Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Prety sure I have a virus, but avast and malwarebytes don't find anything


  • This topic is locked This topic is locked
16 replies to this topic

#1 gamija

gamija

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 25 March 2016 - 10:17 PM

I had bitdefender but it kept freezing and wouldn't update. After reading the tutorials on keeping your computer safe and How to remove a Trojan virus or other malware I tried downloading the recommended programs.  Some of them loaded and others failed.  Neither Avast nor Malwarebytes can find anything.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by linda (administrator) on LINDAS (25-03-2016 18:27:23)
Running from C:\Users\linda\Downloads
Loaded Profiles: linda (Available Profiles: linda)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(© 2015 Microsoft Corporation) C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46331.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_15.15.22005.0_x64__8wekyb3d8bbwe\XboxApp.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_3.5.10.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1603.12020.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6769.17901.0_x64__8wekyb3d8bbwe\onenoteim.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-09] (AVAST Software)
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\...\Run: [BingSvc] => C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-17] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c077666-a78a-4689-a547-4720ecca7fb2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df86955c-aa8d-4264-9071-7d77ce1ca05d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SK2A&ocid=SK2ADHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-4236560045-2807539303-1750375811-1001 -> {F40690A3-D5F9-4528-87B6-8179A4DE30D3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-09] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-09] (AVAST Software)
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

FireFox:
========
FF ProfilePath: C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\hx5dbzoi.default-1449980798360
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: ADB Helper - C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\hx5dbzoi.default-1449980798360\Extensions\adbhelper@mozilla.org [2016-02-04]
FF Extension: Valence - C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\hx5dbzoi.default-1449980798360\Extensions\fxdevtools-adapters@mozilla.org [2016-02-23]
FF Extension: Pin It button - C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\hx5dbzoi.default-1449980798360\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-12-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04]
CHR Extension: (YouTube) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04]
CHR Extension: (Google Search) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04]
CHR Extension: (Google News) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-01-04]
CHR Extension: (Bing) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Avast Online Security) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-09]
CHR Extension: (Pin It Button) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-04]
CHR Extension: (Sudoku) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaapohmhgjcaoenmabppbmfofjbnboc [2016-01-04]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-01-04]
CHR Extension: (Dropbox) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-04]
CHR Extension: (Google Play) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR Extension: (Offline Solitaire) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn [2016-01-04]
CHR Extension: (Gmail) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04]
CHR HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-09] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-09] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-09] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-09] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-12-10] (Advanced Micro Devices)
S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-12-10] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-12-10] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 18:27 - 2016-03-25 18:28 - 00016168 _____ C:\Users\linda\Downloads\FRST.txt
2016-03-25 18:26 - 2016-03-25 18:27 - 00000000 ____D C:\FRST
2016-03-25 18:26 - 2016-03-25 18:26 - 02374144 _____ (Farbar) C:\Users\linda\Downloads\FRST64.exe
2016-03-25 09:47 - 2016-03-25 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-03-25 09:47 - 2016-03-25 09:47 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-03-25 08:52 - 2016-03-25 09:46 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\linda\Downloads\cbSetup.exe
2016-03-25 08:31 - 2016-03-25 08:39 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\linda\Downloads\EmsisoftAntiMalwareSetup_bc.exe.part
2016-03-22 12:58 - 2016-03-22 12:58 - 00003040 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-22 12:52 - 2016-03-22 12:52 - 00003160 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458672694
2016-03-22 12:52 - 2016-03-22 12:52 - 00001093 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-22 12:52 - 2016-03-22 12:52 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-22 12:50 - 2016-03-22 12:50 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-11 14:33 - 2016-03-11 14:33 - 00280812 _____ C:\WINDOWS\Minidump\031116-27359-01.dmp
2016-03-11 14:33 - 2016-03-11 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-11 14:32 - 2016-03-11 14:32 - 461977210 _____ C:\WINDOWS\MEMORY.DMP
2016-03-09 19:25 - 2016-03-09 19:53 - 184707904 _____ C:\Users\linda\Downloads\kkb9pxlk.exe.part
2016-03-09 19:15 - 2016-03-09 19:15 - 00001742 _____ C:\Users\linda\Desktop\JRT.txt
2016-03-09 19:01 - 2016-03-09 19:01 - 01609216 _____ (Malwarebytes) C:\Users\linda\Downloads\JRT.exe
2016-03-09 18:56 - 2016-03-09 18:59 - 00003132 _____ C:\Users\linda\Desktop\Rkill.txt
2016-03-09 18:56 - 2016-03-09 18:56 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\linda\Downloads\rkill.exe
2016-03-09 18:31 - 2016-03-09 18:33 - 24950928 _____ (SUPERAntiSpyware) C:\Users\linda\Downloads\SUPERAntiSpyware.exe.part
2016-03-09 15:30 - 2016-03-09 16:17 - 184702912 _____ C:\Users\linda\Downloads\88pp31ir dr cureit.exe.part
2016-03-09 15:27 - 2016-03-09 15:27 - 00323167 _____ C:\Users\linda\AppData\Local\census.cache
2016-03-09 15:26 - 2016-03-09 15:26 - 00110847 _____ C:\Users\linda\AppData\Local\ars.cache
2016-03-09 15:19 - 2016-03-09 15:19 - 00000010 _____ C:\Users\linda\AppData\Local\sponge.last.runtime.cache
2016-03-09 15:03 - 2016-03-09 15:03 - 00000000 ____D C:\ProgramData\Trend Micro
2016-03-09 14:57 - 2016-03-09 14:57 - 02105760 _____ (Trend Micro Inc.) C:\Users\linda\Downloads\HousecallLauncher.exe
2016-03-09 14:57 - 2016-03-09 14:57 - 00000036 _____ C:\Users\linda\AppData\Local\housecall.guid.cache
2016-03-09 10:50 - 2016-03-09 10:41 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-09 10:44 - 2016-03-09 10:44 - 00000000 ____D C:\Users\linda\AppData\Roaming\AVAST Software
2016-03-09 10:43 - 2016-03-09 10:43 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-03-09 10:43 - 2016-03-09 10:43 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-09 10:42 - 2016-03-22 12:49 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-09 10:42 - 2016-03-09 10:43 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-09 10:42 - 2016-03-09 10:43 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-09 10:42 - 2016-03-09 10:43 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-09 10:42 - 2016-03-09 10:42 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-09 10:42 - 2016-03-09 10:41 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-03-09 10:42 - 2016-03-09 10:41 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-03-09 10:42 - 2016-03-09 10:41 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-09 10:42 - 2016-03-09 10:41 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-09 10:41 - 2016-03-09 10:41 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-09 10:38 - 2016-02-29 23:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 10:38 - 2016-02-29 23:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 10:38 - 2016-02-24 03:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 10:38 - 2016-02-24 03:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:38 - 2016-02-24 03:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:38 - 2016-02-24 03:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 10:38 - 2016-02-24 03:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 10:38 - 2016-02-24 02:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:38 - 2016-02-24 02:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 10:38 - 2016-02-24 02:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 10:38 - 2016-02-24 02:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 10:38 - 2016-02-24 02:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 10:38 - 2016-02-24 02:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 10:38 - 2016-02-24 02:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 10:38 - 2016-02-24 01:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 10:38 - 2016-02-24 00:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 10:38 - 2016-02-24 00:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 10:38 - 2016-02-24 00:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 10:38 - 2016-02-24 00:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 10:38 - 2016-02-24 00:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:38 - 2016-02-24 00:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 10:38 - 2016-02-24 00:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 10:38 - 2016-02-24 00:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:38 - 2016-02-24 00:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 10:38 - 2016-02-23 23:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 10:38 - 2016-02-23 23:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 10:38 - 2016-02-23 23:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:38 - 2016-02-23 23:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:38 - 2016-02-23 23:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:38 - 2016-02-23 23:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:38 - 2016-02-23 23:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:38 - 2016-02-23 23:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:38 - 2016-02-23 23:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:38 - 2016-02-23 23:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:38 - 2016-02-23 22:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:38 - 2016-02-23 22:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 10:37 - 2016-02-24 03:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 10:37 - 2016-02-24 03:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:37 - 2016-02-24 03:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 10:37 - 2016-02-24 02:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:37 - 2016-02-24 02:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 10:37 - 2016-02-24 02:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 10:37 - 2016-02-24 02:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 10:37 - 2016-02-24 02:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 10:37 - 2016-02-24 02:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:37 - 2016-02-24 02:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 10:37 - 2016-02-24 02:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:37 - 2016-02-24 02:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 10:37 - 2016-02-24 02:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 10:37 - 2016-02-24 02:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:37 - 2016-02-24 02:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:37 - 2016-02-24 02:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:37 - 2016-02-24 02:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:37 - 2016-02-24 01:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 10:37 - 2016-02-24 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 10:37 - 2016-02-24 01:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 10:37 - 2016-02-24 01:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 10:37 - 2016-02-24 01:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 10:37 - 2016-02-24 01:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 10:37 - 2016-02-24 01:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 10:37 - 2016-02-24 01:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:37 - 2016-02-24 01:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:37 - 2016-02-24 01:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:37 - 2016-02-24 01:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:37 - 2016-02-24 01:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 10:37 - 2016-02-24 01:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 10:37 - 2016-02-24 01:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:37 - 2016-02-24 01:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 10:37 - 2016-02-24 01:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 10:37 - 2016-02-24 01:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 10:37 - 2016-02-24 01:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 10:37 - 2016-02-24 01:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:37 - 2016-02-24 01:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 10:37 - 2016-02-24 01:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:37 - 2016-02-24 01:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:37 - 2016-02-24 01:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 10:37 - 2016-02-24 01:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 10:37 - 2016-02-24 01:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 10:37 - 2016-02-24 01:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 10:37 - 2016-02-24 01:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 10:37 - 2016-02-24 01:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 10:37 - 2016-02-24 01:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 10:37 - 2016-02-24 01:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 10:37 - 2016-02-24 01:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 10:37 - 2016-02-24 01:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:37 - 2016-02-24 01:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 10:37 - 2016-02-24 01:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:37 - 2016-02-24 01:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 10:37 - 2016-02-24 01:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 10:37 - 2016-02-24 01:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 10:37 - 2016-02-24 00:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 10:37 - 2016-02-24 00:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 10:37 - 2016-02-24 00:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 10:37 - 2016-02-24 00:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 10:37 - 2016-02-24 00:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 10:37 - 2016-02-24 00:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 10:37 - 2016-02-24 00:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 10:37 - 2016-02-24 00:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:37 - 2016-02-24 00:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 10:37 - 2016-02-24 00:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 10:37 - 2016-02-24 00:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 10:37 - 2016-02-24 00:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:37 - 2016-02-24 00:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 10:37 - 2016-02-24 00:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 10:37 - 2016-02-24 00:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 10:37 - 2016-02-24 00:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:37 - 2016-02-24 00:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 10:37 - 2016-02-24 00:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 10:37 - 2016-02-24 00:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 10:37 - 2016-02-24 00:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 10:37 - 2016-02-24 00:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 10:37 - 2016-02-24 00:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 10:37 - 2016-02-24 00:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:37 - 2016-02-24 00:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 10:37 - 2016-02-24 00:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 10:37 - 2016-02-24 00:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 10:37 - 2016-02-24 00:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:37 - 2016-02-24 00:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:37 - 2016-02-24 00:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 10:37 - 2016-02-24 00:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 10:37 - 2016-02-24 00:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 10:37 - 2016-02-24 00:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 10:37 - 2016-02-24 00:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 10:37 - 2016-02-24 00:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 10:37 - 2016-02-24 00:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 10:37 - 2016-02-24 00:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:37 - 2016-02-24 00:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 10:37 - 2016-02-24 00:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 10:37 - 2016-02-24 00:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 10:37 - 2016-02-24 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 10:37 - 2016-02-24 00:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 10:37 - 2016-02-24 00:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 10:37 - 2016-02-24 00:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 10:37 - 2016-02-24 00:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 10:37 - 2016-02-24 00:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:37 - 2016-02-24 00:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 10:37 - 2016-02-24 00:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 10:37 - 2016-02-24 00:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 10:37 - 2016-02-24 00:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 10:37 - 2016-02-24 00:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 10:37 - 2016-02-24 00:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 10:37 - 2016-02-24 00:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 10:37 - 2016-02-24 00:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 10:37 - 2016-02-24 00:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 10:37 - 2016-02-23 23:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 10:37 - 2016-02-23 23:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 10:37 - 2016-02-23 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-09 10:36 - 2016-03-22 12:50 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-09 10:36 - 2016-02-24 01:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:36 - 2016-02-24 01:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 10:36 - 2016-02-24 00:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 10:36 - 2016-02-24 00:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:36 - 2016-02-24 00:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:36 - 2016-02-24 00:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 10:32 - 2016-03-09 10:32 - 00001020 _____ C:\Users\linda\Downloads\AdwCleaner - Shortcut.lnk
2016-03-05 16:22 - 2016-02-23 04:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-05 16:22 - 2016-02-23 03:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-05 16:22 - 2016-02-23 02:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-05 16:22 - 2016-02-23 00:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-05 16:21 - 2016-02-23 05:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-05 16:21 - 2016-02-23 04:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-05 16:21 - 2016-02-23 04:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-05 16:21 - 2016-02-23 04:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-05 16:21 - 2016-02-23 04:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-05 16:21 - 2016-02-23 03:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-05 16:21 - 2016-02-23 03:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-05 16:21 - 2016-02-23 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-05 16:21 - 2016-02-23 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-05 16:21 - 2016-02-23 02:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-05 16:21 - 2016-02-23 02:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-05 16:21 - 2016-02-23 02:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-05 16:21 - 2016-02-23 02:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-05 16:21 - 2016-02-23 01:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-05 16:21 - 2016-02-23 01:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-05 16:21 - 2016-02-23 01:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-05 16:21 - 2016-02-23 01:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-05 16:21 - 2016-02-23 01:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-05 16:21 - 2016-02-23 01:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-05 16:21 - 2016-02-23 00:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-05 16:21 - 2016-02-23 00:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-05 16:21 - 2016-02-23 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-05 16:21 - 2016-02-23 00:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-05 16:21 - 2016-02-23 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-05 16:21 - 2016-02-23 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-05 16:21 - 2016-02-23 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-05 16:21 - 2016-02-08 21:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-05 16:21 - 2016-02-08 21:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-05 16:21 - 2016-02-08 21:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-05 16:20 - 2016-02-23 05:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-05 16:20 - 2016-02-23 05:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-05 16:20 - 2016-02-23 05:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-05 16:20 - 2016-02-23 05:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-05 16:20 - 2016-02-23 05:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-05 16:20 - 2016-02-23 05:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-05 16:20 - 2016-02-23 04:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-05 16:20 - 2016-02-23 04:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-05 16:20 - 2016-02-23 04:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-05 16:20 - 2016-02-23 04:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 04:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-05 16:20 - 2016-02-23 04:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-05 16:20 - 2016-02-23 04:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 04:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-05 16:20 - 2016-02-23 04:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-05 16:20 - 2016-02-23 04:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-05 16:20 - 2016-02-23 04:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-05 16:20 - 2016-02-23 03:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-05 16:20 - 2016-02-23 03:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-05 16:20 - 2016-02-23 03:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-05 16:20 - 2016-02-23 03:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 03:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 03:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-05 16:20 - 2016-02-23 03:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-05 16:20 - 2016-02-23 03:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-05 16:20 - 2016-02-23 03:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-05 16:20 - 2016-02-23 03:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-05 16:20 - 2016-02-23 03:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-05 16:20 - 2016-02-23 03:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-05 16:20 - 2016-02-23 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-05 16:20 - 2016-02-23 02:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-05 16:20 - 2016-02-23 02:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-05 16:20 - 2016-02-23 02:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-05 16:20 - 2016-02-23 02:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-05 16:20 - 2016-02-23 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-05 16:20 - 2016-02-23 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-05 16:20 - 2016-02-23 02:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-05 16:20 - 2016-02-23 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-05 16:20 - 2016-02-23 02:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-05 16:20 - 2016-02-23 02:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-05 16:20 - 2016-02-23 02:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-05 16:20 - 2016-02-23 02:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-05 16:20 - 2016-02-23 02:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 02:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-05 16:20 - 2016-02-23 02:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-05 16:20 - 2016-02-23 02:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-05 16:20 - 2016-02-23 02:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-05 16:20 - 2016-02-23 02:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-05 16:20 - 2016-02-23 02:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-05 16:20 - 2016-02-23 02:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-05 16:20 - 2016-02-23 02:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-05 16:20 - 2016-02-23 02:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-05 16:20 - 2016-02-23 02:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-05 16:20 - 2016-02-23 02:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-05 16:20 - 2016-02-23 02:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-05 16:20 - 2016-02-23 02:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-05 16:20 - 2016-02-23 01:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-05 16:20 - 2016-02-23 01:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-05 16:20 - 2016-02-23 01:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-05 16:20 - 2016-02-23 01:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-05 16:20 - 2016-02-23 01:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-05 16:20 - 2016-02-23 01:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-05 16:20 - 2016-02-23 01:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-05 16:20 - 2016-02-23 01:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-05 16:20 - 2016-02-23 01:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-05 16:20 - 2016-02-23 01:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-05 16:20 - 2016-02-23 01:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-05 16:20 - 2016-02-23 01:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-05 16:20 - 2016-02-23 01:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-05 16:20 - 2016-02-23 01:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-05 16:20 - 2016-02-23 01:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-05 16:20 - 2016-02-23 01:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-05 16:20 - 2016-02-23 01:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-05 16:20 - 2016-02-23 01:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-05 16:20 - 2016-02-23 00:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-05 16:20 - 2016-02-23 00:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-05 16:20 - 2016-02-23 00:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-05 16:20 - 2016-02-23 00:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-05 16:20 - 2016-02-23 00:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-05 16:20 - 2016-02-23 00:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-05 16:20 - 2016-02-23 00:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-05 16:20 - 2016-02-23 00:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-05 16:20 - 2016-02-23 00:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-05 16:20 - 2016-02-23 00:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-05 16:20 - 2016-02-08 22:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-05 16:20 - 2016-02-08 21:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-05 16:19 - 2016-02-23 05:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-05 16:19 - 2016-02-23 05:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-05 16:19 - 2016-02-23 05:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-05 16:19 - 2016-02-23 04:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-05 16:19 - 2016-02-23 04:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-05 16:19 - 2016-02-23 04:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-05 16:19 - 2016-02-23 03:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-05 16:19 - 2016-02-23 03:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-05 16:19 - 2016-02-23 03:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-05 16:19 - 2016-02-23 03:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-05 16:19 - 2016-02-23 03:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-05 16:19 - 2016-02-23 03:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-05 16:19 - 2016-02-23 03:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-05 16:19 - 2016-02-23 03:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-05 16:19 - 2016-02-23 03:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-05 16:19 - 2016-02-23 03:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-05 16:19 - 2016-02-23 03:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-05 16:19 - 2016-02-23 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-05 16:19 - 2016-02-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-05 16:19 - 2016-02-23 02:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-05 16:19 - 2016-02-23 02:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-05 16:19 - 2016-02-23 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-05 16:19 - 2016-02-23 02:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-05 16:19 - 2016-02-23 02:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-05 16:19 - 2016-02-23 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-05 16:19 - 2016-02-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-05 16:19 - 2016-02-23 02:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-05 16:19 - 2016-02-23 02:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-05 16:19 - 2016-02-23 02:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-05 16:19 - 2016-02-23 02:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-05 16:19 - 2016-02-23 02:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-05 16:19 - 2016-02-23 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-05 16:19 - 2016-02-23 02:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-05 16:19 - 2016-02-23 02:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-05 16:19 - 2016-02-23 02:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-05 16:19 - 2016-02-23 02:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-05 16:19 - 2016-02-23 02:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-05 16:19 - 2016-02-23 02:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-05 16:19 - 2016-02-23 02:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-05 16:19 - 2016-02-23 02:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-05 16:19 - 2016-02-23 02:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-05 16:19 - 2016-02-23 02:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-05 16:19 - 2016-02-23 02:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-05 16:19 - 2016-02-23 01:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-05 16:19 - 2016-02-23 01:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-05 16:19 - 2016-02-23 01:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-05 16:19 - 2016-02-23 01:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-05 16:19 - 2016-02-23 01:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-05 16:19 - 2016-02-23 01:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-05 16:19 - 2016-02-23 01:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-05 16:19 - 2016-02-23 01:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-05 16:19 - 2016-02-23 01:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-05 16:19 - 2016-02-23 01:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-05 16:19 - 2016-02-23 01:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-05 16:19 - 2016-02-23 01:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-05 16:19 - 2016-02-23 00:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-05 16:19 - 2016-02-23 00:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-05 16:19 - 2016-02-08 22:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-05 16:19 - 2016-02-08 21:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-05 16:19 - 2016-02-08 21:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-02-24 21:44 - 2016-02-24 21:44 - 00001944 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 17:44 - 2016-01-04 09:34 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-25 17:35 - 2016-01-22 08:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-25 13:57 - 2014-11-25 19:34 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7F8E3891-615F-4393-93DF-FB071366121B}
2016-03-25 10:45 - 2016-02-12 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-25 09:35 - 2016-01-22 08:31 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-25 08:44 - 2016-01-04 09:34 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-25 08:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-25 07:56 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-24 09:33 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 12:55 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-22 12:55 - 2015-07-31 07:13 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 12:50 - 2015-12-04 16:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-22 12:48 - 2015-07-08 21:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 12:47 - 2015-12-10 16:36 - 00000000 ____D C:\Users\linda
2016-03-22 12:45 - 2015-12-10 17:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-12 21:48 - 2014-11-26 12:45 - 00000000 ____D C:\Users\linda\AppData\Local\ElevatedDiagnostics
2016-03-12 21:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-10 12:35 - 2015-12-10 16:24 - 00206408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 12:34 - 2015-12-10 16:29 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-03-10 12:34 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-10 12:32 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 12:32 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 12:32 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 12:32 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 16:32 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-09 12:31 - 2014-11-28 19:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 12:25 - 2014-11-28 19:55 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 12:08 - 2015-03-27 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-09 11:20 - 2015-12-23 08:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 10:35 - 2015-12-22 07:10 - 05207096 _____ (AVAST Software) C:\Users\linda\Downloads\AdwCleaner.exe
2016-03-09 10:03 - 2015-12-15 23:08 - 00000000 ____D C:\Users\linda\Documents\Autoruns
2016-03-09 07:48 - 2016-01-04 09:36 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 07:48 - 2016-01-04 09:36 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-08 01:12 - 2015-10-30 01:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 01:12 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-06 15:27 - 2014-11-25 16:10 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-06 04:14 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-06 04:14 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-06 04:14 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-06 04:14 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-06 04:14 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-06 04:14 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-06 04:13 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-06 04:13 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-06 04:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-05 18:28 - 2014-11-25 19:04 - 00000000 ____D C:\Users\linda\AppData\Local\TOSHIBA
2016-03-01 20:58 - 2015-03-27 21:12 - 00000000 ____D C:\Users\linda\AppData\Roaming\Skype
2016-02-29 11:21 - 2014-08-11 02:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-24 21:47 - 2014-08-11 02:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-24 21:44 - 2014-08-11 02:30 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-24 21:44 - 2014-08-11 02:30 - 00000000 ____D C:\Program Files (x86)\Toshiba

==================== Files in the root of some directories =======

2016-03-09 15:26 - 2016-03-09 15:26 - 0110847 _____ () C:\Users\linda\AppData\Local\ars.cache
2016-03-09 15:27 - 2016-03-09 15:27 - 0323167 _____ () C:\Users\linda\AppData\Local\census.cache
2016-03-09 14:57 - 2016-03-09 14:57 - 0000036 _____ () C:\Users\linda\AppData\Local\housecall.guid.cache
2015-07-08 21:10 - 2015-12-04 09:57 - 0007605 _____ () C:\Users\linda\AppData\Local\resmon.resmoncfg
2016-03-09 15:19 - 2016-03-09 15:19 - 0000010 _____ () C:\Users\linda\AppData\Local\sponge.last.runtime.cache
2014-11-27 21:24 - 2014-11-27 21:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-10 16:29 - 2015-12-10 16:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-25 10:48

==================== End of FRST.txt ============================

 

Attached File  Addition.txt   31.69KB   3 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 26 March 2016 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\...\Run: [BingSvc] => C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
CHR Extension: (Bing) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-03-09]
CHR Extension: (Avast Online Security) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]
Task: {18ABE744-8630-4DAA-A60A-98F3E330AC33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1D52B54D-D2AF-4D5B-BC54-22D2E3D8FEA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6B55319D-3524-4FDA-BA28-1DDECC1629CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6D9A8B91-4B4D-47BE-8D31-7A3CF39F563B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {719A2D8F-07AB-4EE4-8EDA-506CAF5EC791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8284E89C-BDD7-44B5-AC48-DF17CE16E26F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {841184F1-AA42-4CAF-90F1-162566E14018} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97A222B8-6930-463A-A50A-683AB630DD26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A44747D4-14C7-4EDE-AC3E-AB355A9BA3D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DEE0308D-8EF0-4F6A-96A7-A00B7D253605} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F20FBE32-C312-4138-9049-8E119C285355} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\linda\Downloads\479775_intl_x64_zip.exe:BDU [0]
AlternateDataStreams: C:\Users\linda\Downloads\FileFormatConverters.exe:BDU [0]
AlternateDataStreams: C:\Users\linda\Downloads\mbam-setup-sem-2.1.6.1022.exe:BDU [0]
C:\WINDOWS\Minidump\031116-27359-01.dmp
C:\WINDOWS\MEMORY.DMP
C:\Users\linda\AppData\Local\Microsoft\BingSvc

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 31 March 2016 - 09:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 06 April 2016 - 06:48 AM

Reply pasted from a PM Message.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by linda (2016-03-28 08:31:11) Run:1
Running from C:\Users\linda\Downloads
Loaded Profiles: linda (Available Profiles: linda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(© 2015 Microsoft Corporation) C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\...\Run: [BingSvc] => C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR Extension: (Bing) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-03-09]
CHR Extension: (Avast Online Security) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-09]
Task: {18ABE744-8630-4DAA-A60A-98F3E330AC33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1D52B54D-D2AF-4D5B-BC54-22D2E3D8FEA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6B55319D-3524-4FDA-BA28-1DDECC1629CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6D9A8B91-4B4D-47BE-8D31-7A3CF39F563B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {719A2D8F-07AB-4EE4-8EDA-506CAF5EC791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8284E89C-BDD7-44B5-AC48-DF17CE16E26F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {841184F1-AA42-4CAF-90F1-162566E14018} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97A222B8-6930-463A-A50A-683AB630DD26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A44747D4-14C7-4EDE-AC3E-AB355A9BA3D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DEE0308D-8EF0-4F6A-96A7-A00B7D253605} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F20FBE32-C312-4138-9049-8E119C285355} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\linda\Downloads\479775_intl_x64_zip.exe:BDU [0]
AlternateDataStreams: C:\Users\linda\Downloads\FileFormatConverters.exe:BDU [0]
AlternateDataStreams: C:\Users\linda\Downloads\mbam-setup-sem-2.1.6.1022.exe:BDU [0]
C:\WINDOWS\Minidump\031116-27359-01.dmp
C:\WINDOWS\MEMORY.DMP
C:\Users\linda\AppData\Local\Microsoft\BingSvc

End

*****************

[4940] C:\Users\linda\AppData\Local\Microsoft\BingSvc\BingSvc.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
"HKCR\PROTOCOLS\Handler\AutorunsDisabled" => key removed successfully
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully
C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18ABE744-8630-4DAA-A60A-98F3E330AC33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18ABE744-8630-4DAA-A60A-98F3E330AC33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D52B54D-D2AF-4D5B-BC54-22D2E3D8FEA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D52B54D-D2AF-4D5B-BC54-22D2E3D8FEA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B55319D-3524-4FDA-BA28-1DDECC1629CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B55319D-3524-4FDA-BA28-1DDECC1629CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D9A8B91-4B4D-47BE-8D31-7A3CF39F563B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D9A8B91-4B4D-47BE-8D31-7A3CF39F563B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719A2D8F-07AB-4EE4-8EDA-506CAF5EC791}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719A2D8F-07AB-4EE4-8EDA-506CAF5EC791}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8284E89C-BDD7-44B5-AC48-DF17CE16E26F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8284E89C-BDD7-44B5-AC48-DF17CE16E26F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{841184F1-AA42-4CAF-90F1-162566E14018}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{841184F1-AA42-4CAF-90F1-162566E14018}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97A222B8-6930-463A-A50A-683AB630DD26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A222B8-6930-463A-A50A-683AB630DD26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A44747D4-14C7-4EDE-AC3E-AB355A9BA3D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44747D4-14C7-4EDE-AC3E-AB355A9BA3D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEE0308D-8EF0-4F6A-96A7-A00B7D253605}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEE0308D-8EF0-4F6A-96A7-A00B7D253605}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F20FBE32-C312-4138-9049-8E119C285355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F20FBE32-C312-4138-9049-8E119C285355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\Users\linda\Downloads\479775_intl_x64_zip.exe => ":BDU" ADS removed successfully.
C:\Users\linda\Downloads\FileFormatConverters.exe => ":BDU" ADS removed successfully.
C:\Users\linda\Downloads\mbam-setup-sem-2.1.6.1022.exe => ":BDU" ADS removed successfully.
C:\WINDOWS\Minidump\031116-27359-01.dmp => moved successfully
C:\WINDOWS\MEMORY.DMP => moved successfully
C:\Users\linda\AppData\Local\Microsoft\BingSvc => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-28 08:33:59)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 08:34:00 ====

# AdwCleaner v5.107 - Logfile created 28/03/2016 at 12:45:03
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : linda - LINDAS
# Running from : C:\Users\linda\Downloads\adwcleaner_5.107.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Value Deleted : HKU\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Web browsers ] *****

[-] [C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MFCE0CFD4-A0FC-4710-B623-A10F0342ED8D&SearchSource=55&CUI=&UM=5&UP=SP9C742EE7-5324-46AB-ABBB-8967420DE491&SSPV=

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1784 bytes] - [28/03/2016 12:45:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [2574 bytes] - [22/12/2015 07:12:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [639 bytes] - [26/12/2015 16:37:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2002 bytes] ##########

My computer is still very slow and has trouble opening sites. thanks. sorry for the delay. linda

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 06 April 2016 - 06:53 AM

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
===


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

p.s.
Is the computer slow with on the Internet and while you try to open some folders or programs?

#6 gamija

gamija
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 10 April 2016 - 09:35 AM

Sorry about the delay.  We've been on a trip.  I tried to respond on the 7th and received a message that my reply was not deliverable.  I'm not sure if it was just that I was distracted and didn't do it correctly.Hopefully this one will go through.

 

I reset the default browser settings, Cleaned the firefox cache and ran rogue Killer. Some of the directions were different, but I followed them and deleted the found items.  I am unable to find the RKreport[1].txt on my desktop.  I've tried to find it in different areas without success.I am able to find a report on Rogue killer itself but it is not in the notepad format.

 

I'm continuing to have issues while I'm on the internet. My computer seems to be ok when I'm not on the internet. Sometimes when I'm attempting to enter this site there is a long delay with messages saying I don't have access.  Then later I'll try again and it will open.  This morning I didn't have any problem.  Again possibly I was distracted.  I will be home for several days now and hopefully I will be able to determine if in fact I am having issues opening this site.  thank you

 

I



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 11 April 2016 - 08:01 AM

I have download and executed the latest version of the RogueKiller tool.
I also have revised by canned speech.
Please run it one more time and follow the following instructions.
I would like to review the log.

p.s.
If you find that the instructions are not clear or correct please let me know what you suggest.
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#8 gamija

gamija
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 April 2016 - 02:09 PM

Here is the Rogue report.  Also I forgot to mention that I am unable to format a disk to do a backup.  I'm not sure if it is related to the other issues or if it is a separate issue.  Thank you for your time.

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : linda [Administrator]
Started from : C:\Users\linda\Downloads\RogueKiller(1).exe
Mode : Scan -- Date : 04/11/2016 11:39:12

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Run | Chromium : "c:\users\linda\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Run | Chromium : "c:\users\linda\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [x][x][x][x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 465273 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 955447296 | Size: 807 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 957100032 | Size: 9605 MB
User = LL1 ... OK
User = LL2 ... OK



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 12 April 2016 - 07:08 AM



Execute RogueKiller and remove these items that were identified.

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Run | Chromium : "c:\users\linda\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4236560045-2807539303-1750375811-1001\Software\Microsoft\Windows\CurrentVersion\Run | Chromium : "c:\users\linda\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [x][x][x][x] -> Found


Restart the computer normally.

===

Why do a Format?
You will loose every programs files installed.

What back up are you talking about?

#10 gamija

gamija
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 13 April 2016 - 04:21 PM

I ran Rogue killer again.

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : linda [Administrator]
Started from : C:\Users\linda\Downloads\RogueKiller(1).exe
Mode : Scan -- Date : 04/12/2016 11:34:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

 

I'm trying to backup my pictures and documents onto a disk.  When I attempt to do this I'm notified that it needs to be formatted.  It begins to format and then says it is unable to complete.  I've tried different disks and get the same result.

 

Thank you again for your time.
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 14 April 2016 - 06:39 AM

What type of Disk is it?

Is it a new Disk?

#12 gamija

gamija
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 15 April 2016 - 09:25 AM

Memorex cd-rw Yes they are new.  I've saved to disks before but right now I'm not able to. 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 15 April 2016 - 12:54 PM

I would check to see if I have the latest driver.
Find out what software you have and check the manufacturer's site for latest driver.

I have Cyberlink, what is yours?

Check you Add/Remove programs list.

#14 gamija

gamija
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 19 April 2016 - 09:11 PM

I'm attempting to find updates for my driver, but so far I haven't been able to locate it.  I have cyberlink 12.  I will keep looking.

 

I'm continuing to have issues when on the internet.  I scan my computer and delete what is found but then in a day or so it's difficult to open web sites again.  There is a continuous list of items flashing on the lower left side.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 PM

Posted 20 April 2016 - 07:13 AM

I'm attempting to find updates for my driver, but so far I haven't been able to locate it. I have cyberlink 12.

Can this help?
https://www.cyberlink.com/support/powerdirector-ultra/patches_en_US.html

===

I scan my computer and delete what is found but then in a day or so it's difficult to open web sites again

Is the issue with all the Browsers?

There is a continuous list of items flashing on the lower left side.

Is this on the Task bar?
Can you capture an image?
Or what is flashing?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users