Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old October 31st, 2017, 01:27 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Computer has slowed

My computer is not running quite as fast as it used to. How can I find out if I have any any viruses or malware? Thanks.
Reply With Quote


  #2  
Old November 1st, 2017, 07:35 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Hello Jeff_L and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check. Please do this following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old November 2nd, 2017, 01:31 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by Owner (01-11-2017 20:27:45)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-03-31 13:48:18)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-66518619-1978167420-2704880220-500 - Administrator - Disabled)
Guest (S-1-5-21-66518619-1978167420-2704880220-501 - Limited - Disabled)
Owner (S-1-5-21-66518619-1978167420-2704880220-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\{03F1AAFE-8812-4982-8EE3-D76F642BDBCE}) (Version: 16.71.7597 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{6E400AF1-567B-4832-A92D-0302535110AA}) (Version: 16.0.4756 - AVG Technologies) Hidden
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-290C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free Live Radio (HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 3.3.0.3 - Cloud Installer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.75 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
LibreOffice 3.5 (HKLM-x32\...\{BB21B808-F784-4883-A4D4-B1473384C1C6}) (Version: 3.5.0.13 - The Document Foundation)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Nero 8 Micro 8.3.2.1 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Premium Technical Support (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.89.0 - Verizon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-05-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-05-22] ()
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-05-22] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-05-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-05-22] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {122C0508-3E29-4B63-9471-DB014F2F5368} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-09-20] (Adobe Systems Incorporated)
Task: {15624C36-4E88-4429-8C99-E2068BCE2FFB} - System32\Tasks\{7E4CE0A7-3BD4-4E8F-99A5-4E5BD528CF3E} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?source=lightinstaller&page=tsInstal l
Task: {2379D124-A83C-41C9-8834-D43DF8827366} - System32\Tasks\shut => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {2632F426-4865-439E-8AAF-05BD7B80A8E1} - System32\Tasks\shudown => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {42B16E01-57D3-4518-B72B-04182CAA387E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {588945CF-0E8F-484C-AA65-E831C8523856} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {718BE861-1A00-45F3-B6CC-014AFFF8947D} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {80DCDE45-D901-4FA4-BC34-3D7C400C5C06} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C340B063-6019-46EA-A5DD-F49A58979CBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C9261543-23D2-4964-80EF-782EC2F9F6E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {CFBF1846-2CE6-4C49-BC01-90E2020B232C} - System32\Tasks\{3B51C9BF-2970-4275-87C2-E12A34F47DB7} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {F803765E-E0A7-4C19-B094-69241315CAB1} - System32\Tasks\sdo => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-31 09:58 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 001044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-24 09:11 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper \DevManagerCore.dll
2014-03-31 10:56 - 2010-05-21 13:14 - 000077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-66518619-1978167420-2704880220-1000\...\100sexlinks.com -> 100sexlinks.com

There are 5968 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-66518619-1978167420-2704880220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{59256728-ECEE-449E-9B71-FF82A6AC2465}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B13AB19-3AE0-4E8C-A97F-5573ACA99098}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05787FEE-A2FF-4A2F-9730-89CDBF0D9298}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0A3CC2D-3055-43F6-8D0E-A1D67ED9C467}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7044D570-6A69-4816-AD20-717A4242C088}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{62D50308-0513-41ED-9B56-BDE26E1D2C01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2F7404B-4E76-4E98-8AAD-BD7E8B9E8A15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{282753FF-4ACA-4F14-9320-557E97C26350}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FC34135B-901B-401D-9AF6-98114D7D85B9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8BC1FCBA-CE2F-4AD6-880E-0E69D5EBEB25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{BF7515C8-6400-4046-ABF0-189A4D91DCF1}C:\users\owner\appdata\roaming\utorre nt\updates\3.4.5_41073.exe] => (Block) C:\users\owner\appdata\roaming\utorrent\updates\3. 4.5_41073.exe
FirewallRules: [UDP Query User{7F1093ED-89DA-4323-A862-7EC730993CE4}C:\users\owner\appdata\roaming\utorre nt\updates\3.4.5_41073.exe] => (Block) C:\users\owner\appdata\roaming\utorrent\updates\3. 4.5_41073.exe
FirewallRules: [{F1BE5082-65E8-493B-B656-FD92F8329584}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{50D048FF-B693-491B-A229-E657DD4F049F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{072EF330-7377-4214-BCBD-3B062B039390}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{70C33708-3835-4084-B8D1-FF5A6A4D8959}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{245A45B0-F739-4845-ADFF-1E4A06427451}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{04130B9D-1D35-4D47-890E-B6C78032A00B}] => (Allow) LPort=2869
FirewallRules: [{382EFB70-F2F3-4ECA-B960-EF0FD649F3E4}] => (Allow) LPort=1900
FirewallRules: [{E10D1CDC-F2FE-452E-83A1-A3622C0C950C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E534F357-3BF3-4C4B-A0AC-63D57C205C19}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{83204B44-31CA-498A-897E-0C2B3B6360A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DA17D33B-A85A-448A-BDFA-FC4E96C33394}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{37166E00-E3E9-4F22-9027-F1A47FB92AC1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D9F13A35-8BCB-4504-84EC-4A46B59ED7C4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F1FBB621-DC9A-4E36-96FD-8B43528AD068}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-10-2017 09:32:28 Scheduled Checkpoint
30-10-2017 17:26:22 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2017 08:28:00 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:28:00.527]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:58.983]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:57 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:57.438]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:55.894]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:54.350]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:52.805]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:51.261]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:49.716]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:48.172]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2

Error: (11/01/2017 08:27:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2017/11/01 20:27:46.628]: [00002532]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (11/01/2017 05:46:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/01/2017 05:46:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 08:05:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 08:05:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 08:05:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 08:05:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 07:45:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/31/2017 07:45:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/31/2017 07:45:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/31/2017 07:45:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3931.61 MB
Available physical RAM: 1794.25 MB
Total Virtual: 7861.41 MB
Available Virtual: 5617.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:43 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F56572E9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #4  
Old November 2nd, 2017, 01:32 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017
Ran by Owner (administrator) on DELL18 (01-11-2017 20:27:27)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{7319BD20-E035-4A42-B86E-C19793A5CFF7}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-66518619-1978167420-2704880220-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-66518619-1978167420-2704880220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://foxnews.com/
SearchScopes: HKU\S-1-5-21-66518619-1978167420-2704880220-1000 -> {B1A75C4E-4778-402B-A87D-34E7242F87BC} URL = hxxp://search.hfreeliveradio.co/s?source=d-bb8&uid=99ac8549-ba45-415e-bfa7-a742e446becf&uc=20171008&ap=appfocus1&i_id=radio__ 1.30&query={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-31] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: d2cmo1os.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\d2cmo1os.default [2017-11-01]
FF Homepage: Mozilla\Firefox\Profiles\d2cmo1os.default -> google.com
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\d2cmo1os.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-11]
FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\d2cmo1os.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-23]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\46lsuqlu.default-1490829099896 [2017-03-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_ 151.dll [2017-08-08] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2014-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133 .dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://mbjjifpeegbfobmhmaoclcpgdfcgppjp/newtab/newtab.html", Not-active:"chrome-extension://ojaflabpfcohefbjlfplgbcgopmiopde/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTer ms}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (MapsFrontier Advertising) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaeohfpkhojgdhocdfpkdaffbe hjbmmd [2017-10-24]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-10-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-02-23]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-05-21]
CHR Extension: (Ask Web Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobim ealokp [2017-10-24]
CHR Extension: (Go Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjjifpeegbfobmhmaoclcpgdf cgppjp [2017-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-05-21]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-10-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-05-21] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc.)
S3 272x_1x; C:\Windows\system32\drivers\272x_1x.sys [612672 2012-04-24] (HighPoint Technologies, Inc.)
S3 274x_3x; C:\Windows\system32\drivers\274x_3x.sys [240960 2012-04-24] (HighPoint Technologies, Inc.)
S3 arcm_a64; C:\Windows\system32\drivers\arcm_a64.sys [52768 2009-11-08] (ARECA Technology Corporation)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 DC133; C:\Windows\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol GmbH)
S3 DC150; C:\Windows\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol GmbH)
S3 DC154; C:\Windows\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol GmbH)
S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol GmbH)
S3 DC324e; C:\Windows\system32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol GmbH)
R0 DC3410; C:\Windows\System32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol GmbH)
S3 DC4300; C:\Windows\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol GmbH)
S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol GmbH)
S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [17440 2009-05-25] (HighPoint Technologies, Inc.)
S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.)
S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26072 2012-06-29] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [651224 2012-06-29] (Intel Corporation)
S3 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [32768 2007-05-01] (ITE Tech. Inc.)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-02-28] (LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\MegaSR1.sys [461320 2009-04-16] (LSI Corporation, Inc.)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [182576 2011-05-06] (Marvell Semiconductor, Inc.)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175720 2010-04-08] (NVIDIA Corporation)
S3 Pnp680; C:\Windows\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc)
S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [124448 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc.)
S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [152096 2008-05-05] (HighPoint Technologies, Inc.)
S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [162400 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [168032 2009-12-31] (HighPoint Technologies, Inc.)
S3 rr276x; C:\Windows\system32\drivers\rr276x.sys [241472 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr278x; C:\Windows\system32\drivers\rr278x.sys [240960 2012-04-24] (HighPoint Technologies, Inc.)
S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [156256 2010-06-16] (HighPoint Technologies, Inc.)
S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [161904 2010-12-02] (VIA Technologies Inc.,Ltd)
S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies, Inc.)
R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies, Inc.)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 20:27 - 2017-11-01 20:27 - 000015961 _____ C:\Users\Owner\Desktop\FRST.txt
2017-11-01 20:25 - 2017-11-01 20:25 - 002403328 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-10-30 11:01 - 2017-10-30 11:04 - 000008192 _____ C:\Users\Owner\Documents\Property Managenet Team Oct 30, 2017.xls
2017-10-10 18:52 - 2017-10-10 18:52 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 18:38 - 2017-09-13 11:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 18:38 - 2017-09-13 11:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 18:38 - 2017-09-13 11:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 18:38 - 2017-09-13 11:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 18:38 - 2017-09-13 11:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 18:38 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-10 18:38 - 2017-09-13 11:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 18:38 - 2017-09-13 11:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 18:38 - 2017-09-13 11:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 18:38 - 2017-09-13 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 11:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 18:38 - 2017-09-13 11:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 18:38 - 2017-09-13 11:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 18:38 - 2017-09-13 11:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 18:38 - 2017-09-13 11:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 18:38 - 2017-09-13 10:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-10 18:38 - 2017-09-13 10:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 18:38 - 2017-09-13 10:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 18:38 - 2017-09-13 10:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 18:38 - 2017-09-13 10:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 18:38 - 2017-09-13 10:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 18:38 - 2017-09-13 10:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 18:38 - 2017-09-13 10:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 18:38 - 2017-09-13 10:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 18:38 - 2017-09-13 10:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 18:38 - 2017-09-13 10:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:38 - 2017-09-13 10:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 18:38 - 2017-09-08 11:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 18:38 - 2017-09-08 11:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 18:38 - 2017-09-08 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 18:38 - 2017-09-08 11:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 18:38 - 2017-09-08 11:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 18:38 - 2017-09-08 11:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 18:38 - 2017-09-08 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 18:38 - 2017-09-08 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 18:38 - 2017-09-08 11:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 18:38 - 2017-09-08 11:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 18:38 - 2017-09-08 11:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 18:38 - 2017-09-08 11:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 18:38 - 2017-09-08 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 18:38 - 2017-09-08 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 18:38 - 2017-09-08 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 18:38 - 2017-09-08 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 18:38 - 2017-09-08 10:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 18:38 - 2017-09-08 10:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 18:38 - 2017-09-08 10:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 18:38 - 2017-09-07 11:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 18:38 - 2017-09-07 11:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 18:38 - 2017-09-07 10:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 18:38 - 2017-09-07 10:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 18:38 - 2017-09-07 10:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 18:38 - 2017-08-19 11:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 18:38 - 2017-08-19 11:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 18:38 - 2017-08-19 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 18:38 - 2017-08-19 11:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-10 18:38 - 2017-08-19 11:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-10 18:38 - 2017-08-19 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-10 18:38 - 2017-08-19 11:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 18:38 - 2017-08-19 11:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 18:38 - 2017-08-19 10:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-10 18:38 - 2017-08-19 10:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-10 18:38 - 2017-08-14 13:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 18:38 - 2017-08-14 13:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-10 18:38 - 2017-08-14 13:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 18:38 - 2017-08-13 17:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-08 16:38 - 2017-10-08 16:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 20:22 - 2017-02-14 23:45 - 000000000 ____D C:\FRST
2017-11-01 20:21 - 2009-07-14 00:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-01 20:21 - 2009-07-14 00:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-01 19:11 - 2016-11-17 23:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-01 19:07 - 2016-11-18 16:25 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-11-01 17:46 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-01 17:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-11-01 17:05 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-01 08:50 - 2014-04-23 16:08 - 000166324 _____ C:\Users\Owner\Documents\BUDGET-INVESTMENTS-SAVINGS.ods
2017-11-01 08:42 - 2014-03-31 09:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-30 23:00 - 2017-02-24 18:13 - 000000000 ____D C:\PHP
2017-10-30 22:47 - 2015-05-21 19:34 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-30 19:08 - 2015-07-18 14:58 - 000000000 ____D C:\Users\Owner\AppData\Roaming\avidemux
2017-10-30 11:38 - 2017-05-31 16:30 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-10-30 11:07 - 2014-04-23 16:09 - 000000000 ____D C:\Users\Owner\Documents\Todd
2017-10-29 17:37 - 2014-04-24 13:12 - 000046133 _____ C:\Users\Owner\Documents\VIRGINIA BANK CHECKBOOK 20140405.ods
2017-10-29 17:21 - 2016-01-22 16:49 - 000012288 _____ C:\Users\Owner\Documents\CHURCH COMMUNITY DONATIONS NOT TITHE OFFERINGS 2016.xls
2017-10-27 16:42 - 2016-01-21 22:05 - 000001713 _____ C:\Users\Owner\AppData\Roaming\hidewin.cfg
2017-10-18 11:46 - 2014-05-13 16:22 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-10-18 11:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-13 10:30 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-10-12 17:34 - 2009-07-14 01:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-10 19:06 - 2009-07-14 00:45 - 000311408 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-10 18:58 - 2014-03-31 10:28 - 000000000 ____D C:\Windows\system32\MRT
2017-10-10 18:52 - 2014-03-31 10:28 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-10 18:50 - 2014-03-31 09:50 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-01-21 22:05 - 2017-10-27 16:42 - 000001713 _____ () C:\Users\Owner\AppData\Roaming\hidewin.cfg
2014-05-18 18:42 - 2016-10-15 00:10 - 000019456 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-03-21 22:42 - 2017-05-12 14:24 - 001732864 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-30 17:19

==================== End of FRST.txt ============================
Reply With Quote
  #5  
Old November 3rd, 2017, 11:29 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Hi Jeff_L,

Please uninstall with Revo Uninstaller
Java 7 Update 11
Adobe Reader XI
Adobe Shockwave Player

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Ask com
spigot
My News Wire
Easy Online Game Access Toolbar
Easy Transit Guide

And PC restart.
================================================== ==

Disable Amazon Cloud Player and Skype from startup.

================================================== ===
Please do the following.

Step1:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Have a nice day.
Reply With Quote
  #6  
Old November 4th, 2017, 01:19 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 04 00:16:20 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Owner\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKU\S-1-5-21-66518619-1978167420-2704880220-1000\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Deleted: [Key] - HKU\S-1-5-21-66518619-1978167420-2704880220-1000\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Search Extension by Ask -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4964 B] - [2017/3/29 23:25:29]
C:/AdwCleaner/AdwCleaner[S0].txt - [5371 B] - [2017/2/26 20:53:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [4743 B] - [2017/3/29 23:24:40]
C:/AdwCleaner/AdwCleaner[S2].txt - [2859 B] - [2017/11/4 0:15:37]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
Reply With Quote
  #7  
Old November 4th, 2017, 01:28 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Owner (Administrator) on Fri 11/03/2017 at 20:22:09.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




File System: 50

Successfully deleted: C:\ProgramData\Start Menu\Programs\premium technical support (Folder)
Successfully deleted: C:\Users\Public\Desktop\premium technical support.lnk (Shortcut)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\031U8YSV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\0LCG51OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\3O41GVWM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\3QVROGRC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5015E2IR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5DYR5HZB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\6C81LJQP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\F22JN8IC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\F53BXAL2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\GNFELQ81 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\JLAHNXEP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\JQL6GGPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\JXRXZF7L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\K9CZDHCT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MNVVFWPG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\NMF3UYJB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\VCPHTSCK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\WD6LAZ23 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\XI91LUJ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\ZZ2V0OYK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\031U8YSV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LCG51OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O41GVWM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3QVROGRC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\5015E2IR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DYR5HZB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C81LJQP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\F22JN8IC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\F53BXAL2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNFELQ81 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLAHNXEP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQL6GGPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXRXZF7L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9CZDHCT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNVVFWPG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMF3UYJB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCPHTSCK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD6LAZ23 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI91LUJ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ2V0OYK (Temporary Internet Files Folder)

user_pref(browser.urlbar.suggest.searches, false);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Fri 11/03/2017 at 20:25:56.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Reply With Quote
  #8  
Old November 4th, 2017, 11:47 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Thanks Jeff_L,
Did you uninstall all softwares, i say?
---
Please do this also,

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed.

Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.

--------------------------------
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-3.2.2.2029.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please pos
Have a nice day.
Reply With Quote
  #9  
Old November 5th, 2017, 12:07 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Hi olgun52,

When I ran ComboFix, it said I still have AVG running. I cannot figure out how to stop this. I would like to completely remove AVG. I have downloaded AVG Remover, but that has not worked.

Thanks,
Jeff
Reply With Quote
  #10  
Old November 5th, 2017, 01:39 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Quote:
Originally Posted by Jeff_L View Post
Hi olgun52,

When I ran ComboFix, it said I still have AVG running. I cannot figure out how to stop this. I would like to completely remove AVG. I have downloaded AVG Remover, but that has not worked.

Thanks,
Jeff
You do not need to uninstall AVG.

How to Disable AVG Components
https://support.avg.com/SupportArtic...pportType=home
Reply With Quote
  #11  
Old November 5th, 2017, 06:11 PM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
ComboFix 17-10-17.01 - Owner 11/05/2017 11:59:58.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3932.2343 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2017-10-05 to 2017-11-05 )))))))))))))))))))))))))))))))
.
.
2017-11-05 17:08 . 2017-11-05 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-04 00:12 . 2017-11-04 00:12 -------- d-----w- c:\windows\system32\appmgmt
2017-11-03 23:37 . 2017-11-03 23:37 -------- d-----w- c:\program files\VS Revo Group
2017-10-30 23:38 . 2017-10-30 23:38 18896 ----a-w- c:\program files (x86)\Mozilla Firefox\qipcap64.dll
2017-10-10 22:52 . 2017-10-10 22:52 126925120 -c--a-w- c:\windows\system32\MRT-KB890830.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-10-10 22:52 . 2014-03-31 14:28 126925120 -c--a-w- c:\windows\system32\MRT.exe
2017-09-20 23:44 . 2014-03-31 13:56 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-09-20 23:44 . 2014-03-31 13:56 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-09-13 15:08 . 2017-10-10 22:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-08-19 15:28 . 2017-09-12 19:38 197120 ----a-w- c:\windows\system32\shdocvw.dll
2017-08-16 15:29 . 2017-09-12 19:38 806912 ----a-w- c:\windows\system32\usp10.dll
2017-08-16 15:10 . 2017-09-12 19:38 629760 ----a-w- c:\windows\SysWow64\usp10.dll
2017-08-15 15:29 . 2017-09-12 19:38 14182400 ----a-w- c:\windows\system32\shell32.dll
2017-08-15 15:29 . 2017-09-12 19:38 1867264 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-15 15:10 . 2017-09-12 19:38 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2017-08-14 17:35 . 2017-09-12 19:38 2150912 ----a-w- c:\windows\SysWow64\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-12 19:38 303104 ----a-w- c:\windows\SysWow64\mmcbase.dll
2017-08-14 17:35 . 2017-09-12 19:38 128512 ----a-w- c:\windows\SysWow64\mmcshext.dll
2017-08-14 17:35 . 2017-09-12 19:38 172544 ----a-w- c:\windows\SysWow64\cic.dll
2017-08-14 17:35 . 2017-09-12 19:38 3203584 ----a-w- c:\windows\system32\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-12 19:38 355328 ----a-w- c:\windows\system32\mmcbase.dll
2017-08-14 17:35 . 2017-09-12 19:38 131072 ----a-w- c:\windows\system32\mmcshext.dll
2017-08-14 17:34 . 2017-09-12 19:38 211968 ----a-w- c:\windows\system32\cic.dll
2017-08-13 21:37 . 2017-09-12 19:38 2144256 ----a-w- c:\windows\system32\mmc.exe
2017-08-13 21:30 . 2017-09-12 19:38 1401344 ----a-w- c:\windows\SysWow64\mmc.exe
2017-08-11 06:35 . 2017-09-12 19:38 757248 ----a-w- c:\windows\system32\win32spl.dll
2017-08-11 06:35 . 2017-09-12 19:38 313856 ----a-w- c:\windows\system32\Wldap32.dll
2017-08-11 06:35 . 2017-09-12 19:38 25600 ----a-w- c:\windows\system32\winnsi.dll
2017-08-11 06:35 . 2017-09-12 19:38 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-08-11 06:35 . 2017-09-12 19:38 346112 ----a-w- c:\windows\system32\ntprint.dll
2017-08-11 06:35 . 2017-09-12 19:38 26112 ----a-w- c:\windows\system32\nsisvc.dll
2017-08-11 06:35 . 2017-09-12 19:38 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-08-11 06:35 . 2017-09-12 19:38 13312 ----a-w- c:\windows\system32\nsi.dll
2017-08-11 06:35 . 2017-09-12 19:38 26112 ----a-w- c:\windows\system32\oleres.dll
2017-08-11 06:34 . 2017-09-12 19:38 971776 ----a-w- c:\windows\system32\localspl.dll
2017-08-11 06:34 . 2017-09-12 19:38 166400 ----a-w- c:\windows\system32\inetpp.dll
2017-08-11 06:34 . 2017-09-12 19:38 22528 ----a-w- c:\windows\system32\inetppui.dll
2017-08-11 06:34 . 2017-09-12 19:38 8704 ----a-w- c:\windows\system32\comcat.dll
2017-08-11 06:20 . 2017-09-12 19:38 71680 ----a-w- c:\windows\system32\PrintBrmUi.exe
2017-08-11 06:20 . 2017-09-12 19:38 48640 ----a-w- c:\windows\system32\wpnpinst.exe
2017-08-11 06:20 . 2017-09-12 19:38 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-08-11 06:19 . 2017-09-12 19:38 497664 ----a-w- c:\windows\SysWow64\win32spl.dll
2017-08-11 06:19 . 2017-09-12 19:38 271360 ----a-w- c:\windows\SysWow64\Wldap32.dll
2017-08-11 06:19 . 2017-09-12 19:38 16384 ----a-w- c:\windows\SysWow64\winnsi.dll
2017-08-11 06:19 . 2017-09-12 19:38 8704 ----a-w- c:\windows\SysWow64\nsi.dll
2017-08-11 06:19 . 2017-09-12 19:38 299008 ----a-w- c:\windows\SysWow64\ntprint.dll
2017-08-11 06:19 . 2017-09-12 19:38 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-08-11 06:19 . 2017-09-12 19:38 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-08-11 06:12 . 2017-09-12 19:38 25088 ----a-w- c:\windows\system32\netbtugc.exe
2017-08-11 06:09 . 2017-09-12 19:38 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
2017-08-11 06:03 . 2017-09-12 19:38 26624 ----a-w- c:\windows\SysWow64\netbtugc.exe
2017-08-11 06:01 . 2017-09-12 19:38 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-08-11 06:00 . 2017-09-12 19:38 262656 ----a-w- c:\windows\system32\drivers\netbt.sys
2017-08-11 05:58 . 2017-09-12 19:38 26112 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 2310_00;2310_00;c:\windows\system32\drivers\2310_0 0.sys;c:\windows\SYSNATIVE\drivers\2310_00.sys [x]
R3 272x_1x;272x_1x;c:\windows\system32\drivers\272x_1 x.sys;c:\windows\SYSNATIVE\drivers\272x_1x.sys [x]
R3 274x_3x;274x_3x;c:\windows\system32\drivers\274x_3 x.sys;c:\windows\SYSNATIVE\drivers\274x_3x.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahci x64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_ sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
R3 arcm_a64;arcm_a64;c:\windows\system32\drivers\arcm _a64.sys;c:\windows\SYSNATIVE\drivers\arcm_a64.sys [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asah ci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system3 2\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVER S\lvbflt64.sys [x]
R3 DC133;DC133;c:\windows\system32\drivers\DC133.sys; c:\windows\SYSNATIVE\drivers\DC133.sys [x]
R3 DC150;DC150;c:\windows\system32\drivers\DC150.sys; c:\windows\SYSNATIVE\drivers\DC150.sys [x]
R3 DC154;DC154;c:\windows\system32\drivers\DC154.sys; c:\windows\SYSNATIVE\drivers\DC154.sys [x]
R3 DC300e;DC300e;c:\windows\system32\drivers\DC300e.s ys;c:\windows\SYSNATIVE\drivers\DC300e.sys [x]
R3 DC324e;DC324e;c:\windows\system32\drivers\DC324e.s ys;c:\windows\SYSNATIVE\drivers\DC324e.sys [x]
R3 DC4300;DC4300;c:\windows\system32\drivers\DC4300.s ys;c:\windows\SYSNATIVE\drivers\DC4300.sys [x]
R3 DC600e;DC600e;c:\windows\system32\drivers\DC600e.s ys;c:\windows\SYSNATIVE\drivers\DC600e.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys; c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\ DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgen t64.SYS [x]
R3 hptiop;hptiop;c:\windows\system32\drivers\hptiop.s ys;c:\windows\SYSNATIVE\drivers\hptiop.sys [x]
R3 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys; c:\windows\SYSNATIVE\drivers\hptmv.sys [x]
R3 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.s ys;c:\windows\SYSNATIVE\drivers\hptmv6.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStor A.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStor S.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\w indows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C615(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys; c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 megasas2;megasas2;c:\windows\system32\drivers\mega sas2.sys;c:\windows\SYSNATIVE\drivers\megasas2.sys [x]
R3 megasr1;megasr1;c:\windows\system32\drivers\MegaSR 1.sys;c:\windows\SYSNATIVE\drivers\MegaSR1.sys [x]
R3 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91 cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys; c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Pnp680;Pnp680;c:\windows\system32\drivers\pnp680.s ys;c:\windows\SYSNATIVE\drivers\pnp680.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 rr172x;rr172x;c:\windows\system32\drivers\rr172x.s ys;c:\windows\SYSNATIVE\drivers\rr172x.sys [x]
R3 rr174x;rr174x;c:\windows\system32\drivers\rr174x.s ys;c:\windows\SYSNATIVE\drivers\rr174x.sys [x]
R3 rr2210;rr2210;c:\windows\system32\drivers\rr2210.s ys;c:\windows\SYSNATIVE\drivers\rr2210.sys [x]
R3 rr232x;rr232x;c:\windows\system32\drivers\rr232x.s ys;c:\windows\SYSNATIVE\drivers\rr232x.sys [x]
R3 rr2340;rr2340;c:\windows\system32\drivers\rr2340.s ys;c:\windows\SYSNATIVE\drivers\rr2340.sys [x]
R3 rr2522;rr2522;c:\windows\system32\drivers\rr2522.s ys;c:\windows\SYSNATIVE\drivers\rr2522.sys [x]
R3 rr276x;rr276x;c:\windows\system32\drivers\rr276x.s ys;c:\windows\SYSNATIVE\drivers\rr276x.sys [x]
R3 rr278x;rr278x;c:\windows\system32\drivers\rr278x.s ys;c:\windows\SYSNATIVE\drivers\rr278x.sys [x]
R3 rr62x;rr62x;c:\windows\system32\drivers\rr62x.sys; c:\windows\SYSNATIVE\drivers\rr62x.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\drivers\SI3112 r.sys;c:\windows\SYSNATIVE\drivers\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\drivers\SI3114.s ys;c:\windows\SYSNATIVE\drivers\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\drivers\SI3124.s ys;c:\windows\SYSNATIVE\drivers\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si31 24r5.sys;c:\windows\SYSNATIVE\drivers\Si3124r5.sys [x]
R3 Si3531;Si3531;c:\windows\system32\drivers\Si3531.s ys;c:\windows\SYSNATIVE\drivers\Si3531.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c: \windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 viamrx64;viamrx64;c:\windows\system32\drivers\viam rx64.sys;c:\windows\SYSNATIVE\drivers\viamrx64.sys [x]
R3 videX64;videX64;c:\windows\system32\drivers\videX6 4.sys;c:\windows\SYSNATIVE\drivers\videX64.sys [x]
R3 vmci;vmci;c:\windows\system32\drivers\vmci.sys;c:\ windows\SYSNATIVE\drivers\vmci.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_ xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 DC3410;DC3410;c:\windows\system32\drivers\DC3410.s ys;c:\windows\SYSNATIVE\drivers\DC3410.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStor F.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfiltx64.sys;c: \windows\SYSNATIVE\drivers\xfiltx64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows \SYSNATIVE\svchost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\wind ows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys; c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-02-11 417304]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-05-21 111640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://foxnews.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\d2cmo1os.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _27_0_0_130.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.27"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _27_0_0_130.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _27_0_0_130.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _27_0_0_130.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-05 12:10:00
ComboFix-quarantined-files.txt 2017-11-05 17:10
.
Pre-Run: 51,503,312,896 bytes free
Post-Run: 55,520,169,984 bytes free
.
- - End Of File - - A877BD5E564F95736DDD8622F98F9A4E
A36C5E4F47E84449FF07ED3517B43A31
Reply With Quote
  #12  
Old November 5th, 2017, 07:29 PM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/5/17
Scan Time: 12:17 PM
Log File: 30361c84-c24d-11e7-bc95-842b2b97b4bd.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3182
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DELL18\Owner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329010
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 7 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-66518619-1978167420-2704880220-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B1A75C4E-4778-402B-A87D-34E7242F87BC}, Quarantined, [1973], [368913],1.0.3182

Registry Value: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-66518619-1978167420-2704880220-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B1A75C4E-4778-402B-A87D-34E7242F87BC}|URL, Quarantined, [1973], [368913],1.0.3182

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
Reply With Quote
  #13  
Old November 6th, 2017, 01:54 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Greetings Jeff_L,

Are there any problems on your scanners ?

--------------------------------------------------

Scan with ESET Online Scanner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Don't forget to re-enable previously switched-off protection software!
Reply With Quote
  #14  
Old November 8th, 2017, 05:26 AM
Jeff_L Jeff_L is offline
New Member
 
Join Date: Oct 2017
Posts: 13
Hello olgun52,

I ran the ESET Online Scan. It said no threats were found.
Reply With Quote
  #15  
Old November 10th, 2017, 10:49 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 7 32-bit
Location: İstanbul
Posts: 1,742
Hi Jeff_L,
Sorry for the delay.

Please do this following.

Browser Reset

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Proceed with the reset once done.
================================================== =====
Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 151
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit) and save the file.
  • Close any programs you may have running - especially your web browser.
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
================================================== ===============================
Your Adobe Acrobat Reader DC is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Acrobat Reader DC to your PC's desktop.
  • Uninstall Adobe reader via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.
Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

================================================== ========================
Update Adobe Flash Player

Please update your Adobe Flash Player to the latest version

  • Open İnternet Explorer Browser
  • Download Adobe Flash Player here and save it to your desktop.
  • Do not accept the Optional offers
  • Uncheck "Yes, install McAfee Security Scan Plus + True Key™ by Intel Security- optional"
  • Close any open browsers
  • Double click on the icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"
İmportant Note: Please read. Only this is for the detailed information
Adobe releases the Flash Player 21.0.0.213 emergency update to resolve Critical Vulnerabilities
http://www.bleepingcomputer.com/news...lnerabilities/
================================================== ==================================
Adobe Shockwave Player update:
Adobe Shockwave Player Version 12.2.4.194 download from here and install.

================================================== =

How is your PC behaving now?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:12 PM.