MissMary Posted March 16, 2016 Report Share Posted March 16, 2016 Computer running very slow, need to restart frequently to make computer work. Unable to install updates from virus protection I have purchased. Link to post Share on other sites
flashh4 Posted March 16, 2016 Report Share Posted March 16, 2016 Howdy MissMary and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download adwcleaner by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !! NEXT Download Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/ Click the FREE version !! * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab. * Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper Scan Next click the Scan button. When the scan is complete, if no malicious items are found you can close the program. If malicious items are found be sure that everything is checked, and click Quarantine . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Post for me to review: 1. AdwCleaner log 2. JRT log 3. Malwarebytes log Work on these as time permits you !! Thanks Chuck Link to post Share on other sites
MissMary Posted March 16, 2016 Author Report Share Posted March 16, 2016 AdwCleaner v5.102 - Logfile created 16/03/2016 at 13:35:21 # Updated 13/03/2016 by Xplode # Database : 2016-03-14.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Mary - MARY-PC # Running from : C:\Users\Mary\Downloads\adwcleaner_5.102(1).exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\apn ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}] [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} [-] Key Deleted : HKCU\Software\DesktopDockApp [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnTBMon ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed :: Winsock settings cleared ************************* C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2945 bytes] - [16/03/2016 13:35:21] C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2982 bytes] - [16/03/2016 13:28:40] ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3131 bytes] ########## Link to post Share on other sites
flashh4 Posted March 16, 2016 Report Share Posted March 16, 2016 Mary, nothing real serious so far a bunch of junk that needed to go !!! Thanks Chuck Link to post Share on other sites
MissMary Posted March 16, 2016 Author Report Share Posted March 16, 2016 kware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Home Premium x64 Ran by Mary (Administrator) on Wed 03/16/2016 at 14:08:06.75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 23 Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 03/16/2016 at 14:10:07.72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted March 16, 2016 Report Share Posted March 16, 2016 Good job so far ! It's starting to clean up good ! What made you think it was infected with a virus ?? We have more to do so it will show up if you do !! Either way it did need a good cleaning ! Thanks Chuck Link to post Share on other sites
MissMary Posted March 16, 2016 Author Report Share Posted March 16, 2016 I believe I have a virus as it has slowed down so much and I am not able to do updates of my virus protection. This is what it did when infected a little over a year ago. Link to post Share on other sites
flashh4 Posted March 16, 2016 Report Share Posted March 16, 2016 Mary, If you have a virus i will find it ! But it never hurts to clean a computer every 6 months so it does not slow down ! When you get time get me the Malwarebytes Log please ! Chuck Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Mary after you get me the Malwarebytes log run this program below also & post the logs !! Download DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic. Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead. Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com Thanks Chuck Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Morning Mary, To find Malwarebytes log ! Open Malwarebytes Icon on your desk top, DO NOT run the scan !!! Click "History" and "Delete All" !! Click "Applicattion Logs" ............ Click "Scan Log" .......... click "Export" ...... Click "text file" (*.txt) name it "MBAM" ..... Save ..... click "Open" !! The DDS log should of pop-ed up like the other programs ! Are the on your desk top, if not run the program again ? Thanks Chuck Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Post the DDS logs next Mary !! Thanks Chuck Link to post Share on other sites
MissMary Posted March 17, 2016 Author Report Share Posted March 17, 2016 unkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Home Premium x64 Ran by Mary (Administrator) on Wed 03/16/2016 at 14:08:06.75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 23 Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 03/16/2016 at 14:10:07.72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Mary that is the log from Junkware Removal tool you posted yesterday ! Try to get me a DDS Log please ! It's ok, i know you worked late last night ! Thank You Chuck Link to post Share on other sites
MissMary Posted March 17, 2016 Author Report Share Posted March 17, 2016 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 11.45.2 Run by Mary at 13:12:28 on 2016-03-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3984.1348 [GMT -5:00] . AV: ZoneAlarm Extreme Security Antivirus *Enabled/Outdated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9} AV: AVG AntiVirus 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Outdated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} FW: ZoneAlarm Extreme Security Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} . ============== Running Processes =============== . c:\PROGRA~2\AVG\AVG2015\avgrsa.exe C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Windows\System32\svchost.exe -k utcsvc c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe C:\Program Files (x86)\AVG\AVG2015\avgemca.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe C:\Windows\system32\GWX\GWX.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll uRun: [SmileboxTray] "C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe" mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe" C:\Program Files (x86)\AVG\AVG2015\avgui.exe mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: DisableCAD = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.2.1 TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}\2656C6B696E6E2168356E2765756374737 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}\2656C6B696E6E2733383E2765756374737 : DHCPNameServer = 192.168.169.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1 x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\v2bmvnc9.default-1456672828127\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2016-1-13 299440] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2016-1-22 255920] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928] R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-14 644968] R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-14 28008] R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-14 20464] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-12-16 315312] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-12-16 296368] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-8-4 300464] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-1-14 98208] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2014-10-28 322176] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2016-2-4 3646888] R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-2-18 1045928] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2016-2-4 335656] R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720] R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-14 169432] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-3-16 1513784] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-3-16 1135416] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-1-14 246488] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2014-1-14 1911312] R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2016-2-15 4364200] R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-14 368624] R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-14 790000] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-3-16 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-3-16 192216] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-3-16 63704] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-1-14 326368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-14 872152] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-1-14 34544] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2016-2-15 32304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112] S2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;"C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe" --> C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [?] S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-1-30 23760] S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-1-30 23312] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-1-14 57856] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688] S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-14 452088] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232] S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2014-1-14 30448] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-9 1255736] S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2016-03-16 19:26:35 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-03-16 19:24:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-03-16 19:24:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-03-16 19:24:51 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-03-16 19:24:51 -------- d-----w- C:\ProgramData\Malwarebytes 2016-03-16 19:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-16 18:28:08 -------- d-----w- C:\Program Files (x86)\AdwCleaner 2016-03-09 18:43:34 5572032 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-03-09 18:42:55 381440 ----a-w- C:\Windows\System32\mfds.dll 2016-02-21 05:13:09 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDBX.DLL 2016-02-21 05:13:09 101888 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPBX.DLL 2016-02-21 05:12:58 391168 ----a-w- C:\Windows\System32\CNMLMBX.DLL 2016-02-21 05:11:27 367104 ----a-w- C:\Windows\System32\CNC_BXL.dll 2016-02-21 05:11:27 282624 ----a-w- C:\Windows\System32\CNC_BXC.dll 2016-02-21 05:11:27 106496 ----a-w- C:\Windows\System32\CNC_BXI.dll 2016-02-21 04:59:18 98816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAQ.DLL 2016-02-21 04:59:18 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAQ.DLL 2016-02-21 04:59:02 385536 ----a-w- C:\Windows\System32\CNMLMAQ.DLL 2016-02-21 04:47:19 373248 ----a-w- C:\Windows\System32\CNC_AQL.dll 2016-02-21 04:47:19 323584 ----a-w- C:\Windows\SysWow64\CNC_AQL.dll 2016-02-21 04:47:19 302080 ----a-w- C:\Windows\System32\CNC_AQC.dll 2016-02-21 04:47:19 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll 2016-02-21 04:47:19 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2016-02-21 04:47:19 114688 ----a-w- C:\Windows\SysWow64\CNC_AQU.dll 2016-02-21 04:47:19 112128 ----a-w- C:\Windows\System32\CNC_AQI.dll 2016-02-17 05:34:05 37288 ----a-w- C:\Windows\System32\authuitu.dll 2016-02-17 05:34:05 32680 ----a-w- C:\Windows\SysWow64\authuitu.dll 2016-02-17 05:34:02 48552 ----a-w- C:\Windows\System32\uxtuneup.dll 2016-02-17 05:34:02 42408 ----a-w- C:\Windows\SysWow64\uxtuneup.dll . ==================== Find3M ==================== . 2016-03-10 20:24:17 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2016-03-10 20:24:17 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2016-02-19 19:02:43 38336 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2016-02-19 18:54:11 1168896 ----a-w- C:\Windows\System32\aeinv.dll 2016-02-19 14:07:35 1373184 ----a-w- C:\Windows\System32\appraiser.dll 2016-02-15 16:36:22 45992 ----a-w- C:\Windows\System32\TURegOpt.exe 2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll 2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll 2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll 2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll 2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe 2016-02-12 18:18:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll 2016-02-12 18:05:17 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll 2016-02-12 18:05:13 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe 2016-02-11 18:56:26 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-02-11 18:56:26 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-02-11 18:52:52 1733592 ----a-w- C:\Windows\System32\ntdll.dll 2016-02-11 18:49:42 362496 ----a-w- C:\Windows\System32\wow64win.dll 2016-02-11 18:49:42 243712 ----a-w- C:\Windows\System32\wow64.dll 2016-02-11 18:49:42 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2016-02-11 18:49:24 215040 ----a-w- C:\Windows\System32\winsrv.dll 2016-02-11 18:49:19 210432 ----a-w- C:\Windows\System32\wdigest.dll 2016-02-11 18:49:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll 2016-02-11 18:49:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2016-02-11 18:49:00 135680 ----a-w- C:\Windows\System32\sspicli.dll 2016-02-11 18:48:58 503808 ----a-w- C:\Windows\System32\srcore.dll 2016-02-11 18:48:58 50176 ----a-w- C:\Windows\System32\srclient.dll 2016-02-11 18:48:16 28160 ----a-w- C:\Windows\System32\secur32.dll 2016-02-11 18:48:14 344064 ----a-w- C:\Windows\System32\schannel.dll 2016-02-11 18:48:12 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll 2016-02-11 18:47:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2016-02-11 18:45:59 312320 ----a-w- C:\Windows\System32\ncrypt.dll 2016-02-11 18:45:56 315392 ----a-w- C:\Windows\System32\msv1_0.dll 2016-02-11 18:45:51 60416 ----a-w- C:\Windows\System32\msobjs.dll 2016-02-11 18:45:35 146432 ----a-w- C:\Windows\System32\msaudite.dll 2016-02-11 18:44:45 3994560 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2016-02-11 18:44:45 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2016-02-11 18:44:42 1461248 ----a-w- C:\Windows\System32\lsasrv.dll 2016-02-11 18:44:34 730112 ----a-w- C:\Windows\System32\kerberos.dll 2016-02-11 18:44:34 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2016-02-11 18:42:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2016-02-11 18:42:24 43520 ----a-w- C:\Windows\System32\cryptbase.dll 2016-02-11 18:42:24 22016 ----a-w- C:\Windows\System32\credssp.dll 2016-02-11 18:38:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2016-02-11 18:38:24 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2016-02-11 18:38:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2016-02-11 18:38:23 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2016-02-11 18:38:07 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll 2016-02-11 18:38:00 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2016-02-11 18:37:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2016-02-11 18:37:11 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2016-02-11 18:37:09 251392 ----a-w- C:\Windows\SysWow64\schannel.dll 2016-02-11 18:35:14 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2016-02-11 18:35:09 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2016-02-11 18:35:06 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll 2016-02-11 18:34:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll 2016-02-11 18:33:30 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll 2016-02-11 18:31:25 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2016-02-11 17:48:11 64000 ----a-w- C:\Windows\System32\auditpol.exe 2016-02-11 17:43:48 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2016-02-11 17:41:42 338432 ----a-w- C:\Windows\System32\conhost.exe 2016-02-11 17:40:09 296960 ----a-w- C:\Windows\System32\rstrui.exe 2016-02-11 17:34:45 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-02-11 17:34:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-02-11 17:33:54 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-02-11 17:32:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2016-02-11 17:32:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2016-02-11 17:32:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2016-02-11 17:32:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2016-02-11 17:32:25 30720 ----a-w- C:\Windows\System32\lsass.exe 2016-02-11 17:32:18 112640 ----a-w- C:\Windows\System32\smss.exe 2016-02-11 17:31:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll 2016-02-11 17:30:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2016-02-11 17:30:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-11 17:30:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-11 17:30:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2016-02-11 14:07:46 689152 ----a-w- C:\Windows\System32\generaltel.dll 2016-02-09 09:57:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\msdxm.ocx 2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\dxmasf.dll 2016-02-09 09:55:34 30720 ----a-w- C:\Windows\System32\seclogon.dll 2016-02-09 09:54:38 9728 ----a-w- C:\Windows\System32\spwmp.dll 2016-02-09 09:51:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx 2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll 2016-02-09 09:13:10 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll 2016-02-08 20:51:13 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2016-02-08 20:39:06 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll 2016-02-08 20:39:06 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll 2016-02-08 20:38:29 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2016-02-08 20:38:20 341504 ----a-w- C:\Windows\SysWow64\html.iec 2016-02-08 20:37:31 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2016-02-08 20:28:52 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2016-02-08 20:28:32 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2016-02-08 20:16:21 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2016-02-08 20:10:37 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll 2016-02-08 20:01:48 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2016-02-08 20:01:43 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2016-02-08 19:43:04 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll . ============= FINISH: 13:13:31.40 =============== DDS.txt Link to post Share on other sites
MissMary Posted March 17, 2016 Author Report Share Posted March 17, 2016 Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/4/2014 3:27:56 PM System Uptime: 3/17/2016 11:21:07 AM (2 hours ago) . Motherboard: Dell Inc. | | 0MJNYC Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz | U3E1 | 1683/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 444 GiB total, 366.996 GiB free. D: is CDROM () Y: is FIXED (NTFS) - 22 GiB total, 11.587 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{13B67E97-545B-41DC-AC44-6FEDE5FE6087}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{13B67E97-545B-41DC-AC44-6FEDE5FE6087}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{8855C1D2-9BFE-4B96-BCBF-CBB9682C76BD}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{8855C1D2-9BFE-4B96-BCBF-CBB9682C76BD}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000 Service: . ==== System Restore Points =================== . RP214: 2/26/2016 3:00:26 AM - Windows Update RP215: 3/5/2016 1:13:48 PM - Scheduled Checkpoint RP216: 3/10/2016 3:00:48 AM - Windows Update RP217: 3/14/2016 3:00:33 AM - Windows Update RP218: 3/16/2016 2:08:11 PM - JRT Pre-Junkware Removal . ==== Installed Programs ====================== . Adobe Flash Player 21 ActiveX Adobe Flash Player 21 NPAPI Adobe Reader XI (11.0.06) MUI Adobe Reader XI (11.0.15) Adobe Refresh Manager Amped Wireless High Power Wireless-N Pro USB Adapter Driver AVG 2015 AVG PC TuneUp Business Contact Manager for Microsoft Outlook 2010 Canon MG2100 series MP Drivers Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 Definition Update for Microsoft Office 2010 (KB3114887) 32-Bit Edition Dell Backup and Recovery Dell Backup and Recovery - Support Software Dell Edoc Viewer Dell Touchpad Dell WLAN and Bluetooth Client Installation FMW 1 Google Update Helper Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 8 Update 45 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware version 2.2.0.1024 Microsoft .NET Framework 4.6.1 Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) Movie Maker Mozilla Firefox 44.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Photo Common Photo Gallery Qualcomm Atheros Bluetooth Suite (64) Realtek Ethernet Controller All-In-One Windows Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) Security Update for Microsoft .NET Framework 4.6.1 (KB3136000) Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition Security Update for Microsoft Excel 2010 (KB3114759) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB3114883) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB3114396) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB3114402) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition Security Update for Microsoft Word 2010 (KB3114878) 32-Bit Edition Service Pack 1 for SQL Server 2008 (KB968369) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shared C Run-time for x64 Smilebox Sql Server Customer Experience Improvement Program Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition Update for Microsoft Office 2010 (KB3085512) 32-Bit Edition Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VisualRoute Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZoneAlarm Find My Laptop ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 3/17/2016 4:08:00 AM, Error: Service Control Manager [7000] - The ZoneAlarm AntiTheft service failed to start due to the following error: The system cannot find the file specified. 3/17/2016 11:40:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 3/16/2016 3:07:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 3/16/2016 3:07:42 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2016 3:07:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 3/16/2016 11:53:36 AM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0 The details view of this entry contains further information. 3/16/2016 1:36:17 PM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/16/2016 1:36:17 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure. 3/16/2016 1:36:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll 3/16/2016 1:35:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 3/16/2016 1:35:21 PM, Error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:21 PM, Error: Service Control Manager [7034] - The Office Source Engine service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:20 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:20 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:20 PM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/16/2016 1:35:20 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/16/2016 1:35:19 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:19 PM, Error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:19 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 3/16/2016 1:35:19 PM, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/16/2016 1:35:19 PM, Error: Service Control Manager [7031] - The AVG PC TuneUp Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 250 milliseconds: Restart the service. 3/16/2016 1:35:18 PM, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:18 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:18 PM, Error: Service Control Manager [7031] - The AVG Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/16/2016 1:35:17 PM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:17 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 3/16/2016 1:35:17 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/15/2016 1:48:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied. 3/10/2016 12:49:18 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. 3/10/2016 1:15:14 PM, Error: Service Control Manager [7024] - The TrueVector Internet Monitor service terminated with service-specific error The operation completed successfully.. . ==== End Of File =========================== Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Mary, thanks that was the logs i needed. I need you to go to Control Panel/ Uninstall Programs and remove/uninstall this >>> AVG PC TuneUp !! Let me know if you did this ?? NEXT Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below. http://www.bleepingcomputer.com/download/securitycheck/dl/123/ NEXT Download OldTimer to your desk top ! Links: http://www.majorgeeks.com/mg/get/otl_(oldtimers_list_it),1.html If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). * Double click OTL.exe to launch the program. * Check the following. o Scan all users. o Standard Output. o Lop check. o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList * Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). * When finished it will produce two logs. o OTL.txt (open on your desktop). o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. * Please post me both logs. This may have to be broken into more than one post ! Almost done hang in there a little longer, if you don't get this done before you go to work we will finish tomorrow !! Thanks Chuck Link to post Share on other sites
MissMary Posted March 17, 2016 Author Report Share Posted March 17, 2016 AVG Tuneup is uninstalled. Link to post Share on other sites
flashh4 Posted March 17, 2016 Report Share Posted March 17, 2016 Thanks Mary, now when ever you get time the Security Check & OTL logs please !! Chuck Link to post Share on other sites
MissMary Posted March 20, 2016 Author Report Share Posted March 20, 2016 Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ZoneAlarm Extreme Security Antivirus AVG AntiVirus 2015 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 45 Java version 32-bit out of Date! Adobe Flash Player 21.0.0.182 Adobe Reader XI Mozilla Firefox (45.0.1)````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes Anti-Malware mbamscheduler.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1%````````````````````End of Log`````````````````````` Link to post Share on other sites
MissMary Posted March 20, 2016 Author Report Share Posted March 20, 2016 OTL.Txt Extras.Txt Link to post Share on other sites
flashh4 Posted March 20, 2016 Report Share Posted March 20, 2016 OTL logfile created on: 3/20/2016 1:27:09 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18230) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.89 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.31% Memory free 7.78 Gb Paging File | 5.61 Gb Available in Paging File | 72.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.06 Gb Total Space | 366.48 Gb Free Space | 82.53% Space Free | Partition Type: NTFS Drive Y: | 21.67 Gb Total Space | 11.59 Gb Free Space | 53.48% Space Free | Partition Type: NTFS Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2016/03/20 01:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Downloads\OTL.exe PRC - [2016/03/19 10:31:01 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2016/03/10 15:24:17 | 003,446,976 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe PRC - [2016/02/04 17:51:04 | 003,646,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe PRC - [2016/02/04 17:48:08 | 003,795,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe PRC - [2016/02/04 17:41:40 | 000,335,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe PRC - [2016/02/04 17:39:42 | 000,436,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe PRC - [2015/12/14 00:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015/11/19 16:39:58 | 000,341,976 | ---- | M] (Smilebox, Inc.) -- C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/04/02 02:40:46 | 003,673,448 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2015/04/02 02:39:50 | 000,134,792 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013/09/05 11:02:16 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2013/08/30 22:18:16 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013/08/30 15:18:20 | 004,128,784 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe PRC - [2013/08/30 15:18:06 | 001,911,312 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe PRC - [2013/06/01 07:31:08 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013/06/01 07:31:06 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2016/03/10 15:41:59 | 001,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\7f9ec71afa900c872f939e54fa4e4d95\System.ServiceModel.Web.ni.dll MOD - [2016/03/10 15:41:54 | 000,516,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\98ac79296c7352c56a3af1ad4734031a\System.Net.Http.ni.dll MOD - [2016/03/10 15:41:53 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ef2e5e601d8fd0804e446172490c7da3\System.IdentityModel.ni.dll MOD - [2016/03/10 15:41:51 | 019,425,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\2a8713eedeaf6d6c00948d77ff3581ea\System.ServiceModel.ni.dll MOD - [2016/03/10 15:41:31 | 000,390,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8d7428e22cc38e3f9e767316ea20dbf8\System.Xml.Linq.ni.dll MOD - [2016/03/10 15:24:16 | 019,397,824 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll MOD - [2016/03/10 04:18:36 | 019,069,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9aff68eb3524d70dd775756cbd2635e9\PresentationFramework.ni.dll MOD - [2016/03/10 04:18:19 | 011,557,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\95b7e5d848244f4419f95388bdd1cee9\PresentationCore.ni.dll MOD - [2016/03/10 04:18:04 | 012,944,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d5e32df5d21eeb0f6fbf3d41ef612a60\System.Windows.Forms.ni.dll MOD - [2016/03/10 04:18:02 | 003,973,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\88f184ed14ba3012f0a1ed5b2738e3a4\WindowsBase.ni.dll MOD - [2016/03/10 04:17:59 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da4d29a50a176623f5153506820ec374\System.Configuration.ni.dll MOD - [2016/03/10 04:17:57 | 007,516,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\da179dca12c65389f0de319660361465\System.Core.ni.dll MOD - [2016/03/10 04:17:52 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\316017ca4449d37ac373dba24f8e5684\System.Xaml.ni.dll MOD - [2016/03/10 04:17:51 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\c45d576e325941bc8f78ec39950a88e3\PresentationFramework.Aero.ni.dll MOD - [2016/02/11 04:05:01 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cebdd889c7234fcae5cfb871a95e35a3\System.Drawing.ni.dll MOD - [2016/02/11 04:03:22 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ffcfe63b55aad9fa5f53c1d3794ddfc2\System.ServiceModel.Internals.ni.dll MOD - [2016/02/11 04:03:22 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\06c07175fe9e7bf18cd1c8d9f85614f3\SMDiagnostics.ni.dll MOD - [2016/02/11 04:03:21 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\37523c98ca4b37b2a6d189294e443202\System.Runtime.Serialization.ni.dll MOD - [2016/02/11 04:03:20 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a0ff5cf8fa18aa8b462fc3d07f25e8fc\System.Xml.ni.dll MOD - [2016/02/11 04:03:15 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ada1627a652c6c1e7e89f270d9e3b786\System.Management.ni.dll MOD - [2016/02/11 04:03:11 | 009,981,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0b980f1580b78efeb67af4884ae21c00\System.ni.dll MOD - [2016/02/10 12:36:53 | 018,120,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013/08/22 16:26:28 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll MOD - [2012/11/26 00:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll MOD - [2012/11/26 00:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Services (SafeList) ========== SRV - [2016/03/19 10:30:59 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2016/03/10 15:24:31 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/02/04 17:51:04 | 003,646,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent) SRV - [2016/02/04 17:41:40 | 000,335,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd) SRV - [2015/12/14 00:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015/11/05 21:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2015/04/02 02:40:46 | 003,673,448 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2014/10/28 01:34:02 | 000,322,176 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/09/05 01:01:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/08/30 15:18:06 | 001,911,312 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService) SRV - [2013/06/01 07:31:08 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013/06/01 07:31:06 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "US" FF - prefs.js..browser.search.region: "US" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/11/23 22:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions [2016/02/28 10:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\v2bmvnc9.default-1456672828127\extensions [2016/03/19 10:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000..\Run: [SmileboxTray] C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{167059b2-0d3d-11e5-a812-5435302b9362}\Shell - "" = AutoRun O33 - MountPoints2\{167059b2-0d3d-11e5-a812-5435302b9362}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O33 - MountPoints2\{28e62253-2187-11e5-8650-5435302b9362}\Shell - "" = AutoRun O33 - MountPoints2\{28e62253-2187-11e5-8650-5435302b9362}\Shell\AutoRun\command - "" = F:\VerizonWirelessUpgradeAssistantSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/03/20 01:17:44 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2016/03/19 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2016/03/17 14:30:02 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\GWX [2016/03/16 14:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2016/03/16 14:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2016/03/16 14:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2016/03/16 13:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdwCleaner [2016/03/09 13:44:38 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll [2016/03/09 13:44:38 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll [2016/03/09 13:44:38 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll [2016/03/09 13:44:38 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll [2016/03/09 13:44:38 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll [2016/03/09 13:44:38 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll [2016/03/09 13:44:38 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll [2016/03/09 13:44:37 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll [2016/03/09 13:44:37 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll [2016/03/09 13:44:37 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll [2016/03/09 13:44:37 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll [2016/03/09 13:44:37 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll [2016/03/09 13:44:37 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll [2016/03/09 13:44:37 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll [2016/03/09 13:44:37 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll [2016/03/09 13:44:37 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll [2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll [2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll [2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll [2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll [2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll [2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll [2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll [2016/03/09 13:44:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2016/03/09 13:44:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2016/03/09 13:44:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2016/03/09 13:44:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2016/03/09 13:44:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2016/03/09 13:44:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2016/03/09 13:44:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2016/03/09 13:44:16 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2016/03/09 13:44:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2016/03/09 13:44:15 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2016/03/09 13:44:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2016/03/09 13:44:13 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2016/03/09 13:44:13 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2016/03/09 13:44:13 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2016/03/09 13:44:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2016/03/09 13:44:12 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2016/03/09 13:44:12 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2016/03/09 13:44:10 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2016/03/09 13:44:10 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2016/03/09 13:44:09 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2016/03/09 13:44:09 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2016/03/09 13:44:09 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2016/03/09 13:43:30 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2016/03/09 13:43:29 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2016/03/09 13:43:19 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2016/03/09 13:43:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2016/03/09 13:43:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2016/03/09 13:43:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2016/03/09 13:43:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2016/03/09 13:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2016/03/09 13:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2016/03/09 13:43:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2016/03/09 13:43:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2016/03/09 13:43:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2016/03/09 13:43:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2016/03/09 13:43:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2016/03/09 13:43:15 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2016/03/09 13:43:15 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2016/03/09 13:43:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2016/03/09 13:43:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2016/03/09 13:42:55 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll [2016/03/09 13:42:54 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2016/03/09 13:42:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2016/03/09 13:42:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2016/03/09 13:42:49 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2016/03/09 13:42:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2016/03/09 13:42:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll [2016/03/09 13:42:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx [2016/03/09 13:42:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll [2016/02/28 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\Old Firefox Data [2016/02/20 23:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series [2016/02/20 23:59:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2016/02/20 23:47:19 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQL.dll [2016/02/20 23:47:19 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQU.dll [2016/02/20 23:47:19 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll [2016/02/20 17:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2016/02/20 17:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2 C:\Users\Mary\Documents\*.tmp files -> C:\Users\Mary\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/03/20 01:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016/03/20 01:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/03/20 01:16:22 | 3133,427,712 | -HS- | M] () -- C:\hiberfil.sys [2016/03/16 14:24:54 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/03/10 15:24:17 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016/03/10 15:24:17 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Users\Mary\Documents\*.tmp files -> C:\Users\Mary\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/03/16 14:24:54 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/02/20 23:47:19 | 000,063,744 | ---- | C] () -- C:\Windows\SysWow64\CNC1751D.TBL [2014/05/03 16:15:07 | 000,000,034 | ---- | C] () -- C:\Users\Mary\VisualRoute-Path [2014/04/22 13:47:19 | 000,019,049 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat [2014/04/22 11:37:02 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat [2014/04/22 11:37:02 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat [2014/04/22 11:37:02 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat [2014/01/14 19:44:21 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 01:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 01:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015/11/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG [2015/06/23 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2015/11/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG [2015/06/23 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2016/02/17 00:34:06 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG [2015/06/22 07:44:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG2015 [2014/04/22 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\CheckPoint [2014/03/04 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Leadertech [2014/06/06 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\MailFrontier [2014/04/08 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\OpenOffice [2014/03/08 15:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\PCDr [2015/11/30 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Smilebox [2015/05/24 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\TuneUp Software [2014/10/01 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Link to post Share on other sites
flashh4 Posted March 20, 2016 Report Share Posted March 20, 2016 OTL Extras logfile created on: 3/20/2016 1:27:10 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18230) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.89 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.31% Memory free 7.78 Gb Paging File | 5.61 Gb Available in Paging File | 72.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.06 Gb Total Space | 366.48 Gb Free Space | 82.53% Space Free | Partition Type: NTFS Drive Y: | 21.67 Gb Total Space | 11.59 Gb Free Space | 53.48% Space Free | Partition Type: NTFS Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{007996A6-C570-4C9E-BCC2-0714D11BF6DD}" = lport=137 | protocol=17 | dir=in | app=system | "{0165F5FE-C1C2-43F5-AEF1-82E936231DB7}" = lport=138 | protocol=17 | dir=in | app=system | "{02A214C2-2DA5-4BA7-9914-C6917FF3E151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{039B1928-FF16-4CA7-8852-F502EDCAA5B6}" = lport=139 | protocol=6 | dir=in | app=system | "{08620A6A-3086-4569-932B-74A6837F67C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BDFB379-2FDC-4138-8BC5-A1FCB3527442}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A843DE5-BF8E-428C-849D-97F9B6910899}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2651E1DD-E07F-4035-8896-F4ABD5A7CA12}" = rport=137 | protocol=17 | dir=out | app=system | "{3C7B9973-4170-46F8-ADA2-AEF9F0D07648}" = rport=10243 | protocol=6 | dir=out | app=system | "{44CC65D0-1DBB-4C52-9D2C-A1D9E9150483}" = lport=445 | protocol=6 | dir=in | app=system | "{4E95DD83-1461-4F23-A68B-373E3DA1AC6A}" = rport=139 | protocol=6 | dir=out | app=system | "{64E42852-8655-42E2-81AE-36346E9E3FFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66177D9C-BE26-4930-8706-48FEE76C96C0}" = lport=10243 | protocol=6 | dir=in | app=system | "{6725AB7C-D7FA-49CC-8DD5-9A0E39F2BBDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7D542DE4-4D12-4E67-A949-1CDF050089D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{85AFBA15-E460-4D60-9851-44F08A31A8A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{956F3657-AB96-44F6-8A6F-2B3648FA78FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9DCA40B9-C0EB-4849-926E-85595FE5CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A14E2910-8BBA-4B14-BB53-409B383288C7}" = rport=138 | protocol=17 | dir=out | app=system | "{BDB1700F-E337-40DB-AE44-85D57BCB94D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BDCF60FA-BB65-4074-A84A-7351A30CBD0F}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF625DAD-7041-406C-B719-6E7C6E907F90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E17C39EB-369C-432A-A9AB-61D0CEA0DF90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECF85378-6F19-4D5C-8AA6-FD4A1EA65432}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F3BD4DE9-56A8-4FC7-86FE-E315EF7838FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{FF7DFA95-E3C0-4DA2-839C-6ABA39A2EE3C}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B5EE1E4-C546-4644-ADC3-394C50C4B7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1F497782-7FAA-48D8-ACF4-3CFADD03622F}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | "{1FFCC843-4345-4D01-9EDC-7B49798FB41C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{22006C4F-2D4B-433E-8033-EEF274FBB721}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2520833D-C4EA-4793-8CD5-24C0BAD038C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{25A139CD-D9A3-4070-9117-4844F9E04D60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | "{2A8985CE-8D34-4152-9875-C328DBE67E02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{30DBE1A1-7574-4F2F-8509-79B8AB8E2634}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{33926794-9962-40F1-9EA6-CD5FDDE7246D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | "{3A053704-D06D-43BF-8DC2-F039AE98E9EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B7A3127-AE7E-4F3D-A59A-4BBA493CAF48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | "{3CCB7CF4-C22E-47F9-BEDE-EA26DC3C6298}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4450C57C-4792-4D49-BD9E-EE3BDC21DB74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | "{4B46BFD3-F061-4A19-B535-4AA4A437705F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4D7B3847-E437-41F2-AAC5-3A1BDBE90D57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52C4217D-8610-43C9-BE1C-EC5A95E7ABED}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | "{540CF6BB-52D8-4977-8250-BCB25044BFCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{579537E3-BEED-4DB2-97C2-32B29309016F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | "{653A8D91-7755-4B2E-93FD-DCFD0B2EFD70}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | "{6EAB48CE-C735-4337-B4DF-53E8CE3273B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{757095C4-4A42-4861-BBDE-52C63AD13543}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{85775E56-33D8-4076-8BC8-2889F14A4C2A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{86180E96-97B5-4D6C-A7FD-2170826AC796}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{861A3419-0D7A-4E24-94CD-4F1851C99882}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | "{87B4F387-5134-4564-B730-D4ECD46946F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | "{8B277DC5-FBBC-41BE-AFAC-1B4E5E0E4D59}" = protocol=1 | dir=in | [email protected],-28543 | "{8B39BC96-60DB-42CC-9937-6924F7997F43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | "{8DB3B69E-7B54-4A62-A28F-FDA1E3F24783}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E54B279-24B2-49E8-A3F8-E65DF7A81E07}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | "{961D709D-0FBA-42E2-AD24-ECD4977F352B}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{9B38FD7F-4FF7-4489-B77C-6C9F5C4E6EA1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | "{9EA3C78B-1C53-4E12-AB45-4DE7B49F9524}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | "{A535F625-BAEA-4273-A97C-D018DD292540}" = protocol=58 | dir=in | [email protected],-28545 | "{B08CFA63-CED6-4570-B8D0-D77AF2B316B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B5376A65-9CFF-4DEC-8E36-7B98742446E3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{C7FCE1E3-9AF3-4E5A-8769-FAC4C8938D8A}" = protocol=6 | dir=out | app=system | "{C8ADBBCE-F10E-4C9D-8BB1-72F3937052AB}" = protocol=1 | dir=out | [email protected],-28544 | "{D2B415CB-783B-4A9C-B31F-BABFBC65366B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DF15D7F5-A00B-40A7-9FB6-727C25B9DE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{E58E1A61-4602-4C04-8304-4E5B1F5173C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F28E8A91-7015-43E6-A24E-8734C59867B4}" = protocol=58 | dir=out | [email protected],-28546 | "{F51B91F0-3AA1-420F-B3C1-C9C7DABA6691}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03ADCCBD-1101-41E4-9B03-A5690FFFA95E}" = ZoneAlarm Find My Laptop "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A121E1B-1E87-4F37-BC9C-F8D073047942}" = ZoneAlarm Security "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software "{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.15) "{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) MUI "{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = Amped Wireless High Power Wireless-N Pro USB Adapter Driver "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI "Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Mozilla Firefox 45.0.1 (x86 en-US)" = Mozilla Firefox 45.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "VisualRoute" = VisualRoute "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Smilebox" = Smilebox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/27/2015 9:56:12 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/27/2015 10:04:30 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/27/2015 10:12:03 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 12:50:48 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 1:11:14 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 1:18:48 AM | Computer Name = Mary-PC | Source = Application Hang | ID = 1002 Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 108c Start Time: 01d0f9abffdca0a2 Termination Time: 60000 Application Path: UNKNOWN Report Id: 2450d701-65a0-11e5-a31e-5435302b9362 Error - 9/28/2015 9:21:24 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 2:31:07 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 2:51:13 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = Error - 9/28/2015 3:25:38 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 3/19/2016 10:38:00 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The ZoneAlarm AntiTheft service failed to start due to the following error: %%2 Error - 3/19/2016 11:45:38 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The ZoneAlarm AntiTheft service failed to start due to the following error: %%2 Error - 3/19/2016 11:46:05 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = A fatal hardware error has occurred. Reported by component: Processor Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains further information. Error - 3/19/2016 10:03:06 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7038 Description = The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: %%1352 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 3/19/2016 10:03:06 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The Software Protection service failed to start due to the following error: %%1069 Error - 3/19/2016 10:04:58 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The ZoneAlarm AntiTheft service failed to start due to the following error: %%2 Error - 3/19/2016 10:05:14 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = A fatal hardware error has occurred. Reported by component: Processor Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains further information. Error - 3/19/2016 11:37:29 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The ZoneAlarm AntiTheft service failed to start due to the following error: %%2 Error - 3/19/2016 11:37:42 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = A fatal hardware error has occurred. Reported by component: Processor Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains further information. Error - 3/20/2016 2:16:57 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000 Description = The ZoneAlarm AntiTheft service failed to start due to the following error: %%2 < End of report > Link to post Share on other sites
flashh4 Posted March 20, 2016 Report Share Posted March 20, 2016 Mary we are looking great just a little longer ! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !!:OTL IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379} FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O13 - gopher Prefix: missing O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot] # Then click the Run Fix button at the top. # Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post that log next ! Thanks Chuck Link to post Share on other sites
flashh4 Posted March 20, 2016 Report Share Posted March 20, 2016 If that OTL fix removes all them then we have one more program to remove all our programs & their logs from your computer, if you find one not removed you can delete it manually ! We will wrap this up shortly !! Thanks Chuck Link to post Share on other sites
flashh4 Posted March 21, 2016 Report Share Posted March 21, 2016 Hi Mary, Update Java Runtime Make sure you uncheck any boxes that want you to install tool bars or anything other than Java You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. [*]Please go here to install Java >>> http://www.java.com/en/ [o] click on the Free Java Download Button [o] click on Agree and start Free download [o] click on Run [o] click on run again [o] click on install [o] when install is complete click on close [*]Reboot your computer ======================== Clean up of Malware Removal Tools Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded. Download Delfix to your desktop and double click it to start the program here Ensure Remove disinfection tools is ticked Also tick: o Create registry backup o Purge system restore o Reset system settings o Click Run The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. You can delete any log files left on your desktop as these are no longer needed. =================== Congratulation you are clean !!! Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. This is my standard "All Clean Speech." You may have some already installed, these are just recommendations ! Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. 2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. NoScript [url= https://adblockplus.org/en/firefox] adblock plus 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:Online Armor FreeAgnitum Outpost Firewall Free Comodo Firewall Free 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware . Let me know how it's running ? Any problems ? It may run a tad slow until a few normal re-boots, but according to all logs you are clean !! Thanks Chuck Link to post Share on other sites
Recommended Posts