Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MGID/Adskeeper impossible to get rid of?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Menhem

Menhem

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 December 2016 - 05:00 PM

Hello,

 

The other day while simply surfing on the internet as I always do and reading on news websites, all of sudden different ads started to come up replacing the "normal" ads on different sites and making the browser very slow and laggy. The ads are about asian/russian women, cars, medication etc..

 

They seem to be from something called MGID ads and Adskeeper.

 

It occurs on all browsers, Chrome, Explorer and Firefox.

 

I have checked if there is a program installed in Add/Remove, but there is nothing there.

 

I have checked extensions in all browsers, but there is nothing there.

 

I have even format the entire computer deleting everything, but the problem is still there.

 

I now hope, that you guys can help me getting rid of these annoying ads.

 

Logs from Farbar Recovery Scan Tool:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Mahmoud (administrator) on MENHEM (28-12-2016 22:48:15)
Running from C:\Users\Mahmoud\Desktop
Loaded Profiles: Mahmoud (Available Profiles: Mahmoud)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-04-21] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-28] (AVAST Software)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [186136 2016-04-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164696 2016-04-21] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-28] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{0063B33B-F94A-464D-AC61-255FECB34B36}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2391931168-3621434969-2257677380-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/da-dk/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-28] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-28] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-28] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-28] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-28] (Google Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Google Slides) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Google Drive) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Google Sheets) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Extension: (Avast Online Security) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-28]
CHR Extension: (Gmail) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-28] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-12-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-28] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2016-12-28] (Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-28 22:48 - 2016-12-28 22:48 - 00010743 _____ C:\Users\Mahmoud\Desktop\FRST.txt
2016-12-28 22:48 - 2016-12-28 22:48 - 00000000 ____D C:\FRST
2016-12-28 22:47 - 2016-12-28 22:47 - 02420736 _____ (Farbar) C:\Users\Mahmoud\Desktop\FRST64.exe
2016-12-28 22:24 - 2016-12-28 22:24 - 00000117 _____ C:\Windows\system32\netcfg-34576750.txt
2016-12-28 22:24 - 2016-12-28 22:24 - 00000117 _____ C:\Windows\system32\netcfg-34573781.txt
2016-12-28 22:24 - 2016-12-28 22:24 - 00000117 _____ C:\Windows\system32\netcfg-34569312.txt
2016-12-28 22:24 - 2016-12-28 22:24 - 00000117 _____ C:\Windows\system32\netcfg-34569000.txt
2016-12-28 21:09 - 2016-12-28 12:13 - 00000000 ____D C:\Windows\Panther
2016-12-28 16:03 - 2016-12-28 16:03 - 00000117 _____ C:\Windows\system32\netcfg-11708515.txt
2016-12-28 16:03 - 2016-12-28 16:03 - 00000117 _____ C:\Windows\system32\netcfg-11708328.txt
2016-12-28 12:56 - 2016-12-28 12:56 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-28 12:56 - 2016-12-28 12:56 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-28 12:56 - 2016-12-28 12:56 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-28 12:55 - 2016-12-28 12:55 - 54199488 _____ (Malwarebytes ) C:\Users\Mahmoud\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2016-12-28 12:55 - 2016-12-28 12:55 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-28 12:55 - 2016-12-28 12:55 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-28 12:55 - 2016-12-28 12:55 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-28 12:55 - 2016-12-28 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-28 12:55 - 2016-12-28 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-28 12:55 - 2016-12-28 12:55 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-28 12:55 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-28 12:53 - 2016-12-28 12:54 - 45963976 _____ (Malwarebytes ) C:\Users\Mahmoud\Desktop\Unconfirmed 113440.crdownload
2016-12-28 12:49 - 2016-12-28 12:49 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-12-28 12:49 - 2016-12-28 12:49 - 00000117 _____ C:\Windows\system32\netcfg-48109.txt
2016-12-28 12:49 - 2016-12-28 12:49 - 00000000 __SHD C:\Users\Mahmoud\IntelGraphicsProfiles
2016-12-28 12:49 - 2016-12-28 12:49 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-12-28 12:49 - 2016-12-28 12:49 - 00000000 ____D C:\Windows\system32\NV
2016-12-28 12:49 - 2016-12-28 12:49 - 00000000 ____D C:\Users\Mahmoud\AppData\Local\NVIDIA
2016-12-28 12:49 - 2016-12-28 12:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-28 12:48 - 2016-12-28 12:48 - 00000117 _____ C:\Windows\system32\netcfg-1219953.txt
2016-12-28 12:45 - 2016-12-28 12:52 - 00000000 ____D C:\AdwCleaner
2016-12-28 12:45 - 2016-12-28 12:45 - 03977168 _____ C:\Users\Mahmoud\Desktop\AdwCleaner.exe
2016-12-28 12:42 - 2016-12-28 12:42 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-12-28 12:35 - 2014-05-20 03:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-12-28 12:35 - 2014-05-20 00:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-12-28 12:35 - 2014-05-20 00:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-12-28 12:35 - 2014-05-20 00:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-12-28 12:35 - 2014-05-14 23:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-12-28 12:35 - 2014-05-14 23:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-12-28 12:35 - 2014-05-14 23:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-12-28 12:35 - 2014-05-14 23:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-12-28 12:35 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-12-28 12:35 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-12-28 12:35 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-12-28 12:35 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2016-12-28 12:35 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2016-12-28 12:34 - 2016-12-28 12:34 - 00000000 ____D C:\Program Files\Intel
2016-12-28 12:32 - 2016-12-28 12:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-28 12:32 - 2016-12-28 12:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-28 12:32 - 2016-12-28 12:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-28 12:32 - 2016-02-15 08:26 - 06365632 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 02991672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 00947256 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-12-28 12:32 - 2016-02-15 08:26 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-28 12:32 - 2016-02-15 08:26 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-28 12:32 - 2016-02-11 16:14 - 06172297 _____ C:\Windows\system32\nvcoproc.bin
2016-12-28 12:32 - 2015-08-27 18:20 - 00072704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-28 12:32 - 2015-08-27 18:20 - 00069120 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-12-28 12:28 - 2016-12-28 12:28 - 00000117 _____ C:\Windows\system32\netcfg-47359.txt
2016-12-28 12:27 - 2016-12-28 12:27 - 00000117 _____ C:\Windows\system32\netcfg-949203.txt
2016-12-28 12:26 - 2016-12-28 12:26 - 00003538 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-12-28 12:26 - 2016-12-28 12:26 - 00000000 ____D C:\Program Files\DIFX
2016-12-28 12:26 - 2016-12-28 12:26 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-12-28 12:25 - 2016-12-28 12:25 - 28306704 _____ C:\Users\Mahmoud\Downloads\SmartGesture_Win8_64_VER228.zip
2016-12-28 12:23 - 2016-12-28 12:38 - 00000000 ____D C:\Users\Mahmoud\AppData\Local\Google
2016-12-28 12:23 - 2016-12-28 12:35 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-28 12:23 - 2016-12-28 12:23 - 00000000 ____D C:\Users\Mahmoud\AppData\Local\CEF
2016-12-28 12:23 - 2016-12-28 12:23 - 00000000 ____D C:\Intel
2016-12-28 12:23 - 2012-11-07 17:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-12-28 12:22 - 2016-12-28 12:34 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482924176
2016-12-28 12:22 - 2016-12-28 12:34 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-28 12:22 - 2016-12-28 12:22 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-28 12:22 - 2016-12-28 12:22 - 00000117 _____ C:\Windows\system32\netcfg-634296.txt
2016-12-28 12:22 - 2016-12-28 12:22 - 00000117 _____ C:\Windows\system32\netcfg-633593.txt
2016-12-28 12:22 - 2016-12-28 12:22 - 00000000 ____D C:\Program Files\Google
2016-12-28 12:21 - 2016-12-28 12:21 - 00000000 ____D C:\ProgramData\Google
2016-12-28 12:20 - 2016-12-28 12:43 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2391931168-3621434969-2257677380-1001
2016-12-28 12:20 - 2016-12-28 12:26 - 00003364 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-28 12:20 - 2016-12-28 12:26 - 00003236 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-28 12:20 - 2016-12-28 12:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-28 12:20 - 2016-12-28 12:20 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-12-28 12:20 - 2016-12-28 12:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-28 12:20 - 2016-12-28 12:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-28 12:19 - 2016-12-28 12:19 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-28 12:19 - 2016-12-28 12:19 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-28 12:19 - 2016-12-28 12:19 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-28 12:19 - 2016-12-28 12:19 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-28 12:19 - 2016-12-28 12:19 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-28 12:19 - 2016-12-28 12:19 - 00000000 ____D C:\Users\Mahmoud\AppData\Roaming\AVAST Software
2016-12-28 12:19 - 2016-12-28 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-28 12:19 - 2016-12-28 12:19 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-28 12:19 - 2016-12-28 12:18 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-28 12:19 - 2016-12-28 12:18 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-28 12:18 - 2016-12-28 12:20 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-28 12:18 - 2016-12-28 12:18 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-28 12:17 - 2016-12-28 12:20 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-28 12:15 - 2016-12-28 12:15 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-28 12:14 - 2016-12-28 12:15 - 00000000 ____D C:\ProgramData\PRICache
2016-12-28 12:14 - 2016-12-28 12:14 - 00001434 _____ C:\Users\Mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-28 12:14 - 2016-12-28 12:14 - 00000000 ____D C:\Users\Mahmoud\AppData\Roaming\Adobe
2016-12-28 12:14 - 2016-12-28 12:14 - 00000000 ____D C:\Users\Mahmoud\AppData\Local\VirtualStore
2016-12-28 12:14 - 2016-12-28 12:14 - 00000000 ____D C:\Users\Mahmoud\AppData\Local\Packages
2016-12-28 12:13 - 2016-12-28 12:49 - 00000000 ____D C:\Users\Mahmoud
2016-12-28 12:13 - 2016-12-28 12:13 - 00001027 _____ C:\Windows\system32\netcfg-88843.txt
2016-12-28 12:13 - 2016-12-28 12:13 - 00000199 _____ C:\Windows\system32\netcfg-87671.txt
2016-12-28 12:13 - 2016-12-28 12:13 - 00000117 _____ C:\Windows\system32\netcfg-90328.txt
2016-12-28 12:13 - 2016-12-28 12:13 - 00000117 _____ C:\Windows\system32\netcfg-90281.txt
2016-12-28 12:13 - 2016-12-28 12:13 - 00000117 _____ C:\Windows\system32\netcfg-80937.txt
2016-12-28 12:13 - 2016-12-28 12:13 - 00000020 ___SH C:\Users\Mahmoud\ntuser.ini
2016-12-28 12:13 - 2016-12-28 12:13 - 00000000 _SHDL C:\Users\Mahmoud\My Documents
2016-12-28 12:13 - 2016-12-28 12:13 - 00000000 _SHDL C:\Users\Mahmoud\Documents\My Videos
2016-12-28 12:13 - 2016-12-28 12:13 - 00000000 _SHDL C:\Users\Mahmoud\Documents\My Pictures
2016-12-28 12:13 - 2016-12-28 12:13 - 00000000 _SHDL C:\Users\Mahmoud\Documents\My Music
2016-12-28 12:10 - 2016-12-28 12:10 - 00001136 _____ C:\Windows\system32\netcfg-54531.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00001135 _____ C:\Windows\system32\netcfg-50781.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00001101 _____ C:\Windows\system32\netcfg-64359.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000197 _____ C:\Windows\system32\netcfg-54843.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000185 _____ C:\Windows\system32\netcfg-50390.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000164 _____ C:\Windows\system32\netcfg-46109.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000162 _____ C:\Windows\system32\netcfg-64078.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000161 _____ C:\Windows\system32\netcfg-47687.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000160 _____ C:\Windows\system32\netcfg-47468.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000160 _____ C:\Windows\system32\netcfg-46796.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000160 _____ C:\Windows\system32\netcfg-43906.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000159 _____ C:\Windows\system32\netcfg-46546.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000157 _____ C:\Windows\system32\netcfg-47078.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000157 _____ C:\Windows\system32\netcfg-45515.txt
2016-12-28 12:10 - 2016-12-28 12:10 - 00000150 _____ C:\Windows\system32\netcfg-46296.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-28 21:08 - 2012-07-26 09:13 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-12-28 12:54 - 2012-07-26 08:28 - 00803370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 12:54 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2016-12-28 12:49 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-28 12:48 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2016-12-28 12:48 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-28 12:32 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\Help
2016-12-28 12:22 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-28 12:14 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-12-28 12:14 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2016-12-28 12:12 - 2012-07-26 08:19 - 00281296 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-28 12:09
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Mahmoud (28-12-2016 22:48:46)
Running from C:\Users\Mahmoud\Desktop
Windows 8 (X64) (2016-12-28 11:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2391931168-3621434969-2257677380-500 - Administrator - Disabled)
Guest (S-1-5-21-2391931168-3621434969-2257677380-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2391931168-3621434969-2257677380-1003 - Limited - Enabled)
Mahmoud (S-1-5-21-2391931168-3621434969-2257677380-1001 - Administrator - Enabled) => C:\Users\Mahmoud
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
NVIDIA Graphics Driver 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27056 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2391931168-3621434969-2257677380-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {18C40BEE-2224-4592-9D97-3946B5421135} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
Task: {307F7B71-8F0F-46F9-BFB3-A2C3F6090C94} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-28] (AVAST Software)
Task: {55A1B48C-4A29-4FA5-BBA1-979E637977B9} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {6DC77119-96AB-470A-85AF-CCFBD817FF3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
Task: {79B611F5-9BCE-4F3A-8869-1A7688767B4F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-12-28] (AVAST Software)
Task: {A77428EE-A362-4E3C-9DE2-8EA50923F555} - System32\Tasks\SafeZone scheduled Autoupdate 1482924176 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-12-28 12:32 - 2016-02-15 08:26 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-28 12:55 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-28 12:55 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-28 12:55 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-28 12:18 - 2016-12-28 12:18 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-28 12:18 - 2016-12-28 12:18 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-28 22:25 - 2016-12-28 22:25 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122801\algo.dll
2016-12-28 12:18 - 2016-12-28 12:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-28 12:20 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-28 12:20 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-28 12:36 - 2016-12-11 12:37 - 17833560 _____ () C:\Users\Mahmoud\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2391931168-3621434969-2257677380-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{1F31A45B-B03A-400B-8333-3E2EBE3813B6}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-12-2016 12:20:17 Installed ASUS Smart Gesture
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/28/2016 12:25:58 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:25:57 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:25:56 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:25:55 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:25:55 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:25:55 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp2_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:22:32 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp1_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:22:31 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp1_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:22:30 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp1_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
Error: (12/28/2016 12:22:30 PM) (Source: MsiInstaller) (EventID: 11311) (User: Menhem)
Description: Product: ASUS Smart Gesture -- Error 1311. Source file not found(cabinet): C:\Users\Mahmoud\AppData\Local\Temp\Temp1_SmartGesture_Win8_64_VER228.zip\SETUP.CAB.  Verify that the file exists and that you can access it.
 
 
System errors:
=============
Error: (12/28/2016 12:48:48 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
 
Error: (12/28/2016 12:48:39 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (12/28/2016 12:48:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
The service did not start due to a logon failure.
 
Error: (12/28/2016 12:48:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (12/28/2016 12:48:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/28/2016 12:48:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (12/28/2016 12:48:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/28/2016 12:47:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (12/28/2016 12:47:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/28/2016 12:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 8077.68 MB
Available physical RAM: 6068.79 MB
Total Virtual: 12685.68 MB
Available Virtual: 10580.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.29 GB) (Free:673.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4AF2EE97)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================[Attached File  Addition.txt   15.24KB   0 downloads

 

Attached Files

  • Attached File  FRST.txt   26.58KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 30 December 2016 - 04:54 PM

Greetings Menhem and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Your computer is clean. What what model router and/or modem do you have? Let me know if other computers are accessing the Internet in the same manner as you are and whether or not they are experiencing issues.

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • MTB.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 Menhem

Menhem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 31 December 2016 - 08:43 PM

Hello and thank you very much for your answer.

 

I just checked on my brothers Mac and he has the exact same problem. Then I checked on my phone and it is pretty much the same.

 

The main router is an Alcatel-Lucent G-241W-P. But I am connected to a wireless router that it connected to the main router. The wireless router is a Netgear Wireless N 150 Router WNR1000.

 

Log:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Mahmoud (administrator) on 01-01-2017 at 02:41:05
Running from "C:\Users\Mahmoud\Desktop"
Microsoft Windows 8.1  (X64)
Model: X550VB Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Menhem
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-0A-64-15-63-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 24-0A-64-15-63-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 24-0A-64-15-63-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc87:4a89:2467:e11a%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.65(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 1. januar 2017 02:29:58
   Lease Expires . . . . . . . . . . : 2. januar 2017 02:29:58
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 321129060
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-F5-55-EB-AC-22-0B-19-13-FE
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : AC-22-0B-19-13-FE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{0063B33B-F94A-464D-AC61-255FECB34B36}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d59:2ec8:3422:f95:4d62:ae8(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3422:f95:4d62:ae8%22(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-F5-55-EB-AC-22-0B-19-13-FE
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  2a00:1450:400e:806::200e
 172.217.17.110
 
 
Pinging google.com [172.217.17.110] with 32 bytes of data:
Reply from 172.217.17.110: bytes=32 time=16ms TTL=53
Reply from 172.217.17.110: bytes=32 time=16ms TTL=53
 
Ping statistics for 172.217.17.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=101ms TTL=49
Reply from 98.139.183.24: bytes=32 time=100ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 100ms, Maximum = 101ms, Average = 100ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...16 0a 64 15 63 d9 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...24 0a 64 15 63 d8 ......Bluetooth Device (Personal Area Network)
  4...24 0a 64 15 63 d9 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  3...ac 22 0b 19 13 fe ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 22...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.65     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.65    281
        10.0.0.65  255.255.255.255         On-link         10.0.0.65    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.65    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.65    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.65    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 22    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 22    306 2001::/32                On-link
 22    306 2001:0:d59:2ec8:3422:f95:4d62:ae8/128
                                    On-link
  4    281 fe80::/64                On-link
 22    306 fe80::/64                On-link
 22    306 fe80::3422:f95:4d62:ae8/128
                                    On-link
  4    281 fe80::cc87:4a89:2467:e11a/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
 22    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 31 December 2016 - 08:53 PM

Do you know how to do a factory reset of your modem and router?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#5 Menhem

Menhem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 31 December 2016 - 08:59 PM

Yes, I know! Should I try that?



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 31 December 2016 - 09:03 PM

Yes please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 03 January 2017 - 10:34 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#8 Menhem

Menhem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 03 January 2017 - 07:25 PM

Sorry, I have been out of town a couple of days.

 

I just came home and tried what you told me and it seemed to do the trick. Everything is okay now. Thank you so much!!



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 03 January 2017 - 08:22 PM

Excellent. Is there anything else I can assist you with?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#10 Menhem

Menhem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 04 January 2017 - 03:14 AM

Not at the moment :)



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 04 January 2017 - 04:41 PM

:thumbsup2:

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:41 PM

Posted 04 January 2017 - 10:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users