Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG flags two URL:MAL after cancelled scan, unable to resolve threats.


  • This topic is locked This topic is locked
19 replies to this topic

#1 CootBandiCatch

CootBandiCatch

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 19 August 2017 - 07:32 PM

Good Evening,

 

AVG (Basic-Free) blocked a page while I was browsing, I initially thought nothing much of it as it was blocked - I nonetheless ended up preparing for a virus scan. 

I ran a 3-pass cleaning with CCleaner x64 prior to scan, which is typical for me - I then proceeded to set conditions within AVG for a specific folders scan. I ended up canceling the scan shortly after start as it did not have all the folders I wanted scanned, checked off. This resulted in an immediate threat posting by AVG. I proceeded to try and "resolve" the threat as prescribed; however, all that resulted was an extend time of processing (possibly hang) that I then stopped and decided to initiate another scan, I could not do it as I would have preferred in that with two outstanding "threats" the menu options I would normally have did not appear back, only the unresolved threats window. That being said, the scan results were clean.

 

Now the next part may be considered ill-advised by most, and in my defense I was trying to bring up a search result; but I copied the path into google and it went to the offending address and was again blocked immediately by AVG. I then checked the AVG unresolved threats window and it now had two identical instances of the original threat.

 

To this moment I have no software (perceived threat related) or hardware issues, AVG's definitions and software are up-to-date. Working in line with a bleepingcomputer response to a 2014 posting I used MiniToolBox, TDSSKiller, and ADwCleaner, uneventful and otherwise benign as best I could consider.

 

I suspected false positives/software errors (AVG) and did a restore point hoping that would clear the program, no such luck.

 

Screenshots:

 

Attached File  AVGCapture1.JPG   37.62KB   0 downloads

Attached File  AVGCapture2.JPG   44.4KB   0 downloads

Attached File  AVGCapture3.JPG   45.17KB   0 downloads

 

I am thankful for the assistance and want for this to be... resolvable, and ideally a big nothing. 

 

Here are the FRST Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Ross (administrator) on JINGOJANGO (19-08-2017 17:53:38)
Running from C:\Users\Ross\Desktop
Loaded Profiles: Ross (Available Profiles: Ross)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{FFEDDE16-8F4E-4E89-B9E0-34F55E6A00D6}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2370995913-3897682033-2191407626-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2370995913-3897682033-2191407626-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-07]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Sheets) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-01] (AVG Technologies CZ, s.r.o.)
S2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2008-12-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-23] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-23] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-23] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-23] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-23] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-23] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-23] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-23] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-23] (AVG Technologies CZ, s.r.o.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-08-30] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-07-17] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-19 17:53 - 2017-08-19 17:54 - 000009154 _____ C:\Users\Ross\Desktop\FRST.txt
2017-08-19 17:53 - 2017-08-19 17:53 - 000000000 ____D C:\FRST
2017-08-19 17:50 - 2017-08-19 17:50 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Ross\Desktop\esetonlinescanner_enu.exe
2017-08-19 17:46 - 2017-08-19 17:46 - 002395648 _____ (Farbar) C:\Users\Ross\Desktop\FRST64.exe
2017-08-18 22:44 - 2017-07-23 21:50 - 000401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-08-18 22:28 - 2017-08-18 22:29 - 000190218 _____ C:\TDSSKiller.3.1.0.15_18.08.2017_22.28.26_log.txt
2017-08-09 19:25 - 2017-07-29 09:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 19:25 - 2017-07-21 09:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 19:25 - 2017-07-21 09:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 19:25 - 2017-07-15 13:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 19:25 - 2017-07-15 12:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 19:25 - 2017-07-14 10:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 19:25 - 2017-07-14 10:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 19:25 - 2017-07-14 10:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 19:25 - 2017-07-14 10:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 19:25 - 2017-07-14 10:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 19:25 - 2017-07-14 10:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 19:25 - 2017-07-14 10:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 19:25 - 2017-07-14 10:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 19:25 - 2017-07-14 09:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 19:25 - 2017-07-14 09:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 19:25 - 2017-07-14 09:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 19:25 - 2017-07-14 09:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 19:25 - 2017-07-14 09:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 19:25 - 2017-07-14 01:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 19:25 - 2017-07-14 01:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 19:25 - 2017-07-14 01:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 19:25 - 2017-07-14 01:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 19:25 - 2017-07-14 01:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 19:25 - 2017-07-14 01:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 19:25 - 2017-07-14 01:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 19:25 - 2017-07-14 01:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 19:25 - 2017-07-14 01:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 19:25 - 2017-07-14 01:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 19:25 - 2017-07-14 01:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 19:25 - 2017-07-14 01:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 19:25 - 2017-07-14 01:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 19:25 - 2017-07-14 01:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 19:25 - 2017-07-14 01:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 19:25 - 2017-07-14 01:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 19:25 - 2017-07-14 00:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 19:25 - 2017-07-14 00:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 19:25 - 2017-07-14 00:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 19:25 - 2017-07-14 00:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 19:25 - 2017-07-14 00:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 19:25 - 2017-07-14 00:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 19:25 - 2017-07-14 00:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 19:25 - 2017-07-14 00:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 19:25 - 2017-07-14 00:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 19:25 - 2017-07-14 00:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 19:25 - 2017-07-14 00:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 19:25 - 2017-07-14 00:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 19:25 - 2017-07-14 00:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 19:25 - 2017-07-13 23:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 19:25 - 2017-07-13 23:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 19:25 - 2017-07-13 23:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 19:25 - 2017-07-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 19:25 - 2017-07-13 21:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 19:25 - 2017-07-13 21:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 19:25 - 2017-07-13 21:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 19:25 - 2017-07-13 21:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 19:25 - 2017-07-13 21:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 19:25 - 2017-07-13 21:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 19:25 - 2017-07-13 21:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 19:25 - 2017-07-13 21:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 19:25 - 2017-07-13 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 19:25 - 2017-07-13 21:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 19:25 - 2017-07-13 21:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 19:25 - 2017-07-13 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 19:25 - 2017-07-13 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 19:25 - 2017-07-13 21:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 19:25 - 2017-07-13 21:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 19:25 - 2017-07-13 21:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 19:25 - 2017-07-13 21:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 19:25 - 2017-07-13 21:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 19:25 - 2017-07-13 21:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 19:25 - 2017-07-13 21:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 19:25 - 2017-07-13 21:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 19:25 - 2017-07-13 21:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 19:25 - 2017-07-13 21:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 19:25 - 2017-07-13 21:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 19:25 - 2017-07-13 21:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 19:25 - 2017-07-13 21:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 19:25 - 2017-07-13 21:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 19:25 - 2017-07-13 20:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 19:25 - 2017-07-13 20:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 19:25 - 2017-07-13 20:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 19:25 - 2017-07-08 10:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 19:25 - 2017-07-08 10:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 19:25 - 2017-07-07 10:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 19:25 - 2017-07-07 10:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 19:25 - 2017-07-07 10:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 19:25 - 2017-07-07 10:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 19:25 - 2017-07-07 10:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 19:25 - 2017-07-07 10:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 19:25 - 2017-07-07 10:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 19:25 - 2017-07-07 10:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 19:25 - 2017-07-07 10:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 19:25 - 2017-07-07 10:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 19:25 - 2017-07-07 10:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 19:25 - 2017-07-07 10:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 19:25 - 2017-07-07 10:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 19:25 - 2017-07-07 10:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 19:25 - 2017-07-07 10:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 19:25 - 2017-07-07 10:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 19:25 - 2017-07-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 19:25 - 2017-07-07 10:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 19:25 - 2017-07-07 10:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 19:25 - 2017-07-07 10:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 19:25 - 2017-07-07 09:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 19:25 - 2017-07-07 09:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 19:25 - 2017-07-07 09:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 19:25 - 2017-07-07 09:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 19:25 - 2017-07-07 09:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 19:25 - 2017-07-07 09:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 19:25 - 2017-07-07 09:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 19:25 - 2017-07-07 09:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 19:25 - 2017-07-01 08:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-09 19:24 - 2017-07-21 09:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 19:24 - 2017-07-21 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 19:24 - 2017-07-14 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 19:24 - 2017-07-14 02:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 19:24 - 2017-07-13 22:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 19:24 - 2017-07-07 10:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 10:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 19:24 - 2017-07-07 09:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 19:24 - 2017-07-07 09:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 19:24 - 2017-07-07 09:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 19:24 - 2017-07-07 09:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 19:24 - 2017-07-07 09:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 19:24 - 2017-07-07 09:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 09:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 09:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 19:24 - 2017-07-07 09:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-19 17:41 - 2016-09-20 18:42 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-08-19 17:36 - 2009-07-13 23:45 - 000013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-19 17:36 - 2009-07-13 23:45 - 000013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-19 17:34 - 2010-10-16 21:55 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-08-19 17:32 - 2009-07-14 00:13 - 000796158 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-19 17:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-08-19 17:26 - 2010-10-16 10:26 - 000024072 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-08-19 17:26 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-18 22:44 - 2017-05-17 07:47 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-08-18 22:42 - 2010-10-16 08:57 - 000000000 ____D C:\Users\Ross
2017-08-18 22:41 - 2016-07-26 12:28 - 000000000 ____D C:\AdwCleaner
2017-08-18 22:41 - 2015-08-07 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-18 22:41 - 2015-08-07 15:19 - 000000000 ____D C:\Program Files\CCleaner
2017-08-18 22:41 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-08-18 22:40 - 2016-07-18 20:42 - 000000000 ____D C:\Morrowind
2017-08-18 10:08 - 2015-08-07 15:37 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-18 10:08 - 2015-08-07 15:37 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-12 19:35 - 2009-07-14 00:08 - 000032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-11 21:03 - 2016-10-21 09:47 - 000000000 ____D C:\Users\Ross\Downloads\Morrowind Modifications
2017-08-11 14:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-08-10 22:04 - 2009-07-13 23:45 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 21:28 - 2011-11-24 13:33 - 000788280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-08-09 21:26 - 2013-08-06 19:41 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 21:24 - 2010-10-16 17:45 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 19:25 - 2017-05-17 07:47 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-08-09 19:25 - 2017-05-17 07:47 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150086464039601
2017-07-23 21:50 - 2017-05-17 07:47 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-23 21:50 - 2017-05-17 07:47 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-23 21:49 - 2017-05-17 07:47 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-23 21:49 - 2017-05-17 07:47 - 000313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-23 21:49 - 2017-05-17 07:47 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-23 21:49 - 2017-05-17 07:47 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-23 21:49 - 2017-05-17 07:47 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
 
==================== Files in the root of some directories =======
 
2010-10-19 22:30 - 2016-07-23 19:20 - 000007597 _____ () C:\Users\Ross\AppData\Local\Resmon.ResmonCfg
2016-07-30 20:09 - 2016-07-30 20:09 - 000000000 _____ () C:\Users\Ross\AppData\Local\{E83DB6D9-C04B-4353-84FC-3DD428D65F7B}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 14:39
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ross (19-08-2017 17:54:29)
Running from C:\Users\Ross\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2010-10-16 13:57:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2370995913-3897682033-2191407626-500 - Administrator - Disabled)
Guest (S-1-5-21-2370995913-3897682033-2191407626-501 - Limited - Disabled)
Ross (S-1-5-21-2370995913-3897682033-2191407626-1000 - Administrator - Enabled) => C:\Users\Ross
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Energy Saver Advance B8.1208.1 (HKLM-x32\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
FMW 1 (HKLM\...\{1DA9CD4A-687F-4075-A828-0A3ACB901438}) (Version: 1.222.1 - AVG Technologies) Hidden
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of Might and Magic™ III Armageddon's Blade (HKLM-x32\...\ Heroes of Might and Magic™ III Armageddon's Blade) (Version:  - )
Heroes of Might and Magic® III The Shadow of Death™ (HKLM-x32\...\Heroes III The Shadow of Death) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medieval II - Retrofit Mod version 1.0 (HKLM-x32\...\0000RetrofitMod_is1) (Version:  - )
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Morrowind (HKLM-x32\...\{B42F73D4-AFDA-4761-B3F4-23A872D11339}) (Version:  - )
Morrowind Enchanted Editor (HKLM-x32\...\ST6UNST #1) (Version:  - )
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
PeaZip 6.1.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.1.0 - Giorgio Tani)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TES Construction Set (HKLM-x32\...\{FF70923C-8A51-47F4-A7E9-893C6D54EB68}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhoCrashed 5.52 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Wrye Mash (HKLM-x32\...\Wrye Mash) (Version:  - Wrye)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {37000B4B-7143-47DE-A028-1715439B8644} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {524060DC-C33A-4DD0-80F0-487798730D4B} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2010-08-30] ()
Task: {54BC70E9-023E-4CE5-B9AA-F6D261CE5F64} - System32\Tasks\{519B504F-70B4-442B-82B8-0EFCC15D9D16} => C:\Windows\system32\pcalua.exe -a C:\Users\Ross\Documents\Downloads\f5d9050v3000.exe -d C:\Users\Ross\Documents\Downloads
Task: {6A798B2F-58FD-499B-BDB1-0ACD8BBF9793} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {937B2FB0-0EF4-4CF2-9D18-75B7BC1627E7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-23] (AVG Technologies CZ, s.r.o.)
Task: {A369D142-D4A6-435B-9253-9FA7B06195C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A39F5CEC-7EBE-438B-A5C7-6A617F1D8EEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {B4C61387-4208-4486-A39E-D2F4DE3849CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Public\Desktop\Medieval II Total War - Grand Campaign (GeoMod).lnk -> C:\Program Files (x86)\SEGA\Medieval II Total War\mods\Bare_Geomod\Executable.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-08-30 22:04 - 2010-08-30 22:04 - 000355640 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2017-05-17 07:46 - 2017-05-17 07:46 - 000163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 000832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 000277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-05-17 07:46 - 2017-05-17 07:46 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 000193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 000225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-08-18 22:45 - 2017-08-18 22:45 - 005891544 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17081808\algo.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 000690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-04 22:13 - 2017-07-04 22:13 - 000232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-08-19 17:28 - 2017-08-19 17:28 - 005891544 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17081900\algo.dll
2016-11-28 19:59 - 2016-11-28 19:59 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2010-08-30 05:13 - 2010-08-30 05:13 - 000061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2010-08-30 02:24 - 2010-08-30 02:24 - 000061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2010-08-30 02:24 - 2010-08-30 02:24 - 000229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2010-08-30 02:24 - 2010-08-30 02:24 - 000139264 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2010-08-30 02:25 - 2010-08-30 02:25 - 000262144 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-27 00:37 - 2010-07-27 00:37 - 000013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2017-07-23 21:50 - 2017-07-23 21:50 - 001067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-04 22:14 - 2017-07-04 22:14 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-07-26 14:30 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2370995913-3897682033-2191407626-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7B1719F7-CDEC-46D3-A9D9-1FCA57A272F1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A70F7BD0-1965-4F7C-8563-92DC1FBF501D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-07-2017 16:24:39 Scheduled Checkpoint
04-08-2017 09:12:59 Scheduled Checkpoint
09-08-2017 21:23:37 Windows Update
10-08-2017 21:20:46 Windows Update
18-08-2017 10:36:05 Scheduled Checkpoint
18-08-2017 22:38:39 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2017 10:25:15 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:15 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:15 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:15 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/18/2017 10:25:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:12 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/18/2017 10:25:12 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:12 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/18/2017 10:25:12 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (08/18/2017 10:25:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3016) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004F.log.
 
 
System errors:
=============
Error: (08/18/2017 10:25:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/18/2017 10:25:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (08/18/2017 10:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/18/2017 10:23:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/18/2017 10:23:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-07-26 14:30:11.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-26 14:30:11.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:57.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:57.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:53.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:52.918
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:47.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:47.688
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:41.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-23 14:58:41.598
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 26%
Total physical RAM: 6141.49 MB
Available physical RAM: 4497.28 MB
Total Virtual: 15350.68 MB
Available Virtual: 13642.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:787.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MORROWIND) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F195F19)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 20 August 2017 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

If the problem persists continue.
===

It's possible that the File R20.gif is attached to one of your email.
Look for any attachment in your e-mail messages since the beginning of this problem.
If found delete it.

If not found lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
r20.gif
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Do an other search with for r20.gif this time use the Search Files button on the FRST Console

Post the logs for my review.

Let me know if the problem persists.

#3 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 20 August 2017 - 09:41 PM

Good Evening,

 

It would seem you have found more than I thought to be the issue, I have done the following in the order originally stated:

 

Generated the "fixlog.txt" file using the specified code with FRST64.exe (Log included below)

 

 

After reboot, which was quicker than normal (over a year normal) the same issue with AVG persists:

 

Attached File  AVGCapture1.JPG   37.62KB   0 downloads

 

I can still do a conventional scan [Red Ellipse] even though the icon to the right [Red Diamond] only now leads to the above shown.

 

Attached File  AVGCapture3.5.JPG   129.42KB   0 downloads

 

The below being normal examples (from another computer) of my AVG interface before I cancelled the specific folders scan:

 

Attached File  AVGCapture4.PNG   113.34KB   0 downloads

 

The right button [Red Diamond] normally leads to the following options screen:

 

Attached File  AVGCapture5.PNG   149.62KB   0 downloads

 

I felt a visual reiteration of my originally perception of the problem would clarify my understanding of it. My position from the start has been heavily leaning towards a software glitch of some kind by AVG. I may lack scope per your knowledge of coarse; And I know there is a kind of "hand-holding" element to the above run thru - I just wanted to be very clear, as to my above statement.

 

 

I reset Chrome

 

I went through my e-mails (long over due honestly) and only 1 of 10 or so that I kept had an image (ebay purchase) which I inspected (with google) for a mention of r20.gif and there was not. 

 

Generated "SearchReg.txt" file using FRST64.exe (Log included below) 

 

Generated "Search.txt" file using FRST64.exe (Log included below)

 

 

I thank you for your time, and for finding the (additional?) issues outlined in the fix list - I hope the logs below show progress.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ross (20-08-2017 20:00:24) Run:1
Running from C:\Users\Ross\Desktop
Loaded Profiles: Ross (Available Profiles: Ross)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - <no Path/update_url>
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => key removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92873638 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 273881813 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 49570 B
LocalService => 132244 B
NetworkService => 66228 B
Ross => 922607 B
 
RecycleBin => 2438 B
EmptyTemp: => 358.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:00:54 ====
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ross (20-08-2017 20:21:59)
Running from C:\Users\Ross\Desktop
Boot Mode: Normal
 
================== Search Registry: "r20.gif" ===========
 
 
====== End of Search ======
 
 
 
Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ross (20-08-2017 20:22:49)
Running from C:\Users\Ross\Desktop
Boot Mode: Normal
 
================== Search Files: "r20.gif" =============
 
====== End of Search ======

   

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 21 August 2017 - 08:35 AM



Hi,

It looks like a false positive. Try this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Please post the contents of the log in your next reply and note any errors encountered.
===

#5 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 21 August 2017 - 09:29 PM

Hello again,

 

I ran Sophos Virus Removal Tool - no threats were found; I am unclear as how to specifically confirm the results of the scan, other than posting the results. If I am to do a redundant scan please let me know.

 

I did step away during the scan's duration and am not aware of any errors in the real-time sense though a couple were specified in the log at the following time stamps:

 

2017-08-22 00:10:04.723 Error level 1

 

2017-08-22 01:03:54.699 Error level 0

 

Two logs were generated:

 

SophosVirusRemovalTool.log

 

SophosVirusRemovalTool_cloud4.log

 

 

 

SophosVirusRemovalTool_cloud4.log lists the following kind of entries ID=1 through ID=3752
 
2017-08-22 00:24:44.916 Sending SXL4 request: ID=1 : be24960cc75c3447fc3ded435eb4e39b3d1f6e81c452e738c8a1f9c242e48dc4
2017-08-22 00:24:44.916 SXL4 failure: ID=1 hash=be24960cc75c3447fc3ded435eb4e39b3d1f6e81c452e738c8a1f9c242e48dc4 : failed to send file reputation request

 

I am lead to believe you only need the first one, if otherwise please specify in your reply.

 

Depending on the nature of your response, please include any "clean-up" instructions in regards to the finishing of this process. I don't intend to sound presumptuous I am merely trying to make the most of this reply and am continually grateful for your assistance. 

 

Here is SophosVirusRemovalTool.log:

 

2017-08-22 00:09:48.607 Sophos Virus Removal Tool version 2.6.1
2017-08-22 00:09:48.607 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-08-22 00:09:48.607 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-08-22 00:09:48.607 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2017-08-22 00:09:48.608 Checking for updates...
2017-08-22 00:09:49.784 Update progress: proxy server not available
2017-08-22 00:09:58.828 Option all = no
2017-08-22 00:09:58.828 Option recurse = yes
2017-08-22 00:09:58.828 Option archive = no
2017-08-22 00:09:58.828 Option service = yes
2017-08-22 00:09:58.828 Option confirm = yes
2017-08-22 00:09:58.828 Option sxl = yes
2017-08-22 00:09:58.830 Option max-data-age = 35
2017-08-22 00:09:58.830 Option vdl-logging = yes
2017-08-22 00:09:58.834 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-08-22 00:09:58.834 Machine ID: 0f9c6e33aec643618388708170210fd7
2017-08-22 00:09:58.834 Component SVRTcli.exe version 2.6.1
2017-08-22 00:09:58.835 Component control.dll version 2.6.1
2017-08-22 00:09:58.835 Component SVRTservice.exe version 2.6.1
2017-08-22 00:09:58.835 Component engine\osdp.dll version 1.44.1.2286
2017-08-22 00:09:58.835 Component engine\veex.dll version 3.68.6.2286
2017-08-22 00:09:58.835 Component engine\savi.dll version 9.0.7.2286
2017-08-22 00:09:58.836 Component rkdisk.dll version 1.5.31.1
2017-08-22 00:09:58.836 Version info: Product version 2.6.1
2017-08-22 00:09:58.836 Version info: Detection engine 3.68.6
2017-08-22 00:09:58.836 Version info: Detection data 5.42
2017-08-22 00:09:58.836 Version info: Build date 7/25/2017
2017-08-22 00:09:58.836 Version info: Data files added 279
2017-08-22 00:09:58.836 Version info: Last successful update (not yet updated)
2017-08-22 00:10:00.699 Downloading updates...
2017-08-22 00:10:00.699 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-08-22 00:10:00.699 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-22 00:10:00.700 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-08-22 00:10:00.700 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-08-22 00:10:00.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE544 LATEST path= baseVersion= [included from product IDE543 LATEST path=]
2017-08-22 00:10:00.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE544 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE544 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product IDE544 LATEST path=]
2017-08-22 00:10:00.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-08-22 00:10:00.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-08-22 00:10:00.700 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-22 00:10:01.070 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-08-22 00:10:01.070 Update progress: [I19463] Product download size 170129587 bytes
2017-08-22 00:10:03.748 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-08-22 00:10:03.748 Update progress: [I19463] Product download size 2650459 bytes
2017-08-22 00:10:03.986 Update progress: [I19463] Syncing product IDE544 LATEST path=
2017-08-22 00:10:03.986 Update progress: [I19463] Product download size 2022552 bytes
2017-08-22 00:10:04.101 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-08-22 00:10:04.103 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-08-22 00:10:04.122 Installing updates...
2017-08-22 00:10:04.723 Error level 1
2017-08-22 00:10:06.804 Update successful
2017-08-22 00:10:22.890 Option all = no
2017-08-22 00:10:22.890 Option recurse = yes
2017-08-22 00:10:22.890 Option archive = no
2017-08-22 00:10:22.890 Option service = yes
2017-08-22 00:10:22.890 Option confirm = yes
2017-08-22 00:10:22.890 Option sxl = yes
2017-08-22 00:10:22.892 Option max-data-age = 35
2017-08-22 00:10:22.892 Option vdl-logging = yes
2017-08-22 00:10:22.895 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-08-22 00:10:22.895 Machine ID: 0f9c6e33aec643618388708170210fd7
2017-08-22 00:10:22.896 Component SVRTcli.exe version 2.6.1
2017-08-22 00:10:22.896 Component control.dll version 2.6.1
2017-08-22 00:10:22.896 Component SVRTservice.exe version 2.6.1
2017-08-22 00:10:22.896 Component engine\osdp.dll version 1.44.1.2286
2017-08-22 00:10:22.896 Component engine\veex.dll version 3.68.6.2286
2017-08-22 00:10:22.896 Component engine\savi.dll version 9.0.7.2286
2017-08-22 00:10:22.897 Component rkdisk.dll version 1.5.31.1
2017-08-22 00:10:22.897 Version info: Product version 2.6.1
2017-08-22 00:10:22.897 Version info: Detection engine 3.68.6
2017-08-22 00:10:22.897 Version info: Detection data 5.42
2017-08-22 00:10:22.897 Version info: Build date 7/25/2017
2017-08-22 00:10:22.897 Version info: Data files added 279
2017-08-22 00:10:22.897 Version info: Last successful update 8/21/2017 7:10:06 PM
 
2017-08-22 00:19:30.135 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-08-22 00:24:47.636 Could not open C:\Boot\BCD
2017-08-22 00:24:48.776 Could not open C:\hiberfil.sys
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{4ca22733-85fe-11e7-80de-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{6889c87e-852d-11e7-831b-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{6e762c00-7d60-11e7-b9d0-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{8be718c5-86c9-11e7-b6ab-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{a3984742-7e1b-11e7-9170-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{c9bf500b-8425-11e7-82a4-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{dd4be82b-7919-11e7-af3b-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.746 Could not open C:\System Volume Information\{e691cf53-848d-11e7-9c63-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:27:37.756 Could not open C:\System Volume Information\{f1bf48a1-844b-11e7-9a49-00241d758dbe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-22 00:32:49.067 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-08-22 00:32:49.067 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-08-22 00:32:54.987 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-08-22 00:32:54.987 Could not open C:\Windows\System32\config\RegBack\SAM
2017-08-22 00:32:54.987 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-08-22 00:32:54.987 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-08-22 00:32:54.987 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-08-22 01:03:54.699 Error level 0
 
2017-08-22 01:44:08.802 Scan completed.
2017-08-22 01:44:08.802
 
------------------------------------------------------------
 

 

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 22 August 2017 - 07:50 AM

The AVG is reporting a false positive.


Is the error generated when you use a particular Browser?
Does it occur with all the other browsers?

#7 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 22 August 2017 - 09:33 AM

I use Google Chrome exclusively, Windows Internet Explorer is the only other on my system.

 

To attempt to replicate the behavior from Chrome, I copied the file path of the URL:MAL and did a search on Internet Explorer and I did get a block:

 

 

Attached File  Capture6.JPG   70.18KB   0 downloads

 

It seems to be classifed as a trojan by AVG through Internet Explorer, to this date nothing is ever in quarantine after the fact as the pop-up states.

 

 

Attached File  Capture7.JPG   54.28KB   0 downloads

 

 

 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 22 August 2017 - 12:48 PM

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

Restart the computer normally.

If the problem persists in EI clean the Cache.

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

#9 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 22 August 2017 - 07:31 PM

The above measures did not change the outcome. As far as false positives go, I am inclined to question why AVG retains the "blocked threats" as issues to be resolved - as a matter of program function. In past occurrences (2+ years, so older versions of coarse), any blocked threat would simply register in AVG as an event - being that nothing got through. I don't doubt that the http could be the source of a threat. This issue seems (to me) to be hedging itself into a software error, on the back end.

 

If I am some how repeating myself, I apologize - also for the time between replies, I work mid-shift.

 

I otherwise await your input. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 24 August 2017 - 07:37 AM



I have two documented situations were Chrome is infected with stubborn redirects.

The first one is Possible ENTERPRISE POLICY issues.

Read the instructions on this page if applicable.
http://forums.anvisoft.com/viewtopic-51-8494-0.html

Remove Installed by enterprise policy extension from Chrome if present.

If you find one and cannot remove it let me know the ID NUMBER that you have found.
<<<>>>

The next one is a situation with Mans-find.org “Virus” Removal

Again refer to this page.
https://www.bleepingcomputer.com/forums/t/636023/stubborn-adware/

If you find IweBar or something you do not recognize remove it.
<<<>>>

Let me know if it helps.

#11 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 24 August 2017 - 02:01 PM

There are no Enterprise Policy-forced extensions on google, just the following:

 

Attached File  Capture9.JPG   58.03KB   0 downloads

 

 

Internet Explorer had only the following extensions/add-ons:

 

Media Player

Silverlight

 

 

Regarding Mans-find.org “Virus” Removal and IweBar, I found nothing suspicious, as to my knowledge, relating to the originally posted topic

or IweBar specifically.

 

I did delete a task referencing pcalua.exe, with a path to my user download folder. I have had the task disabled for over a year, but decided to delete it along the lines of your instructions. 

 

 

 

I do have a screen shot of my media center folder within the task scheduler and would like your take on it:

 

Attached File  Capture10.JPG   95.17KB   0 downloads

 

 

And here is an unfiltered screenshot showing all task folders with current running tasks listed at bottom center - if you want screen shots focusing on running processes please let me know.

 

Attached File  Capture11.JPG   93.42KB   0 downloads

 

Current scheduled tasks (non-background):

 

Attached File  Capture12.JPG   37.07KB   0 downloads

 

 

Windows Start-Up (CCleaner):

 

Attached File  Capture13.JPG   24.69KB   0 downloads

 

 

Late edit to my response, I came across this setting looking into adobe flash via chrome://settings/content/flash:

 

Attached File  Capture14.JPG   37.33KB   0 downloads

 

The following was in your initial fixlist with FRST:

 

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

 

Maybe as a result of one of the extensions shown in Capture9; possibly unrelated but worth mentioning.

 

 

 

 

I was not under the impression to engage any scans with additional software, if that was to also be done please reiterate in your reply.

 

 

I am still not experiencing any issues outside of AVG being sudo-gimped, thank you again for your continued assistance.

 

 

 

 

 

 

 


Edited by CootBandiCatch, 24 August 2017 - 06:53 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 25 August 2017 - 06:44 AM

Hi,
 

The following was in your initial fixlist with FRST:
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]


I removed it with the fix. Sometimes it's compromised.

 

Maybe as a result of one of the extensions shown in Capture9; possibly unrelated but worth mentioning.

This looks like it's from Microsoft.
https://www.microsoft.com/en-ca/download/details.aspx?id=24776

===



:step1: I think it's time to remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

How is it now?

#13 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 25 August 2017 - 02:32 PM

I uninstalled Chrome per your instructions and then reinstalled it, Chrome has not been affected by the issue with AVG.

 

On the premise of an overall update, I had to re-delete the 00avg registry entries as I think they may have been brought back by my attempt at working with the AVG UI - I used the FRST fix entries as a guide. Before that I ran an ESET scan which returned 0 threats. AVG still updates definitions normally.

 

 

AVG situational recap:

 

All "unresolveable" threats were real-time blocks by AVG. Nothing was quarantined and there are no negative effects on regular browser usage.

 

AVG is not throwing out blocks unproductively or off-line. It simply won't allow specific/custom scans with the unresolved threats still posted as such - the fact that "File or Folder Scan Finished!" is shown over all blocked-threat entries, even ones that happened after the cancelled scan, seems buggy to me.

 

Attached File  Capture14.JPG   51.04KB   0 downloads

 

The third block is from an under maintained website of the 3D printing artist (Bathsheba Grossman); specifically a hyperlink directed to a defunct (now I know) bronze casting company.

 

You may recall my mentioning of the bottom two as IE tests of the original offending r20.gif http. 

 

 

An AVG re-install may be in the future.

 

 

 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 AM

Posted 26 August 2017 - 07:28 AM

Hi,

Is this the site that was/is giving you false positives from AVG?

https://www.bathsheba.com/

I opened that site with IE, Firefox and Chrome with out any errors from my Norton.

I even looked at the properties of the site and did not see any references to r20.gif

#15 CootBandiCatch

CootBandiCatch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 26 August 2017 - 06:13 PM

Bathsheba.com/gallery/bronze, the hyper link to "Brown Casting" within the text body - this is what provoked the resulting block of the http listed as the 3rd URL:MAL by AVG.

(Reference the last screenshot I uploaded my last post [Capture14.jpg]

 

This is not related to the original r20.gif http block by AVG, I decided it was best to explain why it was there than to leave a question for you to ask about it. I apologize if I confused the issue.

 

The r20.gif http was a dead tumblr page exploit as best I can figure, as to the page itself exploited - not what it would do to a PC.


Edited by CootBandiCatch, 26 August 2017 - 06:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users