121550" ADS removed successfully.
C:\Users\owner\Desktop\Facebook.website => ":TASKICON_1messages-431041656" ADS removed successfully.
C:\Users\owner\Desktop\Facebook.website => ":TASKICON_2events-250898981" ADS removed successfully.
C:\Users\owner\Desktop\Facebook.website => ":TASKICON_3friends-215113587" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6253911 B
Java, Flash, Steam htmlcache => 698 B
Windows/system/drivers => 905748 B
Edge => 0 B
Chrome => 194411735 B
Firefox => 15446313 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42371525 B
systemprofile32 => 77293 B
LocalService => 132372 B
NetworkService => 16804442 B
owner => 386159946 B
 
RecycleBin => 0 B
EmptyTemp: => 643.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:37:26 ====

  • 0

#23
dolface755
Posted 08 April 2017 - 09:52 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

rogue log: 

RogueKiller V12.10.3.0 (x64) [Apr  3 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Administrator]
Started from : C:\Users\owner\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 04/08/2017 20:19:19 (Duration : 00:23:22)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ImInstaller -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Trymedia Systems -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\VideoDownloadConverter -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\efixpro -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\efixpro -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\YahooPartnerToolbar -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2959822069-1377736154-2048073183-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 16 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Ask -> Found
[PUP.Gen1][Folder] C:\ProgramData\GameTap Web Player -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Roaming\Activeris -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Roaming\HPAppData -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Roaming\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Local\Genesis -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Local\IAC -> Found
[PUP.Gen1][Folder] C:\Users\owner\AppData\Local\PackageAware -> Found
[PUP.Gen1][Folder] C:\ProgramData\Ask -> Found
[PUP.Gen1][Folder] C:\ProgramData\GameTap Web Player -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\predm -> Found
[PUP.Gen0|PUP.Gen1][Folder] C:\Program Files (x86)\Settings Manager -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\System Optimizer Pro -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Trymedia -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Uninstaller -> Found
[PUP.Mindspark][Folder] C:\Program Files (x86)\VideoDownloadConverter -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 10dcbe5943a9fd1b80af5cbd483ed2b2
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 462230 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 946649088 | Size: 449 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

  • 0

#24
RKinner
Posted 09 April 2017 - 05:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

You can let Rogue Killer remove everything it found.

 

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 7 
Java™ 6 Update 24 
JavaFX 2.1.0
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
Reboot
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
 

  • 0

#25
dolface755
Posted 19 April 2017 - 11:57 PM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

I had some issues trying to do the command prompt scan it just kept coming back with another program was already running. And I'm sorry I ran out of time before I could try again....I swear I"m gonna start charging these ppl money they I could give you take.......sorry just seemed funny for a minute.....I will run the rest of scans .so far everything looks ok on my end other than certain programs none of her family have ever heard of have started showing up. I had been deleting the ones I could, but had a question about the command scan.....can I just reboot with command prompt and bypass the Windows entirely or for this scan to work I have to use command prompt through Windows? 

 

I also don't think it's helpful for anything that this computer was bought pretty much in the last century from a so called BIGBOX electronics store...she dosn't even have her on working copy of Windows XP which is where it started its life, then progressed to Windows Vista and the just pulled a partial upgrade to Windows 7....would you think that could be causing some of the issues ?

 

sory I don't mean to keep asking.....until this new stupid Microsoft hack I could take about 20 minutes and clean out the crap her children download constantly ...now have the crap is locked and not available and she has drives she doesn't know where they came from.....She is eighty so that doesn't help

 

 

I so appreciate your help with this....I feel like I"m going around in circles 

 

I will post what you ask for after I get back there this weekend and let you know if there's anything else that has come up since my last visit


  • 0

Advertisements

#26
RKinner
Posted 20 April 2017 - 05:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

If you are fixing this for somebody else at their location then it's best to install TeamViewer on it so you can log on remotely and not have to go to their house.

 

See:  http://www.geekstogo...s/#entry2595809

 

I believe you can run sfc /scannow in Safe Mode 

 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
If this is a desktop that used to be an XP it's clogged with dust.  Shut it down, leave it plugged up and open it up.  Use a vacuum cleaner hose and a small brush and clean the heatsink, vents and fans (including the power supply's).  It's OK to remove the fan to get to the heatsink (as long as you put it back facing the same way) but the heatsink must not be disturbed or you will have to replace the thermal paste.
 
Laptops are a bit harder to clean.  Sometimes it helps to use the vacuum cleaner hose to suck air backwards through the system (put it on the air intake which will be on the bottom).
 
No hurry on replies.  I don't keep track.

  • 0

#27
dolface755
Posted 20 April 2017 - 11:53 AM

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts

yea the other problem I have....she keeps a very nice house but when it comes to her computer anyone or anything can do whatever they want on no questions asked then she phones me because something's not working any more..I'm guessing she wouldn't even know how to dust out a keyboard never mind anything else, so I thank you for that information. It would have totally flew by me


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP