Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Wont allow Programs to RUN/Connect to internet

MalwareBytes

  • Please log in to reply

#1
muffintopman

muffintopman

    New Member

  • Member
  • Pip
  • 1 posts

A couple of weeks ago i had two 32bit Windows 7 start acting slow and now there are programs that are not able to connect to the internet and run. The programs that are having the major problems are  Malware bytes (wont run), Internet Explorer a bidding that they use will run but wont connect to the internet, TeamViewer will run but cannot be accessed from the outside internet, Windows Remote desktop connection (does Work). 

 

In the EventViewer I am getting errors 7001 for the Malware bytes and Security Center service.

 

I did do multiple scans in safe mode with other programs Kaspersky, Panda, SpyWare Doctor, and WebrootSystem Analyzer. They did not find anything.

 

Security Center service

 

Log Name:      System
Source:        Service Control Manager
Date:          4/18/2017 12:50:31 PM
Event ID:      7001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      bobsworkstation
Description:
The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
Event Xml:
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2017-04-18T17:50:31.862202600Z" />
    <EventRecordID>68767</EventRecordID>
    <Correlation />
    <Execution ProcessID="492" ThreadID="2688" />
    <Channel>System</Channel>
    <Computer>bobsworkstation</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Security Center</Data>
    <Data Name="param2">Windows Management Instrumentation</Data>
    <Data Name="param3">%%1083</Data>
  </EventData>
</Event>
 
 
Malware bytes
 
Spoiler

 

 

FRST File

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2017 01

Ran by User (administrator) on BOBSWORKSTATION (18-04-2017 13:15:09)
Running from C:\Users\User.UNIVERSALX86\Desktop
Loaded Profiles: User (Available Profiles: etaadmin & User)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll [2006-01-24] (ATI Technologies Inc.)
HKU\S-1-5-21-479541361-4181058251-189593464-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-05] (AVAST Software)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{078B82C1-2A8A-4ED4-8326-408550A269AD}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-479541361-4181058251-189593464-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-479541361-4181058251-189593464-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-479541361-4181058251-189593464-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: qch0720b.default
FF ProfilePath: C:\Users\User.UNIVERSALX86\AppData\Roaming\Mozilla\Firefox\Profiles\qch0720b.default [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\User.UNIVERSALX86\AppData\Roaming\Mozilla\Firefox\Profiles\qch0720b.default\features\{9711b78e-371b-4288-971a-966e794856ef}\[email protected] [2017-04-06]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\[email protected] [2017-03-23] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-05]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://mysearch.avg.com?cid={5FA702F1-BA07-46D1-B844-BAEDB8CCF3D6}&mid=9c4a80256d5e47d3afb8d16e48e0e76c-688b1987a9c1cef6e55a497fcbac10a1aba3004e&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-22 12:57:52&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={5FA702F1-BA07-46D1-B844-BAEDB8CCF3D6}&mid=9c4a80256d5e47d3afb8d16e48e0e76c-688b1987a9c1cef6e55a497fcbac10a1aba3004e&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-11-05 09:53:16&v=17.0.1.12&pid=safeguard&sg=0&sap=hp","hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByBtD0EtDyEtD0Ezy0F0CyDyCtAtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0E0B0C0DzztB0BtGtB0DtDyDtG0A0A0C0AtG0Fzy0ByEtGyB0B0Czz0CyCzztDyCtB0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzz0B0ByCtD0AzztGtByDzzyBtG0AtA0C0AtG0CyDtCzytGyCtAzyyCzz0F0A0DtD0A0FyD2Q&cr=1418067240&ir="
CHR Profile: C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Google Slides) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-29]
CHR Extension: (Avast SafePrice) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-31]
CHR Extension: (Google Sheets) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Trevx - Music Downloader) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2017-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Avast Online Security) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Gmail) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\User.UNIVERSALX86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-03-29] (AVAST Software s.r.o.)
S2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [405504 2006-01-24] (ATI Technologies Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-03-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-03-29] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-03-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-03-29] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106904 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118800 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-05] (AVAST Software)
S3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1478656 2006-01-24] (ATI Technologies Inc.) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43176 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [25440 2016-03-04] (ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-08-21] (Glarysoft Ltd)
S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [3328 2012-12-18] (Famatech International Corp.) [File not signed]
S3 smwdm; C:\Windows\System32\drivers\smwdm.sys [260224 2005-11-29] (Analog Devices, Inc.) [File not signed]
S3 catchme; \??\C:\Users\USER~1.UNI\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-18 13:15 - 2017-04-18 13:15 - 00014709 _____ C:\Users\User.UNIVERSALX86\Desktop\FRST.txt
2017-04-18 13:14 - 2017-04-18 13:12 - 01766912 _____ (Farbar) C:\Users\User.UNIVERSALX86\Desktop\FRST.exe
2017-04-18 13:13 - 2017-04-18 13:15 - 00000000 ____D C:\FRST
2017-04-18 13:12 - 2017-04-18 13:12 - 01766912 _____ (Farbar) C:\Users\User.UNIVERSALX86\Downloads\FRST.exe
2017-04-18 12:56 - 2017-04-18 12:56 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-04-18 12:56 - 2017-04-18 12:56 - 00012067 _____ C:\ComboFix.txt
2017-04-18 12:56 - 2017-04-18 12:56 - 00000000 ___HD C:\$AV_ASW
2017-04-18 12:54 - 2017-04-18 12:54 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-18 12:30 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-18 12:30 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-18 12:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-18 12:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-18 12:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-18 12:30 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-18 12:30 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-18 12:30 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-18 12:28 - 2017-04-18 12:56 - 00000000 ____D C:\Qoobox
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Local\CrashDumps
2017-04-18 12:28 - 2017-04-18 12:27 - 05659609 ____R (Swearware) C:\Users\User.UNIVERSALX86\Desktop\ComboFix.exe
2017-04-18 12:27 - 2017-04-18 12:53 - 00000000 ____D C:\Windows\erdnt
2017-04-18 12:27 - 2017-04-18 12:27 - 05659609 ____R (Swearware) C:\Users\User.UNIVERSALX86\Downloads\ComboFix.exe
2017-04-18 12:14 - 2017-04-18 12:14 - 00601776 _____ (Microsoft Corporation) C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (2).exe
2017-04-18 12:13 - 2017-04-18 12:13 - 00601776 _____ (Microsoft Corporation) C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (1).exe
2017-04-18 12:08 - 2017-04-18 12:08 - 00601776 _____ (Microsoft Corporation) C:\Users\User.UNIVERSALX86\Downloads\WMIDiag.exe
2017-04-18 11:59 - 2017-04-18 11:59 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-04-18 11:58 - 2017-04-18 12:48 - 00000000 ____D C:\ProgramData\Norton
2017-04-18 11:58 - 2017-04-18 12:07 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-04-18 11:58 - 2017-04-18 11:58 - 01027560 _____ (Symantec Corporation) C:\Users\User.UNIVERSALX86\Downloads\NSPremiumDownloader.exe
2017-04-18 11:58 - 2017-04-18 11:58 - 00001285 _____ C:\Users\User.UNIVERSALX86\Desktop\Norton Installation Files.lnk
2017-04-18 11:58 - 2017-04-18 11:58 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-04-18 11:31 - 2017-04-18 11:31 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-18 11:31 - 2017-04-18 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-18 11:31 - 2017-03-22 11:02 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-18 11:30 - 2017-04-18 11:30 - 60107896 _____ (Malwarebytes ) C:\Users\User.UNIVERSALX86\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-18 11:30 - 2017-04-18 11:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-17 14:30 - 2017-04-17 14:30 - 00000082 _____ C:\Windows\qawin32.INI
2017-04-17 14:30 - 2017-04-17 14:30 - 00000000 ____D C:\ProgramData\Geek Squad
2017-04-17 14:27 - 2017-04-18 06:59 - 00222398 _____ C:\Windows\ntbtlog.txt
2017-04-14 09:59 - 2017-04-14 09:59 - 00000000 ____D C:\zoek
2017-04-14 08:46 - 2017-04-14 10:04 - 00003159 _____ C:\runcheck.txt
2017-04-14 08:45 - 2017-04-14 10:00 - 00000000 ____D C:\zoek_backup
2017-04-14 08:45 - 2017-04-14 08:45 - 01309184 _____ C:\Users\User.UNIVERSALX86\Desktop\zoek.exe
2017-04-13 18:31 - 2017-04-13 18:31 - 00028672 _____ C:\Users\User.UNIVERSALX86\Downloads\Security_Update_033018_password (1).exe
2017-04-13 17:34 - 2017-04-13 17:59 - 00028672 _____ C:\Users\User.UNIVERSALX86\Downloads\Security_Update_033018_password.exe
2017-04-11 23:13 - 2017-03-27 12:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-11 23:13 - 2017-03-25 14:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-11 23:13 - 2017-03-25 14:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-11 23:13 - 2017-03-25 14:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-11 23:13 - 2017-03-25 13:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-11 23:13 - 2017-03-25 13:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-11 23:13 - 2017-03-25 13:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-11 23:13 - 2017-03-25 13:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-11 23:13 - 2017-03-25 13:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-11 23:13 - 2017-03-25 13:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-11 23:13 - 2017-03-25 13:47 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-11 23:13 - 2017-03-25 13:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-11 23:13 - 2017-03-25 13:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 23:13 - 2017-03-25 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-11 23:13 - 2017-03-25 13:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-11 23:13 - 2017-03-25 13:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-11 23:13 - 2017-03-25 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-11 23:13 - 2017-03-25 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-11 23:13 - 2017-03-25 13:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-11 23:13 - 2017-03-25 12:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-11 23:13 - 2017-03-25 12:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-11 23:13 - 2017-03-25 11:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 23:13 - 2017-03-25 11:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-11 23:13 - 2017-03-24 17:41 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-11 23:13 - 2017-03-22 10:24 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-11 23:13 - 2017-03-22 10:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-11 23:13 - 2017-03-22 10:20 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-11 23:13 - 2017-03-22 10:06 - 02091520 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-11 23:13 - 2017-03-22 10:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-11 23:13 - 2017-03-22 10:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-11 23:13 - 2017-03-22 10:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-11 23:13 - 2017-03-22 10:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-11 23:13 - 2017-03-22 10:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-11 23:13 - 2017-03-22 10:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-11 23:13 - 2017-03-22 10:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 23:13 - 2017-03-14 10:23 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-11 23:13 - 2017-03-14 10:23 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-11 23:13 - 2017-03-14 10:17 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-11 23:13 - 2017-03-10 11:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-11 23:13 - 2017-03-10 11:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-11 23:13 - 2017-03-10 11:19 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-11 23:13 - 2017-03-10 11:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-11 23:13 - 2017-03-10 10:54 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-11 23:13 - 2017-03-10 10:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-11 23:13 - 2017-03-08 15:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-11 23:13 - 2017-03-07 23:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-04-11 23:13 - 2017-03-07 23:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-11 23:13 - 2017-03-07 23:26 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-11 23:13 - 2017-03-07 23:26 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-11 23:13 - 2017-03-07 23:24 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-11 23:13 - 2017-03-07 23:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 22:58 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 23:13 - 2017-03-07 22:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-11 23:13 - 2017-03-07 22:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-11 23:13 - 2017-03-07 22:58 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 23:13 - 2017-03-07 22:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-11 23:13 - 2017-03-07 22:56 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-11 23:13 - 2017-03-07 22:55 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-11 23:13 - 2017-03-07 22:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-11 23:13 - 2017-03-07 22:54 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-11 23:13 - 2017-03-07 22:54 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-11 23:13 - 2017-03-07 22:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-11 23:13 - 2017-03-07 22:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-11 23:13 - 2017-03-07 22:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-11 23:13 - 2017-03-07 22:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-11 23:13 - 2017-03-07 22:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 23:13 - 2017-03-07 11:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-11 23:13 - 2017-03-07 10:06 - 02746880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-11 23:13 - 2017-03-07 10:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-11 23:13 - 2017-03-07 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-11 23:13 - 2017-03-03 20:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-11 23:13 - 2017-03-03 20:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-11 23:13 - 2017-02-14 11:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-11 23:13 - 2017-02-11 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-11 23:13 - 2017-02-09 11:14 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-11 23:13 - 2017-02-09 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 23:13 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-10 11:32 - 2017-04-10 11:32 - 00690433 _____ C:\Users\User.UNIVERSALX86\Downloads\SubmittalPkg.pdf
2017-04-10 08:12 - 2017-04-10 08:12 - 04932183 _____ C:\Users\User.UNIVERSALX86\Downloads\2633834_6115_ENG_A_W.PDF
2017-04-10 07:33 - 2017-04-10 07:33 - 00065481 _____ C:\Users\User.UNIVERSALX86\Downloads\Copper Ground Rods.pdf
2017-04-06 11:42 - 2017-04-07 14:56 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\LocalLow\Mozilla
2017-04-06 11:42 - 2017-04-06 11:47 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Local\Mozilla
2017-04-06 11:42 - 2017-04-06 11:42 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-06 11:42 - 2017-04-06 11:42 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-06 11:42 - 2017-04-06 11:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-06 11:42 - 2017-04-06 11:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-06 11:40 - 2017-04-06 11:41 - 00245416 _____ C:\Users\User.UNIVERSALX86\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-05 16:42 - 2017-04-05 16:42 - 00330256 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-04 11:00 - 2017-04-04 11:00 - 02344615 _____ (Alexandre Miguel Canotilho Coelho ) C:\Users\User.UNIVERSALX86\Downloads\Windows_Repair_Toolbox_setup.exe
2017-04-04 11:00 - 2017-04-04 11:00 - 00007605 _____ C:\Users\User.UNIVERSALX86\AppData\Local\Resmon.ResmonCfg
2017-04-04 10:27 - 2017-04-04 10:27 - 00000000 ____D C:\ProgramData\Western Digital
2017-04-04 10:27 - 2017-04-04 10:27 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-04-04 10:26 - 2017-04-04 10:26 - 04341113 _____ C:\Users\User.UNIVERSALX86\Downloads\WD_Quick_View_Setup_for_Windows.zip
2017-04-04 10:26 - 2017-04-04 10:26 - 00000000 ____D C:\Users\User.UNIVERSALX86\Downloads\WD_Quick_View_Setup_for_Windows
2017-04-04 10:22 - 2017-04-04 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-04-04 10:22 - 2017-04-04 10:27 - 00000000 ____D C:\Program Files\Western Digital
2017-04-04 10:22 - 2017-04-04 10:22 - 00001111 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2017-04-04 10:22 - 2017-04-04 10:22 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Roaming\com.wd.WDMyCloud
2017-04-04 10:21 - 2017-04-04 10:21 - 00000000 ____D C:\Program Files\Bonjour
2017-04-04 10:20 - 2017-04-04 10:20 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Local\Western Digital
2017-04-04 10:19 - 2017-04-04 10:19 - 63849440 _____ C:\Users\User.UNIVERSALX86\Downloads\WDMyCloud_win.exe
2017-03-29 15:57 - 2017-03-29 16:02 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Local\FreeFixer
2017-03-29 15:52 - 2017-03-29 15:56 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2017-03-29 10:07 - 2017-03-29 10:08 - 06654960 _____ (AVAST Software) C:\Users\User.UNIVERSALX86\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-18 12:58 - 2009-07-13 23:34 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-18 12:58 - 2009-07-13 23:34 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-18 12:49 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 12:49 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2017-04-18 11:30 - 2015-08-21 10:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-17 14:21 - 2016-11-23 15:49 - 00000000 ____D C:\Windows_Repair_Toolbox
2017-04-17 12:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2017-04-14 10:10 - 2016-08-01 12:13 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-14 10:00 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-13 19:33 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2017-04-13 17:53 - 2015-12-02 12:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 17:24 - 2009-07-13 23:33 - 00434080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 17:21 - 2015-08-21 10:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 03:08 - 2015-08-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 03:05 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-12 03:05 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2017-04-12 03:03 - 2010-11-20 16:01 - 00782802 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 11:42 - 2016-03-28 12:48 - 00000000 ____D C:\Users\User.UNIVERSALX86\AppData\Roaming\Mozilla
2017-04-05 16:42 - 2016-03-16 08:02 - 00472760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00118800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00106904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 16:42 - 2016-03-16 08:02 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 16:41 - 2016-03-23 04:20 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 16:41 - 2016-03-16 08:02 - 00764064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 11:59 - 2015-09-29 10:46 - 00111984 _____ C:\Users\User.UNIVERSALX86\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-04 11:49 - 2011-04-11 21:21 - 00000000 ____D C:\Windows\CSC
2017-04-04 11:47 - 2016-11-23 17:37 - 00020485 _____ C:\Users\User.UNIVERSALX86\Desktop\Unattended_Fix_Logs.zip
2017-04-03 19:25 - 2015-08-21 10:25 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-29 10:18 - 2016-03-16 08:02 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-29 10:14 - 2017-03-16 07:22 - 00267528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-29 10:14 - 2017-03-16 07:22 - 00148208 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-29 10:14 - 2017-03-16 07:22 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-29 10:14 - 2017-03-16 07:21 - 00255184 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-24 08:02 - 2016-03-16 07:59 - 00000000 ____D C:\ProgramData\AVAST Software
 
==================== Files in the root of some directories =======
 
2017-04-04 11:00 - 2017-04-04 11:00 - 0007605 _____ () C:\Users\User.UNIVERSALX86\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-03 09:52
 
==================== End of FRST.txt ============================
 
 
 
Additional txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2017 01
Ran by User (18-04-2017 13:15:56)
Running from C:\Users\User.UNIVERSALX86\Desktop
Windows 7 Professional Service Pack 1 (X86) (2015-09-29 15:45:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-479541361-4181058251-189593464-500 - Administrator - Enabled)
etaadmin (S-1-5-21-479541361-4181058251-189593464-1001 - Administrator - Disabled) => C:\Users\etaadmin
Guest (S-1-5-21-479541361-4181058251-189593464-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-479541361-4181058251-189593464-1004 - Limited - Enabled)
User (S-1-5-21-479541361-4181058251-189593464-1002 - Administrator - Enabled) => C:\Users\User.UNIVERSALX86
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Advanced IP Scanner 2.4 (HKLM\...\{2E644D2D-993F-43B4-B85A-15363CA777C3}) (Version: 2.4.3021 - Famatech)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.221-060124a1-030152C-ATI - )
Autodesk Express Viewer (HKLM\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Glary Utilities 5.32 (HKLM\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
Google Chrome (HKLM\...\{94A83681-EBE7-383A-A070-DE2225F853C1}) (Version: 57.0.2987.133 - Google, Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Linksys Connect (HKLM\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WD My Cloud (HKLM\...\{F9F8D3BA-52AC-4995-A054-B534008D856D}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-479541361-4181058251-189593464-1002_Classes\CLSID\{24644DB2-3016-447e-9CA8-C6E8B95D4CB4}\localserver32 -> C:\Program Files\AutoCAD LT 2004\assist.exe => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {48C08939-664D-4470-B792-E8469791E939} - System32\Tasks\Games\UpdateCheck_S-1-5-21-479541361-4181058251-189593464-1002
Task: {4ED8C4B3-2720-4087-983B-5903E9FBE986} - System32\Tasks\SafeZone scheduled Autoupdate 1458724862 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {6248E86D-4436-410C-8F76-81A6D4520919} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-08-17] (Glarysoft Ltd)
Task: {669EEBFA-E1F6-40BE-9291-2918FCA09922} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {6751C13A-277D-4306-B25C-2434F03BAC52} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {926B6F67-A570-4742-8AE8-55D84A708DE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {C068DE92-1C85-417C-980E-1D75CF92D379} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {E064C182-37C1-46A0-A28E-8A4B6C1A8DD2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-05 16:42 - 2017-04-05 16:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-18 12:52 - 2017-04-18 12:52 - 06021752 _____ () C:\Program Files\AVAST Software\Avast\defs\17041812\algo.dll
2015-09-29 13:27 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2017-04-05 16:41 - 2017-04-05 16:41 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2017-04-18 12:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-479541361-4181058251-189593464-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User.UNIVERSALX86\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6C6F8847-A0F9-4D91-93B0-64655A2DE0E2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F330CD91-E659-441E-A6A2-50D4BF40F13D}] => (Allow) LPort=54925
FirewallRules: [{47D446A4-1CB2-4822-97FA-906574826088}] => (Allow) C:\Program Files\Brother\Brmfl14d\FAXRX.EXE
FirewallRules: [{A65FDED0-A716-4488-80F9-C8FBE9952103}] => (Allow) LPort=54925
FirewallRules: [{F9248A0B-669E-4C6C-998B-BADE83E807B8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{3652DCD9-BF3A-48E7-A47F-B022B0C21A20}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E5AF6A3-76DA-4111-8201-CBD04AC3AF61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C253E7AD-8717-4459-B15E-5C8935465DFA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6D9B55B-B96C-43F4-AB51-419ADB1CDDAC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{8B302D6C-A2C2-432E-A846-94657E299040}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{074B2D02-F2B9-4CAD-8C86-7C58C67695CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2017 01:13:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (1).exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 01:13:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (2).exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 01:13:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 12:29:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1754
 
Start Time: 01d2b8617958173e
 
Termination Time: 110
 
Application Path: C:\Windows\system32\mmc.exe
 
Report Id: 8cf1baaf-245c-11e7-9b98-001ec93e69f4
 
Error: (04/18/2017 12:28:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDDMStatus.exe, version: 3.2.4.19, time stamp: 0x54dd48f5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87a4
Exception code: 0xc0020001
Fault offset: 0x0000845d
Faulting process id: 0x71c
Faulting application start time: 0x01d2b860ed230a85
Faulting application path: C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 76efed0a-245c-11e7-9b98-001ec93e69f4
 
Error: (04/18/2017 12:26:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (2).exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 12:13:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 12:13:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag (1).exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 12:10:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/18/2017 12:10:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\User.UNIVERSALX86\Downloads\WMIDiag.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/18/2017 01:15:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (04/18/2017 12:52:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:52:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:51:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:50:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:50:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:49:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (04/18/2017 12:49:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (04/18/2017 12:49:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (04/18/2017 12:49:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 2036.97 MB
Available physical RAM: 1211.79 MB
Total Virtual: 4073.94 MB
Available Virtual: 3201.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.41 GB) (Free:41.55 GB) NTFS
Drive f: () (Fixed) (Total:179.31 GB) (Free:161.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 86308630)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 16B6C2EC)
Partition 1: (Not Active) - (Size=7 GB) - (Type=12)
Partition 2: (Active) - (Size=179.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

Edited by RKinner, 19 April 2017 - 07:18 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   1.87KB   25 downloads
 
 
If you can't download the file then copy the next lines, open notepad and paste them in.  File, Save As (to your desktop) fixlist, 
 


CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-479541361-4181058251-189593464-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://mysearch.avg.com?cid={5FA702F1-BA07-46D1-B844-BAEDB8CCF3D6}&mid=9c4a80256d5e47d3afb8d16e48e0e76c-688b1987a9c1cef6e55a497fcbac10a1aba3004e&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-22 12:57:52&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={5FA702F1-BA07-46D1-B844-BAEDB8CCF3D6}&mid=9c4a80256d5e47d3afb8d16e48e0e76c-688b1987a9c1cef6e55a497fcbac10a1aba3004e&lang=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-11-05 09:53:16&v=17.0.1.12&pid=safeguard&sg=0&sap=hp","hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByBtD0EtDyEtD0Ezy0F0CyDyCtAtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0E0B0C0DzztB0BtGtB0DtDyDtG0A0A0C0AtG0Fzy0ByEtGyB0B0Czz0CyCzztDyCtB0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzz0B0ByCtD0AzztGtByDzzyBtG0AtA0C0AtG0CyDtCzytGyCtAzyyCzz0F0A0DtD0A0FyD2Q&cr=1418067240&ir="
S3 catchme; \??\C:\Users\USER~1.UNI\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
CMD: sc config winmgmt start= disabled
CMD: net stop winmgmt
CMD: move \windows\System32\wbem\repository \windows\System32\wbem\repository.old
CMD: sc config Winmgmt start= auto
CMD: sc start Winmgmt /y
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
CMD: netsh winsock reset catalog
CMD: netsh int ip reset reset.log
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Reboot
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0






Similar Topics


Also tagged with one or more of these keywords: MalwareBytes

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP