Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit; Windows Firewall, Updates and profile blocked


  • This topic is locked This topic is locked
20 replies to this topic

#1 B_frustrated

B_frustrated

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 01 January 2017 - 07:57 PM

I have an older computer that has not been used for a few years until last month. I upgraded the RAM, changed the power supply and added a GeForce video card and gave it to my 10yo son to start a gaming computer. Today he was unable to logon to his profile (Windows 7 Pro 32) with a msg stating service not available. I logged into the administrator account and tried the following with no changes:

1. changed his password, rebooted

2. checked AVG - up-to-date, scanned daily with nothing found

3. checked Windows Firewall, was disabled and would not start with "use recommended settings". Error stated that Windows Firewall can't change some of your settings. Error code 0x80070424

4. tried to access Windows Update which was disabled and would not turn on stating system might       need to be restarted.  did not work.

5. Downloaded Malwarebytes, scanned found PUP in a Dell folder. quarantined, rebooted, no change.

6. Windows Firewall did not show up in Services. restarted in safemode, rescanned with Malwarebytes.

7. Ran sfc /scannow in an elevated command prompt, with no issues

8. Found article on bleepingcomputer ran Rkill then Malwarebytes again, with same file NOT quarantined.

9. Reviewed Rkill log which had a ZeroAccess Rootkit Alert

10. Found ZA Rootkit article on bleepingcomputer and followed instructions

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Administrator (administrator) on ADMIN-PC (01-01-2017 17:51:44)
Running from C:\Users\Administrator.admin-PC\Downloads
Loaded Profiles: admin & Administrator (Available Profiles: admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [1707080 2016-11-28] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [pnusbclitray] => C:\Windows\system32\pnusbclitray.exe [67480 2012-06-09] (Quest Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Run: [ZedgeToneSync] => C:\Users\admin\AppData\Local\Apps\2.0\Data\AGO9VQDX.VCG\Q66HRNK9.ZWT\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\n. <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-06-16]
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog5 06 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{730BE09E-43EA-47B0-B467-337DB5677CD9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{CF09257E-5326-40AE-89EE-BB90DCD3DA16}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&coid=&cmpid=&pr=pr&d=2011-12-26 00:58:29&v=19.6.0.592&pid=avg&sg=0&sap=hp
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2089707176-1115303125-1796299914-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&pr=pr&d=2011-12-26 00:58:29&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll [2011-09-09] (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
 
FireFox:
========
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2017-01-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files\AVG\AVG10\Firefox4 [2015-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-28] [not signed]
FF HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-11-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-05-25]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default [2017-01-01]
CHR Extension: (Google Slides) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-01]
CHR Extension: (Google Docs) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-01]
CHR Extension: (Google Drive) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-01]
CHR Extension: (YouTube) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-01]
CHR Extension: (AVG Safe Search) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2017-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01]
CHR Extension: (Gmail) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-01]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
S2 HPSLPSVC; C:\Users\admin\AppData\Local\Temp\7zS5A14\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [420288 2016-12-11] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [930240 2016-12-11] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [591944 2012-07-28] (Quest Software) [File not signed]
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 vToolbarUpdater19.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-11-28] (AVG Secure Search)
S2 WPSService20; C:\Program Files\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
S2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
S3 busbcrw; C:\Windows\System32\Drivers\busbcrw.sys [18944 2013-07-13] (Brother Industries, Ltd.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-22] (Avanquest Software) [File not signed]
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-01] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-01] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-12-11] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [40384 2016-12-11] (NVIDIA Corporation)
S2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [35488 2012-07-28] (Quest Software)
S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [20512 2012-07-28] (Quest Software)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1345168 2012-12-26] (Realtek Semiconductor Corporation                           )
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-01 17:51 - 2017-01-01 17:52 - 00020092 _____ C:\Users\Administrator.admin-PC\Downloads\FRST.txt
2017-01-01 17:50 - 2017-01-01 17:51 - 00000000 ____D C:\FRST
2017-01-01 17:50 - 2017-01-01 17:50 - 01760256 _____ (Farbar) C:\Users\Administrator.admin-PC\Downloads\FRST.exe
2017-01-01 17:50 - 2017-01-01 17:50 - 01760256 _____ (Farbar) C:\Users\Administrator.admin-PC\Downloads\FRST (1).exe
2017-01-01 17:44 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\CEF
2017-01-01 17:40 - 2017-01-01 17:40 - 00001219 _____ C:\Users\Administrator.admin-PC\Desktop\PUP.txt
2017-01-01 17:27 - 2017-01-01 17:27 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-01 17:27 - 2017-01-01 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-01 17:27 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-01 17:19 - 2017-01-01 17:20 - 00004030 _____ C:\Users\Administrator.admin-PC\Desktop\Rkill.txt
2017-01-01 16:38 - 2017-01-01 16:38 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\HPAppData
2017-01-01 15:48 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-01 15:48 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-01 15:48 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-01 15:47 - 2014-05-14 10:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-01 15:47 - 2014-05-14 10:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-01 15:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-01 15:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-01 15:45 - 2017-01-01 15:45 - 01679570 _____ C:\Users\Administrator.admin-PC\Desktop\WindowsUpdateLOG.txt
2017-01-01 15:02 - 2017-01-01 17:52 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Google
2017-01-01 15:02 - 2017-01-01 15:02 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-01 15:02 - 2017-01-01 15:02 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-01 15:00 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apps\2.0
2017-01-01 14:59 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Deployment
2017-01-01 14:59 - 2017-01-01 14:59 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Adobe
2017-01-01 14:58 - 2017-01-01 16:43 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\HPAppData
2017-01-01 14:58 - 2017-01-01 14:58 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Yahoo!
2017-01-01 14:56 - 2017-01-01 14:56 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apple
2017-01-01 14:51 - 2017-01-01 14:51 - 00113472 _____ C:\Users\Administrator.admin-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 14:49 - 2017-01-01 14:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software
2017-01-01 14:48 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA Corporation
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\AVG Secure Search
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\AVG Secure Search
2017-01-01 14:47 - 2017-01-01 14:47 - 00001413 _____ C:\Users\Administrator.admin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-01 14:47 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\AVG10
2017-01-01 14:47 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Apple Computer
2017-01-01 14:46 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC
2017-01-01 14:46 - 2017-01-01 14:46 - 00000020 ___SH C:\Users\Administrator.admin-PC\ntuser.ini
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\My Documents
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Videos
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Pictures
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Music
2017-01-01 14:46 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Microsoft Help
2017-01-01 14:46 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Macromedia
2017-01-01 14:46 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Media Center Programs
2017-01-01 13:42 - 2017-01-01 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-01 13:37 - 2017-01-01 13:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-01-01 13:31 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-01-01 13:29 - 2017-01-01 14:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2017-01-01 13:29 - 2017-01-01 13:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2017-01-01 13:26 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-01 13:11 - 2017-01-01 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
2017-01-01 13:10 - 2017-01-01 13:10 - 00113472 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 13:10 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\AVG Secure Search
2017-01-01 13:09 - 2017-01-01 14:45 - 00000000 ____D C:\Users\Administrator
2017-01-01 13:09 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-01-01 13:09 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-01-01 13:09 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-01-01 13:09 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-01-01 13:06 - 2017-01-01 13:10 - 00000000 ____D C:\Users\TEMP
2017-01-01 13:06 - 2012-01-29 03:00 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2017-01-01 13:06 - 2011-12-25 18:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2017-01-01 13:06 - 2009-07-14 01:49 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-12-31 20:40 - 2016-12-31 20:40 - 29067315 _____ C:\Users\admin\Downloads\VoidLauncher.zip
2016-12-30 14:14 - 2016-12-31 23:41 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2016-12-29 11:32 - 2016-12-29 11:32 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6(1).jar
2016-12-27 21:52 - 2016-12-27 21:52 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5(1).jar
2016-12-27 20:11 - 2016-12-27 20:11 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6.jar
2016-12-27 20:10 - 2016-12-27 20:10 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5.jar
2016-12-26 20:05 - 2016-12-26 20:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\NVIDIA
2016-12-26 19:38 - 2016-12-26 19:38 - 00117092 _____ C:\Users\admin\Desktop\minecraft_creeper_wallpaper.jpg
2016-12-26 19:35 - 2016-12-26 19:35 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2016-12-25 12:09 - 2016-12-31 21:14 - 00001099 _____ C:\Users\admin\Desktop\nativelog.txt
2016-12-25 10:25 - 2016-12-27 17:44 - 00000252 _____ C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
2016-12-25 10:25 - 2016-12-25 10:36 - 00000000 ____D C:\Users\admin\AppData\Local\Roblox
2016-12-25 09:13 - 2016-12-25 09:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\java
2016-12-25 09:12 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\Minecraft
2016-12-25 08:38 - 2016-12-30 14:50 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2016-12-25 05:56 - 2016-12-26 19:36 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2016-12-25 05:45 - 2017-01-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-25 05:45 - 2016-12-11 20:42 - 01452480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 01317312 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 00100288 _____ C:\Windows\system32\NvRtmpStreamer32.dll
2016-12-25 05:44 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\VulkanRT
2016-12-25 05:44 - 2016-12-11 12:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-12-25 05:44 - 2016-09-09 12:25 - 00269600 _____ C:\Windows\system32\vulkan-1.dll
2016-12-25 05:44 - 2016-09-09 12:25 - 00110880 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-25 05:43 - 2017-01-01 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-25 05:43 - 2016-12-26 19:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-25 05:43 - 2016-12-11 20:42 - 00203320 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-25 05:43 - 2016-12-11 20:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-25 05:43 - 2016-12-11 12:44 - 03973568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 02097600 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00460224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00381888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00070200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-25 05:43 - 2016-12-09 19:55 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2016-12-25 05:41 - 2017-01-01 14:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 05:41 - 2016-12-11 20:42 - 00091584 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2016-12-25 05:41 - 2016-12-11 20:42 - 00040384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 35222976 _____ C:\Windows\system32\nvcompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 28138432 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 17376896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 14410472 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 12133432 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 09151216 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08913328 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08753832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03479744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03206080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 01080256 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00975416 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00927168 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00896056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00572888 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00407248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00148016 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00131536 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00035527 _____ C:\Windows\system32\nvinfo.pb
2016-12-25 05:40 - 2016-12-11 20:42 - 00000669 _____ C:\Windows\system32\nv-vk32.json
2016-12-25 05:39 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-25 05:38 - 2017-01-01 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless LAN
2016-12-25 05:37 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\Edimax
2016-12-25 05:37 - 2013-05-15 15:27 - 00535040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2016-12-25 05:37 - 2013-05-15 15:27 - 00451072 _____ C:\Windows\system32\ISSRemoveSP.exe
2016-12-25 05:37 - 2012-12-26 13:38 - 01345168 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2016-12-25 05:32 - 2017-01-01 14:42 - 00000000 ____D C:\NVIDIA
2016-12-25 05:31 - 2016-12-25 05:31 - 28113126 _____ C:\Users\admin\Downloads\EW-7811Un_Windows_driver_v1.0.0.5.zip
2016-12-25 05:29 - 2016-12-25 05:31 - 317918816 _____ (NVIDIA Corporation) C:\Users\admin\Downloads\376.33-desktop-win8-win7-32bit-international-whql.exe
2016-12-22 21:07 - 2016-12-22 21:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-22 20:11 - 2016-12-22 20:11 - 00000000 ____D C:\Users\admin\Documents\SightSpeed Recordings
2016-12-22 00:45 - 2016-12-22 00:45 - 00000000 ____D C:\Users\admin\Documents\Shrew Soft VPN
2016-12-22 00:37 - 2016-12-22 00:37 - 00000000 ____D C:\Windows\system32\appmgmt
2016-12-21 21:15 - 2014-07-21 15:33 - 00597512 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC511.dll
2016-12-21 21:14 - 2016-12-21 21:14 - 00000057 _____ C:\ProgramData\Ament.ini
2016-12-21 21:08 - 2016-12-21 21:08 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2016-12-11 22:24 - 2017-01-01 14:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-11 21:46 - 2016-12-11 21:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000002.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00065536 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TM.blf
2016-12-11 17:28 - 2017-01-01 17:41 - 00470244 _____ C:\Windows\ntbtlog.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-01 17:46 - 2011-12-22 13:31 - 00778556 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-01 17:46 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2017-01-01 17:00 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-01 17:00 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-01 16:57 - 2011-12-31 19:14 - 00000000 _____ C:\Users\admin\AppData\LocalLow\prvlcl.dat
2017-01-01 16:36 - 2013-06-02 13:49 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-01-01 16:36 - 2012-04-14 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-01 16:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2017-01-01 15:54 - 2011-12-26 00:56 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2017-01-01 15:50 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-01 14:47 - 2009-07-13 22:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-01 14:45 - 2012-01-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-01 14:45 - 2011-12-22 12:31 - 00000000 ____D C:\Users\admin
2017-01-01 14:44 - 2014-07-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-01 14:44 - 2014-07-03 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-01 14:44 - 2014-03-13 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-01 14:44 - 2013-07-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palette Ver.8
2017-01-01 14:44 - 2013-01-09 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-01-01 14:44 - 2012-08-04 09:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-01 14:44 - 2012-07-28 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
2017-01-01 14:44 - 2012-06-16 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Smart Wizard
2017-01-01 14:44 - 2012-05-25 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-01 14:44 - 2012-03-19 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-01 14:44 - 2012-03-05 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-01 14:44 - 2012-02-18 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-01 14:44 - 2011-12-26 00:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-01 14:44 - 2011-12-26 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
2017-01-01 14:44 - 2011-12-22 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2017-01-01 14:44 - 2009-07-14 01:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-01 14:44 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-01 14:42 - 2012-03-19 19:31 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-01-01 13:29 - 2012-05-25 20:52 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-12-31 23:40 - 2014-02-23 15:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft
2016-12-31 21:13 - 2014-07-03 23:45 - 00000000 ____D C:\Users\admin\AppData\Local\Deployment
2016-12-31 21:10 - 2011-12-22 12:32 - 02775556 ____H C:\Users\admin\AppData\Local\IconCache.db
2016-12-27 20:47 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-25 05:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Logs
2016-12-25 05:44 - 2012-06-16 10:40 - 00000000 ____D C:\temp
2016-12-25 05:43 - 2009-07-13 20:37 - 00000000 ___HD C:\ProgramData
2016-12-25 05:43 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2016-12-25 05:38 - 2012-03-05 19:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2016-12-25 05:37 - 2012-01-15 21:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-25 04:57 - 2011-12-22 20:39 - 00000000 ____D C:\Users\admin\AppData\Local\Diagnostics
2016-12-24 00:09 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-22 20:11 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\Documents
2016-12-22 20:10 - 2011-12-31 19:09 - 00113472 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 00:49 - 2012-01-23 19:48 - 00019812 _____ C:\Windows\PFRO.log
2016-12-22 00:49 - 2009-07-13 22:33 - 00418560 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-22 00:40 - 2012-01-15 21:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-22 00:40 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-22 00:38 - 2012-01-15 21:20 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2016-12-22 00:38 - 2012-01-15 21:20 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\system32\Drivers\dgderdrv.sys
2016-12-22 00:34 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-22 00:00 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\Desktop
2016-12-21 21:16 - 2012-07-28 15:26 - 00000000 ____D C:\Users\admin\AppData\Local\HP
2016-12-21 21:16 - 2012-05-25 20:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2016-12-21 21:16 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-12-21 21:15 - 2012-05-25 20:19 - 00000000 ____D C:\ProgramData\HP
2016-12-21 21:15 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\HP
2016-12-21 21:15 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\twain_32
2016-12-21 21:01 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\assembly
2016-12-13 10:36 - 2012-04-14 10:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 10:36 - 2012-01-29 10:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 10:36 - 2011-12-22 20:37 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2013-06-28 16:49 - 2014-06-22 19:07 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2016-12-21 21:14 - 2016-12-21 21:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-25 20:43 - 2012-07-28 15:54 - 0007134 _____ () C:\ProgramData\hpzinstall.log
 
ZeroAccess:
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}\L\00000004.@
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}\L\201d3dde
 
ZeroAccess:
C:\Windows\System32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\System32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\@
 
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avguidx.dll
C:\Users\admin\AppData\Local\Temp\CommonInstaller.exe
C:\Users\admin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\admin\AppData\Local\Temp\HPInstaller.exe
C:\Users\admin\AppData\Local\Temp\iGearedHelper.dll
C:\Users\admin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\admin\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\admin\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\admin\AppData\Local\Temp\o5jotug1.dll
C:\Users\admin\AppData\Local\Temp\ose00000.exe
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\admin\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-24 00:09
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 01 January 2017 - 08:13 PM

When I tried to start this topic the first time it showed it timed out saying to retry later. I retyped it and tried again with it showing another time out. I see now that it posted both. I apologize. I maybe overlooking it, but I do not see an option to remove either post.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 02 January 2017 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Do this fix now.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [1707080 2016-11-28] ()
HKLM\...\Run: [] => [X]
HKU\S-1-5-18\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\n. <==== ATTENTION
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&coid=&cmpid=&pr=pr&d=2011-12-26 00:58:29&v=19.6.0.592&pid=avg&sg=0&sap=hp
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&pr=pr&d=2011-12-26 00:58:29&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 => not found
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-11-28]
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (AVG Safe Search) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2017-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-01]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
S2 vToolbarUpdater19.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-11-28] (AVG Secure Search)
Task: {F199672F-73F1-456E-BF0A-C18FAE5E86E6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe <==== ATTENTION
C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe

cmd: netsh winsock reset catalog
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===


For your added security I suggest that you update the following programs. DO IT LATER WHEN ALL IS WELL WITH THIS COMPUTER.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/
---

When the updates are completed and you have restarted the computer remove what remains of these versions via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)


Please post the logs let me know what problem persists with this computer.

#4 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 02 January 2017 - 10:30 AM

Thanks for the help. Here is the ReportRogue. Moving on to the fix.

 

RogueKiller V12.9.1.0 [Jan  2 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 01/02/2017 08:58:21 (Duration : 00:20:52)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 58 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9} (C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} (C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YPUBC.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} ("C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} ("C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YPUBC.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files\AVG\AVG10\avgssie.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} (C:\Program Files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} (C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YPUBC.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\19.5.0\ScriptHelper.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} (C:\Program Files\AVG Secure Search\GenericWndApi.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\19.5.0\ScriptHelper.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} (C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087} (C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTBM.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\19.5.0\ScriptHelper.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} (C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YCAPlugin.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTabBar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} (C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YPUBC.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\AVG Secure Search -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-500\Software\AVG Secure Search -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files\AVG\AVG10\avgssie.dll) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} :  (C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll)  -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :  (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll)  -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :  (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll)  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://isearch.avg.com?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&coid=&cmpid=&pr=pr&d=2011-12-26 00:58:29&v=19.6.0.592&pid=avg&sg=0&sap=hp  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2089707176-1115303125-1796299914-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe (--uninstall=1) -> Found
 
¤¤¤ Files : 12 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[Root.ZeroAccess][Folder] C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}\L -> Found
[Root.ZeroAccess][Folder] C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}\U -> Found
[Root.ZeroAccess][Folder] C:\Windows\System32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\L -> Found
[Root.ZeroAccess][Folder] C:\Windows\System32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\U -> Found
[PUP.Gen1][Folder] C:\Users\Administrator.admin-PC\AppData\Local\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[PUP.Gen1][Folder] C:\Program Files\AVG Secure Search -> Found
[PUP.Gen3][File] C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml -> Found
[PUP.Gen1][Folder] C:\Program Files\Yahoo!\Companion -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : AVG Safe Search [jmfkcklnlgedgbglfkkgedjfmejoahla] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 0de1e96c94eca6338ed4a572f2e75e52
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#5 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 02 January 2017 - 10:45 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Administrator (02-01-2017 09:33:31) Run:1
Running from C:\Users\Administrator.admin-PC\Downloads
Loaded Profiles: admin & Administrator (Available Profiles: admin & Administrator)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [1707080 2016-11-28] ()
HKLM\...\Run: [] => [X]
HKU\S-1-5-18\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}\n. <==== ATTENTION
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&coid=&cmpid=&pr=pr&d=2011-12-26 00:58:29&v=19.6.0.592&pid=avg&sg=0&sap=hp
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5DE93C83-9D06-4EAD-9AE4-F497B3F37ABB}&mid=b5dfedbd617a47d1a434c5b7f307c5b6-f2a77cffe5283591731dff16be2d2f0f3af12beb&lang=en&ds=AVG&pr=pr&d=2011-12-26 00:58:29&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\19.6.0.592\AVG Secure Search_toolbar.dll [2016-11-28] (AVG Secure Search)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2089707176-1115303125-1796299914-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 => not found
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-11-28]
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (AVG Safe Search) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2017-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-01]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
S2 vToolbarUpdater19.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-11-28] (AVG Secure Search)
Task: {F199672F-73F1-456E-BF0A-C18FAE5E86E6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe <==== ATTENTION
C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88}
C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe
 
cmd: netsh winsock reset catalog
Reboot:
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-18\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key removed successfully.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. 
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key removed successfully.
HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. 
HKU\S-1-5-21-2089707176-1115303125-1796299914-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKCR\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value removed successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => moved successfully
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully.
C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => moved successfully
C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => key removed successfully.
C:\Program Files\AVG\AVG10\Chrome\safesearch.crx => moved successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater19.5.0 => key removed successfully.
vToolbarUpdater19.5.0 => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F199672F-73F1-456E-BF0A-C18FAE5E86E6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F199672F-73F1-456E-BF0A-C18FAE5E86E6} => key removed successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => key removed successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Windows\system32\config\systemprofile\AppData\Local\{e8944140-aad2-454b-50c0-52b9adcb6e88} => moved successfully
C:\Windows\Installer\{e8944140-aad2-454b-50c0-52b9adcb6e88} => moved successfully
"C:\Windows\TEMP\{BDFC7EF5-9B63-4CEA-8E9E-79AA2B29AEFB}.exe" => not found.
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11741339 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1350941472 B
Edge => 0 B
Chrome => 67115460 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 284335170 B
LocalService => 66228 B
NetworkService => 78784 B
admin => 16379283044 B
Administrator.admin-PC => 115431162 B
 
RecycleBin => 0 B
EmptyTemp: => 17 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:36:04 ====


#6 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 02 January 2017 - 11:43 AM

I am able to log into my son's profile now (changed the password and account type to standard user) but I still cannot enable windows firewall or use Windows Update. Not sure if there were coincidence or collateral damage...

 

I am not letting him use the computer until you review the logs you requested and I know we are good to go.

 

Thanks again.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 02 January 2017 - 02:02 PM

Please run the Farbar tool one more tie.

Post fresh FRST and Addition.txt file for my review.

#8 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 02 January 2017 - 02:19 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Administrator (administrator) on ADMIN-PC (02-01-2017 13:09:36)
Running from C:\Users\Administrator.admin-PC\Downloads
Loaded Profiles: Administrator (Available Profiles: admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Quest Software) C:\Windows\System32\pnusbvirtualhubwssrv.exe
() C:\Program Files\Edimax\Edimax Wireless LAN\WPSService20.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Quest Software) C:\Windows\System32\PNUSBCLITRAY.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Quest Software) C:\Windows\System32\pntray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Logitech, Inc.) C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [pnusbclitray] => C:\Windows\system32\pnusbclitray.exe [67480 2012-06-09] (Quest Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-06-16]
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{730BE09E-43EA-47B0-B467-337DB5677CD9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{CF09257E-5326-40AE-89EE-BB90DCD3DA16}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2089707176-1115303125-1796299914-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll [2011-09-09] (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
 
FireFox:
========
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2017-01-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files\AVG\AVG10\Firefox4 [2015-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-05-25]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default [2017-01-02]
CHR Extension: (Google Slides) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-01]
CHR Extension: (Google Docs) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-01]
CHR Extension: (Google Drive) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-01]
CHR Extension: (YouTube) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-01]
CHR Extension: (Gmail) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [420288 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [930240 2016-12-11] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [591944 2012-07-28] (Quest Software) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WPSService20; C:\Program Files\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 HPSLPSVC; C:\Users\admin\AppData\Local\Temp\7zS5A14\hpslpsvc32.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
S3 busbcrw; C:\Windows\System32\Drivers\busbcrw.sys [18944 2013-07-13] (Brother Industries, Ltd.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-22] (Avanquest Software) [File not signed]
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2017-01-02] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-02] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-12-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [40384 2016-12-11] (NVIDIA Corporation)
R2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [35488 2012-07-28] (Quest Software)
S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [20512 2012-07-28] (Quest Software)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1345168 2012-12-26] (Realtek Semiconductor Corporation                           )
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-01-02] ()
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 11:06 - 2017-01-02 11:06 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\HP
2017-01-02 09:33 - 2017-01-02 09:36 - 00011197 _____ C:\Users\Administrator.admin-PC\Downloads\Fixlog.txt
2017-01-02 08:58 - 2017-01-02 08:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-02 08:57 - 2017-01-02 08:57 - 34631352 _____ (Adlice Software ) C:\Users\Administrator.admin-PC\Downloads\setup RK.exe
2017-01-02 08:49 - 2017-01-02 09:23 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-02 08:49 - 2017-01-02 08:57 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-02 08:49 - 2017-01-02 08:57 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-02 08:49 - 2017-01-02 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-01 17:52 - 2017-01-01 17:53 - 00029021 _____ C:\Users\Administrator.admin-PC\Downloads\Addition.txt
2017-01-01 17:51 - 2017-01-02 13:10 - 00017785 _____ C:\Users\Administrator.admin-PC\Downloads\FRST.txt
2017-01-01 17:50 - 2017-01-02 13:09 - 00000000 ____D C:\FRST
2017-01-01 17:50 - 2017-01-01 17:50 - 01760256 _____ (Farbar) C:\Users\Administrator.admin-PC\Downloads\FRST.exe
2017-01-01 17:44 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\CEF
2017-01-01 17:40 - 2017-01-01 17:40 - 00001219 _____ C:\Users\Administrator.admin-PC\Desktop\PUP.txt
2017-01-01 17:27 - 2017-01-02 09:38 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-01 17:27 - 2017-01-02 09:38 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-01 17:27 - 2017-01-02 09:38 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-01 17:27 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-01 17:19 - 2017-01-01 17:20 - 00004030 _____ C:\Users\Administrator.admin-PC\Desktop\Rkill.txt
2017-01-01 16:38 - 2017-01-01 16:38 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\HPAppData
2017-01-01 15:48 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-01 15:48 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-01 15:48 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-01 15:47 - 2014-05-14 10:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-01 15:47 - 2014-05-14 10:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-01 15:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-01 15:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-01 15:45 - 2017-01-01 15:45 - 01679570 _____ C:\Users\Administrator.admin-PC\Desktop\WindowsUpdateLOG.txt
2017-01-01 15:02 - 2017-01-01 17:52 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Google
2017-01-01 15:02 - 2017-01-01 15:02 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-01 15:02 - 2017-01-01 15:02 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-01 15:00 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apps\2.0
2017-01-01 14:59 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Deployment
2017-01-01 14:59 - 2017-01-01 14:59 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Adobe
2017-01-01 14:58 - 2017-01-01 16:43 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\HPAppData
2017-01-01 14:58 - 2017-01-01 14:58 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Yahoo!
2017-01-01 14:56 - 2017-01-01 14:56 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apple
2017-01-01 14:51 - 2017-01-01 14:51 - 00113472 _____ C:\Users\Administrator.admin-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 14:49 - 2017-01-01 14:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software
2017-01-01 14:48 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA Corporation
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\AVG Secure Search
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\AVG Secure Search
2017-01-01 14:47 - 2017-01-01 20:32 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Apple Computer
2017-01-01 14:47 - 2017-01-01 14:47 - 00001413 _____ C:\Users\Administrator.admin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-01 14:47 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\AVG10
2017-01-01 14:46 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC
2017-01-01 14:46 - 2017-01-01 14:46 - 00000020 ___SH C:\Users\Administrator.admin-PC\ntuser.ini
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\My Documents
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Videos
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Pictures
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Music
2017-01-01 14:46 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Microsoft Help
2017-01-01 14:46 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Macromedia
2017-01-01 14:46 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Media Center Programs
2017-01-01 13:42 - 2017-01-01 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-01 13:37 - 2017-01-01 13:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-01-01 13:31 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-01-01 13:29 - 2017-01-01 14:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2017-01-01 13:29 - 2017-01-01 13:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2017-01-01 13:26 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-01 13:11 - 2017-01-01 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
2017-01-01 13:10 - 2017-01-01 13:10 - 00113472 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 13:10 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\AVG Secure Search
2017-01-01 13:09 - 2017-01-01 14:45 - 00000000 ____D C:\Users\Administrator
2017-01-01 13:09 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-01-01 13:09 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-01-01 13:09 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-01-01 13:09 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-01-01 13:06 - 2017-01-01 13:10 - 00000000 ____D C:\Users\TEMP
2017-01-01 13:06 - 2012-01-29 03:00 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2017-01-01 13:06 - 2011-12-25 18:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2017-01-01 13:06 - 2009-07-14 01:49 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-12-31 20:40 - 2016-12-31 20:40 - 29067315 _____ C:\Users\admin\Downloads\VoidLauncher.zip
2016-12-30 14:14 - 2016-12-31 23:41 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2016-12-29 11:32 - 2016-12-29 11:32 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6(1).jar
2016-12-27 21:52 - 2016-12-27 21:52 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5(1).jar
2016-12-27 20:11 - 2016-12-27 20:11 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6.jar
2016-12-27 20:10 - 2016-12-27 20:10 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5.jar
2016-12-26 20:05 - 2016-12-26 20:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\NVIDIA
2016-12-26 19:35 - 2016-12-26 19:35 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2016-12-25 12:09 - 2016-12-31 21:14 - 00001099 _____ C:\Users\admin\Desktop\nativelog.txt
2016-12-25 10:25 - 2016-12-27 17:44 - 00000252 _____ C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
2016-12-25 10:25 - 2016-12-25 10:36 - 00000000 ____D C:\Users\admin\AppData\Local\Roblox
2016-12-25 09:13 - 2016-12-25 09:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\java
2016-12-25 09:12 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\Minecraft
2016-12-25 08:38 - 2016-12-30 14:50 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2016-12-25 05:56 - 2016-12-26 19:36 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2016-12-25 05:45 - 2017-01-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-25 05:45 - 2016-12-11 20:42 - 01452480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 01317312 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 00100288 _____ C:\Windows\system32\NvRtmpStreamer32.dll
2016-12-25 05:44 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\VulkanRT
2016-12-25 05:44 - 2016-12-11 12:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-12-25 05:44 - 2016-09-09 12:25 - 00269600 _____ C:\Windows\system32\vulkan-1.dll
2016-12-25 05:44 - 2016-09-09 12:25 - 00110880 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-25 05:43 - 2017-01-02 10:18 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-25 05:43 - 2016-12-26 19:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-25 05:43 - 2016-12-11 20:42 - 00203320 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-25 05:43 - 2016-12-11 20:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-25 05:43 - 2016-12-11 12:44 - 03973568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 02097600 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00460224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00381888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00070200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-25 05:43 - 2016-12-09 19:55 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2016-12-25 05:41 - 2017-01-01 14:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 05:41 - 2016-12-11 20:42 - 00091584 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2016-12-25 05:41 - 2016-12-11 20:42 - 00040384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 35222976 _____ C:\Windows\system32\nvcompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 28138432 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 17376896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 14410472 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 12133432 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 09151216 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08913328 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08753832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03479744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03206080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 01080256 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00975416 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00927168 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00896056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00572888 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00407248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00148016 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00131536 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00035527 _____ C:\Windows\system32\nvinfo.pb
2016-12-25 05:40 - 2016-12-11 20:42 - 00000669 _____ C:\Windows\system32\nv-vk32.json
2016-12-25 05:39 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-25 05:38 - 2017-01-01 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless LAN
2016-12-25 05:37 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\Edimax
2016-12-25 05:37 - 2013-05-15 15:27 - 00535040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2016-12-25 05:37 - 2013-05-15 15:27 - 00451072 _____ C:\Windows\system32\ISSRemoveSP.exe
2016-12-25 05:37 - 2012-12-26 13:38 - 01345168 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2016-12-25 05:32 - 2017-01-01 14:42 - 00000000 ____D C:\NVIDIA
2016-12-25 05:31 - 2016-12-25 05:31 - 28113126 _____ C:\Users\admin\Downloads\EW-7811Un_Windows_driver_v1.0.0.5.zip
2016-12-25 05:29 - 2016-12-25 05:31 - 317918816 _____ (NVIDIA Corporation) C:\Users\admin\Downloads\376.33-desktop-win8-win7-32bit-international-whql.exe
2016-12-22 21:07 - 2016-12-22 21:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-22 20:11 - 2016-12-22 20:11 - 00000000 ____D C:\Users\admin\Documents\SightSpeed Recordings
2016-12-22 00:45 - 2016-12-22 00:45 - 00000000 ____D C:\Users\admin\Documents\Shrew Soft VPN
2016-12-22 00:37 - 2016-12-22 00:37 - 00000000 ____D C:\Windows\system32\appmgmt
2016-12-21 21:15 - 2014-07-21 15:33 - 00597512 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC511.dll
2016-12-21 21:14 - 2016-12-21 21:14 - 00000057 _____ C:\ProgramData\Ament.ini
2016-12-21 21:08 - 2016-12-21 21:08 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2016-12-11 22:24 - 2017-01-01 14:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-11 21:46 - 2016-12-11 21:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000002.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00065536 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TM.blf
2016-12-11 17:28 - 2017-01-02 08:58 - 00470756 _____ C:\Windows\ntbtlog.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 12:36 - 2012-04-14 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-02 10:11 - 2014-07-03 23:45 - 00000000 ____D C:\Users\admin\AppData\Local\Deployment
2017-01-02 10:11 - 2013-01-09 21:11 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2017-01-02 09:57 - 2011-12-31 19:14 - 00000000 _____ C:\Users\admin\AppData\LocalLow\prvlcl.dat
2017-01-02 09:45 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-02 09:45 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-02 09:42 - 2011-12-22 13:31 - 00778556 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-02 09:42 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2017-01-02 09:41 - 2011-12-26 00:56 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2017-01-02 09:37 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-01 16:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2017-01-01 14:47 - 2009-07-13 22:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-01 14:45 - 2012-01-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-01 14:45 - 2011-12-22 12:31 - 00000000 ____D C:\Users\admin
2017-01-01 14:44 - 2014-07-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-01 14:44 - 2014-07-03 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-01 14:44 - 2014-03-13 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-01 14:44 - 2013-07-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palette Ver.8
2017-01-01 14:44 - 2013-01-09 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-01-01 14:44 - 2012-08-04 09:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-01 14:44 - 2012-07-28 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
2017-01-01 14:44 - 2012-06-16 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Smart Wizard
2017-01-01 14:44 - 2012-05-25 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-01 14:44 - 2012-03-19 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-01 14:44 - 2012-03-05 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-01 14:44 - 2012-02-18 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-01 14:44 - 2011-12-26 00:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-01 14:44 - 2011-12-26 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
2017-01-01 14:44 - 2011-12-22 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2017-01-01 14:44 - 2009-07-14 01:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-01 14:44 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-01 14:42 - 2012-03-19 19:31 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-01-01 13:29 - 2012-05-25 20:52 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-12-31 23:40 - 2014-02-23 15:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft
2016-12-27 20:47 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-25 05:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Logs
2016-12-25 05:44 - 2012-06-16 10:40 - 00000000 ____D C:\temp
2016-12-25 05:43 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2016-12-25 05:38 - 2012-03-05 19:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2016-12-25 05:37 - 2012-01-15 21:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-25 04:57 - 2011-12-22 20:39 - 00000000 ____D C:\Users\admin\AppData\Local\Diagnostics
2016-12-24 00:09 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-22 20:11 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\Documents
2016-12-22 20:10 - 2011-12-31 19:09 - 00113472 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 00:49 - 2012-01-23 19:48 - 00019812 _____ C:\Windows\PFRO.log
2016-12-22 00:49 - 2009-07-13 22:33 - 00418560 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-22 00:40 - 2012-01-15 21:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-22 00:40 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-22 00:38 - 2012-01-15 21:20 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2016-12-22 00:38 - 2012-01-15 21:20 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\system32\Drivers\dgderdrv.sys
2016-12-22 00:34 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-21 21:16 - 2012-07-28 15:26 - 00000000 ____D C:\Users\admin\AppData\Local\HP
2016-12-21 21:16 - 2012-05-25 20:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2016-12-21 21:16 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-12-21 21:15 - 2012-05-25 20:19 - 00000000 ____D C:\ProgramData\HP
2016-12-21 21:15 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\HP
2016-12-21 21:15 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\twain_32
2016-12-21 21:01 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\assembly
2016-12-13 10:36 - 2012-04-14 10:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 10:36 - 2012-01-29 10:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 10:36 - 2011-12-22 20:37 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2013-06-28 16:49 - 2014-06-22 19:07 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2016-12-21 21:14 - 2016-12-21 21:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-25 20:43 - 2012-07-28 15:54 - 0007134 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-24 00:09
 
==================== End of FRST.txt ============================


#9 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 02 January 2017 - 02:21 PM

And here is the additional.txt. Uploaded as first instructions had me do

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 03 January 2017 - 07:49 AM

but I still cannot enable windows firewall or use Windows Update. Not sure if there were coincidence or collateral damage...


I do not see any restrictions on your logs.

Setting Selective Startup via msconfig

--------------------
  • Hit the Windows Key + R at the same time
  • Type msconfig and hit Enter
  • Click the General tab
  • Select the following entries

Selective startup
Load system services
Load startup items

  • Click Apply then OK
  • Click Restart
  • Check your computer performance
==
  • Results?
===============

If the problem persists run this scan.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#11 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 03 January 2017 - 07:39 PM

Hey. I really appreciate your time/help with this!

 

The selective startup did not change the situation. Looks like, after running Service Scanner I have some issues:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 03-01-2017 at 18:33:07
Running from "C:\Users\Administrator.admin-PC\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wuauserv. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wuauserv. The value does not exist.
Unable to retrieve ServiceDll of wuauserv. The value does not exist.
 
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 04 January 2017 - 09:39 AM

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Leave the check marks as they are
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
Run the Farbar Service scanner tool and post a fresh log.

Let me know what problem persists.

#13 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 04 January 2017 - 10:29 PM

Ok ran as instructed. Seemed a little slower after coming back up but Windows Backup ALMOST worked lol. There wasn't an immediate error stating that it was unavailable that a system restart was needed. It did fail with code 8007000E. Firewall unchanged.
 
 
Tweaking.com - Windows Repair v3.9.21
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 32-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ADMIN-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Administrator.admin-PC
Current Profile SID: S-1-5-21-2089707176-1115303125-1796299914-500
Current Profile Classes: S-1-5-21-2089707176-1115303125-1796299914-500_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Administrator.admin-PC\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:05:58
 
Process Count: 29
Commit Total: 683.37 MB
Commit Limit: 5.99 GB
Commit Peak: 1.07 GB
Handle Count: 8549
Kernel Total: 166.52 MB
Kernel Paged: 120.27 MB
Kernel Non Paged: 46.25 MB
System Cache: 584.31 MB
Thread Count: 393
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.00 GB
Memory Used: 828.18 MB(26.9796%)
Memory Avail.: 2.19 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.00 GB
Memory Used: 631.44 MB(20.5705%)
Memory Avail.: 2.38 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/4/2017 8:39:35 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 96
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (1/4/2017 8:39:37 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done,  0.17 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done,  2.35 seconds.
 
   Running Repair Under System Account
   Done (1/4/2017 8:40:44 PM)
 
Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (1/4/2017 8:40:44 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
Done,  0.16 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
Done,  0.13 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
Done,  0.16 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
Done,  1.89 seconds.
 
   Running Repair Under Current User Account
   Done (1/4/2017 8:44:38 PM)
 
03 - Reset Service Permissions
   Start (1/4/2017 8:44:38 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:46:07 PM)
 
04 - Register System Files
   Start (1/4/2017 8:46:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:46:22 PM)
 
05 - Repair WMI
   Start (1/4/2017 8:46:22 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   AVG Anti-Virus Business Edition 2011 Exported.
 
   Exporting AntiSpyware Info...
   AVG Anti-Virus Business Edition 2011 Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (1/4/2017 8:49:14 PM)
 
06 - Repair Windows Firewall
   Start (1/4/2017 8:49:15 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.17 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:49:21 PM)
 
07 - Repair Internet Explorer
   Start (1/4/2017 8:49:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:49:28 PM)
 
08 - Repair MDAC/MS Jet
   Start (1/4/2017 8:49:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:49:32 PM)
 
09 - Repair Hosts File
   Start (1/4/2017 8:49:32 PM)
   Running Repair Under System Account
   Done (1/4/2017 8:49:33 PM)
 
10 - Remove Policies Set By Infections
   Start (1/4/2017 8:49:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:49:37 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (1/4/2017 8:49:37 PM)
   Running Repair Under System Account
   Done (1/4/2017 8:49:38 PM)
 
12 - Repair Icons
   Start (1/4/2017 8:49:38 PM)
   Running Repair Under Current User Account
   Done (1/4/2017 8:49:44 PM)
 
13 - Repair Network
   Start (1/4/2017 8:49:44 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.19 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:49:58 PM)
 
14 - Remove Temp Files
   Start (1/4/2017 8:49:58 PM)
   Running Repair Under System Account
   Done (1/4/2017 8:49:59 PM)
 
15 - Repair Proxy Settings
   Start (1/4/2017 8:49:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:50:01 PM)
 
17 - Repair Windows Updates
   Start (1/4/2017 8:50:01 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/4/2017 8:50:22 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (1/4/2017 8:50:22 PM)
   iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (1/4/2017 8:50:22 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (1/4/2017 8:50:22 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:50:43 PM)
 
20 - Repair Windows Sidebar/Gadgets
   Start (1/4/2017 8:50:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:50:45 PM)
 
21 - Repair MSI (Windows Installer)
   Start (1/4/2017 8:50:45 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:50:59 PM)
 
22 - Repair Windows Snipping Tool
   Start (1/4/2017 8:50:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:01 PM)
 
23.01 - Repair bat Association
   Start (1/4/2017 8:51:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:03 PM)
 
23.02 - Repair cmd Association
   Start (1/4/2017 8:51:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:05 PM)
 
23.03 - Repair com Association
   Start (1/4/2017 8:51:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:08 PM)
 
23.04 - Repair Directory Association
   Start (1/4/2017 8:51:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:10 PM)
 
23.05 - Repair Drive Association
   Start (1/4/2017 8:51:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:12 PM)
 
23.06 - Repair exe Association
   Start (1/4/2017 8:51:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:14 PM)
 
23.07 - Repair Folder Association
   Start (1/4/2017 8:51:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:16 PM)
 
23.08 - Repair inf Association
   Start (1/4/2017 8:51:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:18 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (1/4/2017 8:51:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:21 PM)
 
23.10 - Repair msc Association
   Start (1/4/2017 8:51:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:23 PM)
 
23.11 - Repair reg Association
   Start (1/4/2017 8:51:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:25 PM)
 
23.12 - Repair scr Association
   Start (1/4/2017 8:51:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:27 PM)
 
24 - Repair Windows Safe Mode
   Start (1/4/2017 8:51:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:29 PM)
 
25 - Repair Print Spooler
   Start (1/4/2017 8:51:29 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:35 PM)
 
26 - Restore Important Windows Services
   Start (1/4/2017 8:51:35 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:42 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/4/2017 8:51:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:52 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601
 
31 - Repair Windows 'New' Submenu
   Start (1/4/2017 8:51:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:54 PM)
 
32 - Restore UAC (User Account Control) Settings
   Start (1/4/2017 8:51:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2017 8:51:57 PM)
 
33 - Repair Performance Counters
   Start (1/4/2017 8:51:57 PM)
   Running Repair Under Current User Account
   Done (1/4/2017 8:52:06 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/4/2017 8:52:06 PM)
   Total Repair Time: 00:12:33
 
 
...YOU MUST RESTART YOUR SYSTEM...


#14 B_frustrated

B_frustrated
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 04 January 2017 - 10:34 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Administrator (administrator) on ADMIN-PC (04-01-2017 21:30:30)
Running from C:\Users\Administrator.admin-PC\Downloads
Loaded Profiles: Administrator (Available Profiles: admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Quest Software) C:\Windows\System32\pnusbvirtualhubwssrv.exe
() C:\Program Files\Edimax\Edimax Wireless LAN\WPSService20.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Logitech, Inc.) C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-06-16]
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{730BE09E-43EA-47B0-B467-337DB5677CD9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{CF09257E-5326-40AE-89EE-BB90DCD3DA16}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2089707176-1115303125-1796299914-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2089707176-1115303125-1796299914-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2089707176-1115303125-1796299914-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll [2011-09-09] (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
 
FireFox:
========
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2017-01-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files\AVG\AVG10\Firefox4 [2015-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-05-25]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-01]
CHR Extension: (Google Docs) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-01]
CHR Extension: (Google Drive) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-01]
CHR Extension: (YouTube) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-01]
CHR Extension: (Gmail) - C:\Users\Administrator.admin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [425408 2016-12-11] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [420288 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [930240 2016-12-11] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pnusbvirtualhubwssrv; C:\Windows\system32\pnusbvirtualhubwssrv.exe [591944 2012-07-28] (Quest Software) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 WPSService20; C:\Program Files\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 HPSLPSVC; C:\Users\admin\AppData\Local\Temp\7zS5A14\hpslpsvc32.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
S3 busbcrw; C:\Windows\System32\Drivers\busbcrw.sys [18944 2013-07-13] (Brother Industries, Ltd.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-22] (Avanquest Software) [File not signed]
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2017-01-04] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-12-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [40384 2016-12-11] (NVIDIA Corporation)
R2 pnpnptool; C:\Windows\system32\Drivers\pnpnptool.sys [35488 2012-07-28] (Quest Software)
S3 pnusbd; C:\Windows\system32\Drivers\pnusbd.sys [20512 2012-07-28] (Quest Software)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1345168 2012-12-26] (Realtek Semiconductor Corporation                           )
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-01-02] ()
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-04 21:16 - 2017-01-04 21:16 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\ElevatedDiagnostics
2017-01-04 20:36 - 2017-01-04 20:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Professional-(32-bit).dat
2017-01-04 20:36 - 2017-01-04 20:36 - 00000000 ____D C:\RegBackup
2017-01-04 20:31 - 2017-01-04 20:31 - 00019304 _____ C:\Users\Administrator.admin-PC\Desktop\Tweaking.com - Windows Repair - Repair Repair Reparse Points Log.txt
2017-01-04 20:30 - 2017-01-04 20:30 - 00000000 ___DL C:\Users\TEMP\My Documents
2017-01-04 20:30 - 2017-01-04 20:30 - 00000000 ___DL C:\Users\TEMP\Documents\My Videos
2017-01-04 20:30 - 2017-01-04 20:30 - 00000000 ___DL C:\Users\TEMP\Documents\My Pictures
2017-01-04 20:30 - 2017-01-04 20:30 - 00000000 ___DL C:\Users\TEMP\Documents\My Music
2017-01-04 20:28 - 2017-01-04 20:28 - 00014536 _____ C:\Users\Administrator.admin-PC\Desktop\Tweaking.com - Windows Repair - Pre-Scan.txt
2017-01-04 18:12 - 2017-01-04 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-04 18:12 - 2017-01-04 18:12 - 00000000 ____D C:\Program Files\Tweaking.com
2017-01-04 18:11 - 2017-01-04 18:18 - 00183087 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-01-04 17:57 - 2017-01-04 17:57 - 32645888 _____ (Tweaking.com) C:\Users\admin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-01-03 23:16 - 2017-01-03 23:17 - 01552110 _____ C:\Users\admin\Downloads\Realistic Adventure v6.5 [32x].zip
2017-01-03 23:01 - 2017-01-03 23:02 - 02741504 _____ C:\Users\admin\Downloads\Realistic Adventure v7.8 [64x] (1).zip
2017-01-03 22:59 - 2017-01-03 22:59 - 02741504 _____ C:\Users\admin\Downloads\Realistic Adventure v7.8 [64x].zip
2017-01-03 22:51 - 2017-01-03 22:51 - 00144000 _____ () C:\Users\admin\Downloads\SoftwareUpdater.exe
2017-01-03 19:20 - 2017-01-03 19:20 - 00006079 _____ C:\Users\Administrator.admin-PC\Desktop\FSS.txt
2017-01-03 18:33 - 2017-01-03 18:33 - 00006079 _____ C:\Users\Administrator.admin-PC\Downloads\FSS.txt
2017-01-03 18:32 - 2017-01-03 18:32 - 00899584 _____ (Farbar) C:\Users\Administrator.admin-PC\Downloads\FSS.exe
2017-01-02 19:40 - 2017-01-02 19:40 - 00001075 _____ C:\Users\admin\Desktop\minecraft.lnk
2017-01-02 11:06 - 2017-01-02 11:06 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\HP
2017-01-02 09:33 - 2017-01-02 09:36 - 00011197 _____ C:\Users\Administrator.admin-PC\Downloads\Fixlog.txt
2017-01-02 08:58 - 2017-01-02 08:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-02 08:57 - 2017-01-02 08:57 - 34631352 _____ (Adlice Software ) C:\Users\Administrator.admin-PC\Downloads\setup RK.exe
2017-01-02 08:49 - 2017-01-02 09:23 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-02 08:49 - 2017-01-02 08:57 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-02 08:49 - 2017-01-02 08:57 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-02 08:49 - 2017-01-02 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-01 17:52 - 2017-01-02 13:10 - 00030469 _____ C:\Users\Administrator.admin-PC\Downloads\Addition.txt
2017-01-01 17:51 - 2017-01-04 21:31 - 00017663 _____ C:\Users\Administrator.admin-PC\Downloads\FRST.txt
2017-01-01 17:50 - 2017-01-04 21:30 - 00000000 ____D C:\FRST
2017-01-01 17:50 - 2017-01-01 17:50 - 01760256 _____ (Farbar) C:\Users\Administrator.admin-PC\Downloads\FRST.exe
2017-01-01 17:44 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\CEF
2017-01-01 17:40 - 2017-01-01 17:40 - 00001219 _____ C:\Users\Administrator.admin-PC\Desktop\PUP.txt
2017-01-01 17:27 - 2017-01-04 21:08 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-01 17:27 - 2017-01-04 21:07 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-01 17:27 - 2017-01-04 21:07 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-01 17:27 - 2017-01-04 21:07 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-01 17:27 - 2017-01-01 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-01 17:27 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-01 17:19 - 2017-01-01 17:20 - 00004030 _____ C:\Users\Administrator.admin-PC\Desktop\Rkill.txt
2017-01-01 16:38 - 2017-01-01 16:38 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\HPAppData
2017-01-01 15:48 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-01 15:48 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-01 15:48 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-01 15:47 - 2014-05-14 10:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-01 15:47 - 2014-05-14 10:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-01 15:47 - 2014-05-14 10:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-01 15:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-01 15:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-01 15:45 - 2017-01-01 15:45 - 01679570 _____ C:\Users\Administrator.admin-PC\Desktop\WindowsUpdateLOG.txt
2017-01-01 15:02 - 2017-01-01 17:52 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Google
2017-01-01 15:02 - 2017-01-01 15:02 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-01 15:02 - 2017-01-01 15:02 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-01 15:00 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apps\2.0
2017-01-01 14:59 - 2017-01-01 15:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Deployment
2017-01-01 14:59 - 2017-01-01 14:59 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Adobe
2017-01-01 14:58 - 2017-01-01 16:43 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\HPAppData
2017-01-01 14:58 - 2017-01-01 14:58 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Yahoo!
2017-01-01 14:56 - 2017-01-01 14:56 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Apple
2017-01-01 14:51 - 2017-01-04 21:08 - 00113472 _____ C:\Users\Administrator.admin-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 14:49 - 2017-01-01 14:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Logitech® Webcam Software
2017-01-01 14:48 - 2017-01-01 17:44 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA Corporation
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\LocalLow\AVG Secure Search
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\NVIDIA
2017-01-01 14:48 - 2017-01-01 14:48 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\AVG Secure Search
2017-01-01 14:47 - 2017-01-01 20:32 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Apple Computer
2017-01-01 14:47 - 2017-01-01 14:47 - 00001413 _____ C:\Users\Administrator.admin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-01 14:47 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\AVG10
2017-01-01 14:46 - 2017-01-01 14:47 - 00000000 ____D C:\Users\Administrator.admin-PC
2017-01-01 14:46 - 2017-01-01 14:46 - 00000020 ___SH C:\Users\Administrator.admin-PC\ntuser.ini
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\My Documents
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Videos
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Pictures
2017-01-01 14:46 - 2017-01-01 14:46 - 00000000 _SHDL C:\Users\Administrator.admin-PC\Documents\My Music
2017-01-01 14:46 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Local\Microsoft Help
2017-01-01 14:46 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Macromedia
2017-01-01 14:46 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator.admin-PC\AppData\Roaming\Media Center Programs
2017-01-01 13:42 - 2017-01-01 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-01 13:37 - 2017-01-01 13:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-01-01 13:31 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-01-01 13:29 - 2017-01-01 14:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2017-01-01 13:29 - 2017-01-01 13:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2017-01-01 13:26 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HPAppData
2017-01-01 13:26 - 2017-01-01 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-01 13:11 - 2017-01-01 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
2017-01-01 13:10 - 2017-01-01 13:10 - 00113472 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-01 13:10 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\AVG Secure Search
2017-01-01 13:09 - 2017-01-04 20:30 - 00000000 ____D C:\Users\Administrator
2017-01-01 13:09 - 2017-01-01 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
2017-01-01 13:09 - 2017-01-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-01-01 13:09 - 2012-01-29 03:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-01-01 13:09 - 2011-12-25 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-01-01 13:09 - 2009-07-14 01:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-01-01 13:06 - 2017-01-04 20:30 - 00000000 ____D C:\Users\TEMP
2017-01-01 13:06 - 2012-01-29 03:00 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2017-01-01 13:06 - 2011-12-25 18:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2017-01-01 13:06 - 2009-07-14 01:49 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-12-31 20:40 - 2016-12-31 20:40 - 29067315 _____ C:\Users\admin\Downloads\VoidLauncher.zip
2016-12-30 14:14 - 2016-12-31 23:41 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2016-12-29 11:32 - 2016-12-29 11:32 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6(1).jar
2016-12-27 21:52 - 2016-12-27 21:52 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5(1).jar
2016-12-27 20:11 - 2016-12-27 20:11 - 01725497 _____ C:\Users\admin\Downloads\OptiFine_1.8.9_HD_U_H6.jar
2016-12-27 20:10 - 2016-12-27 20:10 - 01982056 _____ C:\Users\admin\Downloads\OptiFine_1.11.2_HD_U_B5.jar
2016-12-26 20:05 - 2016-12-26 20:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\NVIDIA
2016-12-26 19:35 - 2016-12-26 19:35 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2016-12-25 12:09 - 2016-12-31 21:14 - 00001099 _____ C:\Users\admin\Desktop\nativelog.txt
2016-12-25 10:25 - 2016-12-27 17:44 - 00000252 _____ C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
2016-12-25 10:25 - 2016-12-25 10:36 - 00000000 ____D C:\Users\admin\AppData\Local\Roblox
2016-12-25 09:13 - 2016-12-25 09:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\java
2016-12-25 09:12 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\Minecraft
2016-12-25 08:38 - 2017-01-02 22:44 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2016-12-25 05:56 - 2016-12-26 19:36 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2016-12-25 05:45 - 2017-01-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-25 05:45 - 2016-12-11 20:42 - 01452480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 01317312 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2016-12-25 05:45 - 2016-12-11 20:42 - 00100288 _____ C:\Windows\system32\NvRtmpStreamer32.dll
2016-12-25 05:44 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\VulkanRT
2016-12-25 05:44 - 2016-12-11 12:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-12-25 05:44 - 2016-09-09 12:25 - 00269600 _____ C:\Windows\system32\vulkan-1.dll
2016-12-25 05:44 - 2016-09-09 12:25 - 00110880 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-25 05:43 - 2017-01-04 21:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-25 05:43 - 2016-12-26 19:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-25 05:43 - 2016-12-11 20:42 - 00203320 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-25 05:43 - 2016-12-11 20:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-25 05:43 - 2016-12-11 12:44 - 03973568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 02097600 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00460224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00381888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-25 05:43 - 2016-12-11 12:44 - 00070200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-25 05:43 - 2016-12-09 19:55 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2016-12-25 05:41 - 2017-01-01 14:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 05:41 - 2016-12-11 20:42 - 00091584 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2016-12-25 05:41 - 2016-12-11 20:42 - 00040384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 35222976 _____ C:\Windows\system32\nvcompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 28138432 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 17376896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 14410472 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 12133432 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-25 05:40 - 2016-12-11 20:42 - 09151216 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08913328 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 08753832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03479744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 03206080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 01080256 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00975416 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00927168 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3237633.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00896056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00572888 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00407248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00148016 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00131536 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2016-12-25 05:40 - 2016-12-11 20:42 - 00035527 _____ C:\Windows\system32\nvinfo.pb
2016-12-25 05:40 - 2016-12-11 20:42 - 00000669 _____ C:\Windows\system32\nv-vk32.json
2016-12-25 05:39 - 2017-01-01 14:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-25 05:38 - 2017-01-01 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edimax Wireless LAN
2016-12-25 05:37 - 2017-01-01 14:43 - 00000000 ____D C:\Program Files\Edimax
2016-12-25 05:37 - 2013-05-15 15:27 - 00535040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2016-12-25 05:37 - 2013-05-15 15:27 - 00451072 _____ C:\Windows\system32\ISSRemoveSP.exe
2016-12-25 05:37 - 2012-12-26 13:38 - 01345168 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2016-12-25 05:32 - 2017-01-01 14:42 - 00000000 ____D C:\NVIDIA
2016-12-25 05:31 - 2016-12-25 05:31 - 28113126 _____ C:\Users\admin\Downloads\EW-7811Un_Windows_driver_v1.0.0.5.zip
2016-12-25 05:29 - 2016-12-25 05:31 - 317918816 _____ (NVIDIA Corporation) C:\Users\admin\Downloads\376.33-desktop-win8-win7-32bit-international-whql.exe
2016-12-22 21:07 - 2016-12-22 21:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-22 20:11 - 2016-12-22 20:11 - 00000000 ____D C:\Users\admin\Documents\SightSpeed Recordings
2016-12-22 00:45 - 2016-12-22 00:45 - 00000000 ____D C:\Users\admin\Documents\Shrew Soft VPN
2016-12-22 00:37 - 2016-12-22 00:37 - 00000000 ____D C:\Windows\system32\appmgmt
2016-12-21 21:15 - 2014-07-21 15:33 - 00597512 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC511.dll
2016-12-21 21:14 - 2016-12-21 21:14 - 00000057 _____ C:\ProgramData\Ament.ini
2016-12-21 21:08 - 2016-12-21 21:08 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2016-12-11 22:24 - 2017-01-01 14:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-11 21:46 - 2016-12-11 21:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000002.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00524288 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 21:25 - 2016-12-21 20:11 - 00065536 ___SH C:\Users\admin\NTUSER.DAT{98c1e0f5-c01a-11e6-8182-14feb5e32c45}.TM.blf
2016-12-11 17:28 - 2017-01-04 20:46 - 00637168 _____ C:\Windows\ntbtlog.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-04 21:22 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-04 21:22 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-04 21:16 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-04 21:10 - 2011-12-22 13:31 - 00775032 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-04 21:10 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2017-01-04 21:06 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-04 21:06 - 2009-07-13 22:33 - 00418560 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-04 21:05 - 2009-07-14 01:50 - 00000000 ____D C:\Windows\CSC
2017-01-04 17:36 - 2012-04-14 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-04 16:02 - 2014-02-23 15:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft
2017-01-04 14:57 - 2011-12-31 19:14 - 00000000 _____ C:\Users\admin\AppData\LocalLow\prvlcl.dat
2017-01-04 14:47 - 2014-07-03 23:45 - 00000000 ____D C:\Users\admin\AppData\Local\Deployment
2017-01-03 23:06 - 2011-12-26 00:56 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2017-01-03 22:22 - 2013-01-09 21:11 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2017-01-03 20:41 - 2012-03-05 19:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2017-01-01 16:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2017-01-01 14:47 - 2009-07-13 22:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-01 14:45 - 2012-01-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-01 14:45 - 2011-12-22 12:31 - 00000000 ____D C:\Users\admin
2017-01-01 14:44 - 2014-07-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-01 14:44 - 2014-07-03 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-01 14:44 - 2014-03-13 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-01 14:44 - 2013-07-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palette Ver.8
2017-01-01 14:44 - 2013-01-09 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-01-01 14:44 - 2012-08-04 09:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-01 14:44 - 2012-07-28 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
2017-01-01 14:44 - 2012-06-16 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Smart Wizard
2017-01-01 14:44 - 2012-05-25 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-01 14:44 - 2012-03-19 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-01 14:44 - 2012-03-05 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-01 14:44 - 2012-02-18 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-01 14:44 - 2011-12-26 00:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2017-01-01 14:44 - 2011-12-26 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
2017-01-01 14:44 - 2011-12-22 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2017-01-01 14:44 - 2009-07-14 01:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-01 14:44 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2017-01-01 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-01 14:42 - 2012-03-19 19:31 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2017-01-01 13:29 - 2012-05-25 20:52 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-12-27 20:47 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-25 05:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Logs
2016-12-25 05:44 - 2012-06-16 10:40 - 00000000 ____D C:\temp
2016-12-25 05:43 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2016-12-25 05:37 - 2012-01-15 21:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-25 04:57 - 2011-12-22 20:39 - 00000000 ____D C:\Users\admin\AppData\Local\Diagnostics
2016-12-22 20:11 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\Documents
2016-12-22 20:10 - 2011-12-31 19:09 - 00113472 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 00:40 - 2012-01-15 21:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-22 00:40 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Fonts
2016-12-22 00:38 - 2012-01-15 21:20 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2016-12-22 00:38 - 2012-01-15 21:20 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\system32\Drivers\dgderdrv.sys
2016-12-22 00:34 - 2011-12-22 12:31 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-21 21:16 - 2012-07-28 15:26 - 00000000 ____D C:\Users\admin\AppData\Local\HP
2016-12-21 21:16 - 2012-05-25 20:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2016-12-21 21:16 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-12-21 21:15 - 2012-05-25 20:19 - 00000000 ____D C:\ProgramData\HP
2016-12-21 21:15 - 2012-05-25 20:17 - 00000000 ____D C:\Program Files\HP
2016-12-21 21:15 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\twain_32
2016-12-21 21:01 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\assembly
2016-12-13 10:36 - 2012-04-14 10:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 10:36 - 2012-01-29 10:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 10:36 - 2011-12-22 20:37 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2013-06-28 16:49 - 2014-06-22 19:07 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2016-12-21 21:14 - 2016-12-21 21:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-25 20:43 - 2012-07-28 15:54 - 0007134 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-03 19:11
 
==================== End of FRST.txt ============================

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 05 January 2017 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2089707176-1115303125-1796299914-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-11-28] (AVG Secure Search)
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2017-01-01] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
S2 HPSLPSVC; C:\Users\admin\AppData\Local\Temp\7zS5A14\hpslpsvc32.dll [X]

cmd: netsh winsock reset catalog
Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

This should fix your winsock.

Please run the Farbar Service Scanner and post a fresh log for my review.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users