Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to view SSL sites - referral from Malware forum


  • Please log in to reply
27 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 06 September 2016 - 01:50 PM

Hi

We have been working on my sister's neighbor's computer under the following:

 

http://www.bleepingcomputer.com/forums/t/624390/windows-7-appears-infected-most-sites-not-available-invalid-certificate-errors/page-2#entry4079202

 

It looks like the issues are related to the operating system now.

 

Any attempt to go to a SSL site like google.com brings up a window the says the following:

 

The URL window has:

https://www.google.com/?gws_rd=ssl

 

The window says:

This page can't be displayed

Make sure the web address https://www.google.com is correct

Look for the page with your search engine.

Refresh the page in a few minutes.

 

[Fix connection problems]

 

When IE comes up, the following home page is displayed and searching within Bing/msn.com come up but going to any of the sites brings up the above error:

 

URL window has:

http://www.msn.com/?=pc-EUPP_EU09&.......(blah blah blah)

 

Appreciate the help!

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:40 PM

Posted 06 September 2016 - 02:54 PM

Let's see what we can see :).

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course): p22004369.gif

     Now, at the top, click File > Publish Snapshot. You will see the following prompt:

p22004371.gif

     Click Yes > then Copy to Clipboard

p22004372.gif

Now, once you are back in the forum topic you are posting in, click the p22004370.gif button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

 

Louis



#3 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 11:35 AM

Thanks.  We are doing this today.

I will post the data asap.

FYI, since this is her next door neighbor's computer, we don't always have access to it and it typically doesn't have internet access but it does at the moment.



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:40 PM

Posted 07 September 2016 - 12:10 PM

Not a problem :), we are not on a schedule of any sort.  Post when convenient :).
 

Louis



#5 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 12:22 PM

Hi
Here is the MTB txt as well as the URL for Speccy:
 
http://speccy.piriform.com/results/s13kRwW7QCyF8qcXVlPeIl4
 
Thanks!
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Bill (administrator) on 07-09-2016 at 11:50:22
Running from "C:\Users\Bill\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: ET1831 Manufacturer: eMachines
Boot Mode: Normal

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/06/2016 01:18:20 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/31/2016 04:36:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:36:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:33:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

 

Error: (08/31/2016 04:33:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:28:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:28:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:23:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 04:23:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2016 12:21:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (09/06/2016 01:29:43 PM) (Source: DCOM) (User: Bill-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Bill-PCBillS-1-5-21-720449975-2614750782-2466370000-1001LocalHost (Using LRPC)

Error: (09/06/2016 01:29:37 PM) (Source: DCOM) (User: Bill-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Bill-PCBillS-1-5-21-720449975-2614750782-2466370000-1001LocalHost (Using LRPC)

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The RealTimes Desktop Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The GRegService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/06/2016 01:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================


CodeIntegrity Errors:
===================================
  Date: 2016-08-29 09:44:02.649
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-29 09:44:02.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 21:25:00.925
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 21:25:00.775
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 21:25:00.625
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 21:25:00.475
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 14:08:34.904
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 14:08:34.685
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 14:08:34.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 14:08:34.244
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix-3\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.2 - Nero AG) Hidden
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.71 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Software Updater Beta (HKLM-x32\...\{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{f8ed8c7d-6d12-4eb1-9fb9-80e48c357a12}) (Version:  - Nero AG)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
RealDownloader (HKLM-x32\...\{13743594-F75E-491E-9EFF-203C8F8DF705}) (Version: 18.1.4.142 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{8D5E8DA1-0420-4A3B-9B29-8F3A00B32BDF}) (Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{d83e372d-fb15-4de5-bc30-04653241e867}) (Version: 18.1.4.142 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
he Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.9 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{E60AFF01-6087-47BD-8272-61FA3CFC309D}) (Version: 1.1.0 - RealNetworks) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)

========================= Memory info: ===================================
Percentage of memory in use: 42%
Total physical RAM: 3839.23 MB
Available physical RAM: 2190.78 MB
Total Virtual: 7676.65 MB
Available Virtual: 6234.12 MB

========================= Partitions: =====================================
1 Drive c: (eMachines) (Fixed) (Total:685.54 GB) (Free:610.62 GB) NTFS
8 Drive k: () (Removable) (Total:3.68 GB) (Free:2.94 GB) FAT32

========================= Users: ========================================
User accounts for \\BILL-PC
Administrator            Bill                     Guest                    
Rosemary                 UpdatusUser              


**** End of log ****


Edited by hamluis, 07 September 2016 - 03:38 PM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:40 PM

Posted 07 September 2016 - 03:42 PM

Take a look:  https://support.microsoft.com/en-us/kb/813444 .

 

Louis



#7 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 04:04 PM

Thanks. We will do so asap.

FYI, only methods #4 and #6 have not been done already.



#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:40 PM

Posted 07 September 2016 - 05:12 PM

I would also like for you to do the following, as suggested.

 

GSmart Hard Drive Test, Alexstrasza - http://www.bleepingcomputer.com/forums/t/565216/laptop-running-slow-tried-many-things-and-unreadable-files/?p=3613590

 

Louis



#9 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 05:19 PM

Hi

We are currently running the sfc.exe /scannow.

We got errors on the following DLLs

wintrust.dll

initpki.dll

gpkcsp.dll

sccbase.dll

cryptdlg.dll

 

We will run the hard drive test later tonight as well as give you results of the sfc.exe scan.

 

Thanks



#10 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 05:44 PM

We were able to download the hard drive test and there are no red or pink entries (yea!?)

The sfc.exe /scannow completed and it said it found some issues and was able to fix them.

We rebooted the computer at this point and...........(waiting for it to reboot :-) )

...........the clouds parted, the music was queued......and google.com actually came up without an error!!

 

We created a restore point just because.  Haven't done anything else, pending your reply.  We left it backing up to the new USB drive as well.

 

Thanks!



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:40 PM

Posted 07 September 2016 - 05:58 PM

How is your ability to connect to SSL/secure websites?

 

Louis



#12 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:05:40 PM

Posted 07 September 2016 - 07:38 PM

You did make sure you had the correct date, time, time zone, year on your computer, right?

In your other thread, you uninstalled Kaspersky. However, your recent log shows Kaspersky entries. Did you reinstall it?

Did you use the Kaspersky removal tool?

http://support.kaspersky.com/common/service.aspx?el=1464#block1

Edited by Phantom010, 07 September 2016 - 08:02 PM.


#13 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 07 September 2016 - 08:21 PM

Date info is correct.
We did use the removal tool. I took was surprised to see so much kaspersky in the logs.

We have never been able to simply bring up Google.com but we did the last time. Haven't checked anything else our - left it backing up to a new USB drive.

Thanks

#14 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:05:40 PM

Posted 07 September 2016 - 09:10 PM

I would run the tool another time. Sometimes, those tools don't get everything the first time.



#15 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:40 PM

Posted 11 September 2016 - 07:20 PM

Hi

We ran it the Avast uninstall again.

Then installed a Norton trial.

 

FRST64 log below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Bill (administrator) on BILL-PC (11-09-2016 17:13:57)
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill (Available Profiles: Bill & Rosemary & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Logitech, Inc.) C:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech\Logitech WebCam Software\LU\LogitechUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [293768 2016-08-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-05-13] ()
HKU\S-1-5-21-720449975-2614750782-2466370000-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-08-16]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-08-19]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6014EB82-7467-411F-99AD-057385EF415B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-720449975-2614750782-2466370000-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-720449975-2614750782-2466370000-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-720449975-2614750782-2466370000-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-720449975-2614750782-2466370000-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE09&ocid=UE09DHP
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-05-13] (RealDownloader)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-05-13] (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-19] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-08-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-08-19] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-720449975-2614750782-2466370000-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Bill\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon [2016-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-08-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer Downloader) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-08-18]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-09-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-09-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-08-19] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\BASHDefs\20160521.001\BHDrvx64.sys [1832176 2016-08-09] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-08-09] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-28] (Symantec Corporation)
U3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-04-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\IPSDefs\20160803.001\IDSVia64.sys [876760 2016-08-09] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-31] (Malwarebytes)
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-08-09] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-08-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-09-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-08-09] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-08-09] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-26] ()
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix-3\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160911.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160911.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 16:51 - 2016-09-11 16:51 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-09-11 16:49 - 2016-09-11 16:49 - 00101112 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-09-11 16:49 - 2016-09-11 16:49 - 00008270 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-09-11 16:49 - 2016-09-11 16:49 - 00002373 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-09-11 16:49 - 2016-09-11 16:49 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-09-11 16:46 - 2016-09-11 16:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-09-11 16:46 - 2016-09-11 16:46 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-09-11 16:46 - 2016-09-11 16:46 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-09-11 16:46 - 2016-09-11 16:46 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-09-11 16:44 - 2016-09-11 16:44 - 01089856 _____ (Symantec Corporation) C:\Users\Bill\Downloads\NSDownloader.exe
2016-09-07 17:29 - 2016-09-07 17:33 - 00000000 ____D C:\Users\Bill\AppData\Roaming\gsmartcontrol
2016-09-07 17:29 - 2016-09-07 17:29 - 00000000 ____D C:\Users\Bill\Desktop\gsmartcontrol-0.8.7-win32
2016-09-07 17:28 - 2016-09-07 17:28 - 06793865 _____ C:\Users\Bill\Desktop\gsmartcontrol-0.8.7-win32.zip
2016-09-07 11:51 - 2016-09-07 11:56 - 00000000 ____D C:\Users\Bill\Desktop\spsetup129
2016-09-07 11:50 - 2016-09-07 11:50 - 00022666 _____ C:\Users\Bill\Desktop\MTB.txt
2016-09-07 11:48 - 2016-09-07 11:23 - 05201280 _____ (Piriform Ltd) C:\Users\Bill\Desktop\spsetup129.exe
2016-09-07 11:48 - 2016-09-07 11:22 - 05279542 _____ C:\Users\Bill\Desktop\spsetup129.zip
2016-09-07 11:47 - 2016-09-07 11:26 - 00892416 _____ (Farbar) C:\Users\Bill\Desktop\MiniToolBox.exe
2016-09-06 13:07 - 2016-09-06 13:20 - 00002542 _____ C:\Users\Bill\Desktop\Fixlog.txt
2016-09-06 13:07 - 2016-09-06 13:07 - 00000000 ____D C:\Users\Bill\Desktop\FRST-OlderVersion
2016-09-06 13:06 - 2016-09-06 13:20 - 00000136 _____ C:\Users\Bill\Desktop\fixlist2.txt
2016-08-31 16:31 - 2016-08-31 16:12 - 07344400 _____ (AVAST Software) C:\Users\Bill\Desktop\avastclear.exe
2016-08-29 09:47 - 2016-08-29 09:47 - 00011984 _____ C:\ComboFix.txt
2016-08-29 09:29 - 2016-08-29 09:30 - 00000087 _____ C:\Users\Bill\Desktop\urls.txt
2016-08-29 09:17 - 2016-08-29 09:17 - 00000000 _____ C:\Windows\SysWOW64\RMVR-SRVC-.1.0.0.1128_16248.tiny.dmp
2016-08-26 11:54 - 2016-08-26 11:54 - 00005408 _____ C:\Users\Bill\Desktop\reportrouge.txt
2016-08-26 11:31 - 2016-08-26 12:22 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-08-26 11:30 - 2016-08-26 11:30 - 00000867 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-08-26 11:30 - 2016-08-26 11:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-26 11:30 - 2016-08-26 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-26 11:30 - 2016-08-26 11:30 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-26 11:27 - 2016-08-26 08:52 - 31926992 _____ (Adlice Software ) C:\Users\Bill\Desktop\setup.exe
2016-08-26 11:27 - 2016-08-26 08:51 - 00001629 _____ C:\Users\Bill\Desktop\8-26-post.txt
2016-08-24 11:56 - 2016-08-24 11:20 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-08-24 11:20 - 2016-08-24 12:36 - 00000000 ____D C:\zoek_backup
2016-08-24 11:08 - 2016-08-24 09:00 - 00002310 _____ C:\Users\Bill\Desktop\latest-post.txt
2016-08-24 11:08 - 2016-08-24 08:58 - 00000188 _____ C:\Users\Bill\Desktop\zoek-input.txt
2016-08-24 11:08 - 2016-08-24 08:55 - 01309184 _____ C:\Users\Bill\Desktop\zoek.exe
2016-08-23 11:11 - 2016-08-23 11:23 - 00006668 _____ C:\Users\Bill\Desktop\Fixlog2.txt
2016-08-21 20:26 - 2016-08-21 20:27 - 00038465 _____ C:\Users\Bill\Desktop\Addition.txt
2016-08-21 20:23 - 2016-09-11 17:13 - 00018481 _____ C:\Users\Bill\Desktop\FRST.txt
2016-08-21 20:23 - 2016-09-11 17:13 - 00000000 ____D C:\FRST
2016-08-21 20:23 - 2016-09-06 13:07 - 02397696 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2016-08-19 22:01 - 2016-08-19 22:01 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-19 22:01 - 2016-08-19 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-19 21:59 - 2016-08-19 21:59 - 00001213 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2016-08-19 21:59 - 2016-08-19 21:59 - 00000318 _____ C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-720449975-2614750782-2466370000-1001.job
2016-08-19 21:59 - 2016-08-19 21:59 - 00000000 ____D C:\Users\Bill\AppData\Roaming\RealNetworks
2016-08-19 21:59 - 2016-08-19 21:59 - 00000000 ____D C:\ProgramData\RealNetworks
2016-08-19 21:59 - 2016-08-19 21:59 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2016-08-19 21:58 - 2016-08-19 21:58 - 00512392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-08-19 21:58 - 2016-08-19 21:58 - 00360840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-08-19 21:58 - 2016-08-19 21:58 - 00285576 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2016-08-19 21:58 - 2016-08-19 21:58 - 00207752 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2016-08-19 21:56 - 2016-08-19 21:56 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Sun
2016-08-19 21:56 - 2016-08-19 21:56 - 00000000 ____D C:\Users\Bill\.oracle_jre_usage
2016-08-19 21:55 - 2016-08-19 21:55 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-19 21:55 - 2016-08-19 21:55 - 00000000 ____D C:\ProgramData\Oracle
2016-08-19 21:55 - 2016-08-19 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-19 21:55 - 2016-08-19 21:55 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-19 21:46 - 2016-08-19 19:55 - 177912864 _____ (Kaspersky Lab) C:\Users\Bill\Desktop\kis17.0.0.611en_10743.exe
2016-08-19 20:12 - 2016-08-19 20:12 - 00000000 ____D C:\Users\Bill\AppData\Local\ESET
2016-08-19 02:41 - 2016-08-19 21:48 - 00288465 _____ C:\Windows\SysWOW64\rsslogs.20160819024141
2016-08-18 20:43 - 2016-08-19 02:41 - 00101526 _____ C:\Windows\SysWOW64\rsslogs.20160818204204
2016-08-18 20:34 - 2016-08-18 20:34 - 00008454 _____ C:\Windows\SysWOW64\rsslogs.20160818203311
2016-08-18 20:28 - 2016-08-18 20:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-18 20:26 - 2016-08-18 20:26 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-08-18 20:26 - 2016-08-18 20:26 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-08-18 20:21 - 2016-08-18 20:33 - 00017105 _____ C:\Windows\SysWOW64\rsslogs.20160818202047
2016-08-18 19:18 - 2016-08-18 19:20 - 00192146 _____ C:\TDSSKiller.3.1.0.11_18.08.2016_19.18.12_log.txt
2016-08-18 19:16 - 2016-08-18 19:16 - 00072580 _____ C:\Windows\SysWOW64\rsslogs.20160818191546
2016-08-17 03:01 - 2016-08-17 03:01 - 00133372 _____ C:\Windows\SysWOW64\rsslogs.20160817030015
2016-08-16 21:02 - 2016-08-17 03:01 - 00095608 _____ C:\Windows\SysWOW64\rsslogs.20160816210111
2016-08-16 17:46 - 2016-08-16 17:46 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BILL-PC-Windows-7-Home-Premium-(64-bit).dat
2016-08-16 17:46 - 2016-08-16 17:46 - 00000000 ____D C:\RegBackup
2016-08-16 17:28 - 2016-08-16 17:28 - 00020519 _____ C:\Windows\SysWOW64\rsslogs.20160816172703
2016-08-16 17:02 - 2016-08-16 17:02 - 00002168 _____ C:\Users\Bill\Desktop\Tweaking.com - Windows Repair.lnk
2016-08-16 17:01 - 2016-08-16 17:02 - 00188913 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-08-16 17:01 - 2016-08-16 17:01 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-08-16 17:01 - 2016-08-16 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-16 17:01 - 2016-08-16 17:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-16 16:55 - 2016-08-18 20:14 - 00001868 _____ C:\Users\Bill\Desktop\sc-cleaner.txt
2016-08-16 16:35 - 2016-08-19 22:06 - 00001954 _____ C:\Users\Bill\Desktop\Rkill.txt
2016-08-16 16:33 - 2016-08-16 17:27 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-720449975-2614750782-2466370000-1001
2016-08-16 16:32 - 2016-08-16 16:32 - 00038628 _____ C:\Windows\SysWOW64\rsslogs.20160816163127
2016-08-16 14:35 - 2016-08-16 14:35 - 00001104 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-08-16 14:35 - 2016-08-16 14:35 - 00000000 ____D C:\Users\Bill\AppData\Local\CEF
2016-08-16 14:35 - 2016-08-16 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-08-16 14:34 - 2016-08-16 14:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-16 14:34 - 2016-08-16 14:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-16 14:31 - 2016-08-16 16:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-08-16 14:30 - 2016-08-16 14:30 - 00017379 _____ C:\Users\Bill\Desktop\JRT.txt
2016-08-16 14:21 - 2016-08-16 14:21 - 00070119 _____ C:\Windows\SysWOW64\rsslogs.20160816142010
2016-08-16 14:14 - 2016-08-16 14:18 - 00000000 ____D C:\AdwCleaner
2016-08-16 13:53 - 2016-08-29 09:32 - 05659484 ____R (Swearware) C:\Users\Bill\Desktop\ComboFix-3.exe
2016-08-16 13:29 - 2016-08-16 14:17 - 00059156 _____ C:\Windows\SysWOW64\rsslogs.20160816132801
2016-08-16 12:13 - 2016-08-31 16:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 12:13 - 2016-08-16 12:13 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-16 12:13 - 2016-08-16 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-16 12:13 - 2016-08-16 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-16 12:13 - 2016-08-16 12:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-16 12:13 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-16 12:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-16 12:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-16 10:34 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-08-16 10:34 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-08-16 10:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-08-16 10:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-08-16 10:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-08-16 10:34 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-08-16 10:34 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-08-16 10:34 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-08-16 10:30 - 2016-08-29 09:47 - 00000000 ____D C:\Qoobox
2016-08-16 10:30 - 2016-08-16 10:48 - 00000000 ____D C:\Windows\erdnt
2016-08-16 10:23 - 2016-07-07 19:55 - 01610560 _____ (Malwarebytes) C:\Users\Rosemary\Desktop\JRT.exe
2016-08-16 10:22 - 2016-08-14 21:50 - 05658927 ____R (Swearware) C:\Users\Rosemary\Desktop\ComboFix-3.exe
2016-08-16 10:22 - 2016-08-12 17:16 - 03784256 _____ C:\Users\Rosemary\Desktop\AdwCleaner-4.exe
2016-08-16 10:22 - 2016-07-28 03:53 - 237945104 _____ (AVAST Software) C:\Users\Rosemary\Desktop\avast_internet_security_setup_offline.exe
2016-08-16 10:22 - 2016-05-13 06:45 - 03017376 _____ (ESET) C:\Users\Rosemary\Desktop\eset_smart_security_live_installer.exe
2016-08-16 10:22 - 2016-03-30 09:59 - 22851472 _____ (Malwarebytes ) C:\Users\Rosemary\Desktop\mbam-setup-bc.1878-2.2.1.1043.exe
2016-08-16 10:22 - 2016-02-24 10:01 - 02622304 _____ (Kaspersky Lab) C:\Users\Rosemary\Desktop\kss16.0.0.1344en_9702-2.exe
2016-08-16 10:22 - 2013-04-05 12:00 - 09096848 _____ (SurfRight B.V.) C:\Users\Rosemary\Desktop\HitmanPro.exe
2016-08-12 11:41 - 2016-08-11 18:27 - 06757915 _____ C:\Users\Rosemary\Desktop\combofix.exe.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 17:02 - 2010-02-20 13:02 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-09-11 17:02 - 2009-10-29 07:47 - 00000000 ____D C:\ProgramData\Norton
2016-09-11 16:58 - 2010-06-01 19:57 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Skype
2016-09-11 16:49 - 2013-06-26 14:43 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-09-11 16:46 - 2009-07-13 23:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-11 16:46 - 2009-07-13 23:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-11 16:44 - 2011-10-27 16:20 - 00001244 _____ C:\Users\Bill\Desktop\Norton Installation Files.lnk
2016-09-11 16:44 - 2010-02-20 13:02 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-09-11 16:42 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-11 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-11 16:39 - 2010-02-06 13:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 16:38 - 2010-05-02 11:50 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-09-11 16:38 - 2010-02-06 13:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-11 16:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 16:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-31 16:33 - 2016-08-11 17:31 - 00255808 _____ C:\Windows\ntbtlog.txt
2016-08-29 09:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-08-29 09:33 - 2010-08-26 15:16 - 00000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2016-08-19 22:01 - 2010-05-02 17:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-19 22:01 - 2010-05-02 17:11 - 00000000 ____D C:\ProgramData\Skype
2016-08-19 22:00 - 2011-10-05 17:19 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Real
2016-08-19 21:59 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-08-19 21:59 - 2011-10-05 17:19 - 00000000 ____D C:\Program Files (x86)\Real
2016-08-19 21:57 - 2011-10-05 17:19 - 00000000 ____D C:\ProgramData\Real
2016-08-19 21:56 - 2010-01-19 11:10 - 00000000 ____D C:\Users\Bill
2016-08-18 20:28 - 2015-07-16 10:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-18 20:28 - 2009-10-29 07:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-18 19:20 - 2010-10-23 11:55 - 00079608 _____ C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-17 02:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-08-16 20:59 - 2009-07-13 23:45 - 00335312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-16 18:13 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2016-08-16 18:10 - 2013-05-13 10:52 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-16 17:27 - 2015-03-11 17:01 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-720449975-2614750782-2466370000-1001
2016-08-16 16:54 - 2011-10-05 17:19 - 00000000 ____D C:\Users\Bill\AppData\Local\The Weather Channel
2016-08-16 16:25 - 2009-10-29 07:50 - 00000000 ____D C:\ProgramData\Symantec
2016-08-16 14:35 - 2015-01-19 15:52 - 00000000 __SHD C:\Users\Bill\AppData\LocalLow\EmieBrowserModeList
2016-08-16 14:35 - 2014-04-20 11:57 - 00000000 __SHD C:\Users\Bill\AppData\LocalLow\EmieUserList
2016-08-16 14:35 - 2014-04-20 11:22 - 00000000 __SHD C:\Users\Bill\AppData\LocalLow\EmieSiteList
2016-08-16 14:29 - 2015-08-06 09:43 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-16 14:22 - 2013-04-16 03:03 - 00000000 ____D C:\Users\UpdatusUser
2016-08-16 13:29 - 2015-01-19 15:53 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-720449975-2614750782-2466370000-1001
2016-08-16 13:28 - 2015-01-19 15:52 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-720449975-2614750782-2466370000-1001
2016-08-16 10:46 - 2009-07-13 21:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_726
2016-08-16 10:43 - 2009-07-13 21:34 - 94371840 _____ C:\Windows\system32\config\software.bak
2016-08-16 10:43 - 2009-07-13 21:34 - 16252928 _____ C:\Windows\system32\config\system.bak
2016-08-16 10:43 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-08-16 10:43 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-08-16 10:43 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2016-08-16 10:42 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files

==================== Files in the root of some directories =======

2014-05-22 15:19 - 2014-05-22 16:07 - 0000142 _____ () C:\Users\Bill\AppData\Roaming\wklnhst.dat
2010-05-02 17:17 - 2010-05-02 17:17 - 0000048 _____ () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-07 21:35

==================== End of FRST.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users