Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wifi connect problem


  • This topic is locked This topic is locked
11 replies to this topic

#1 elbarney

elbarney

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 30 May 2018 - 06:34 PM

I am a Comcast customer.  They came and switched out my wifi/router combo due to frequent drops.  Since then, I have not been able to get on my personal wifi login - only the neighborhood "hot spot" which drops me more and more frequently.  I've run every malware cleaner I know. It gets better than worse than it was. If it matters, I have an SS OS drive and a regular data drive. The Comcast guy gave up telling me to wipe and reinstall (I'd rather not - but  . . .) and I don't know if that was laziness or really thinking this is viral. 

 

I've tried a couple of your DIYs that seemed to apply (specific virus description) but so far no joy.

 

What do you suggest? 

 

PS:  my printer is down - and I've been unemployed so getting another isn't an option at the moment. 

 

thank you


Edited by elbarney, 30 May 2018 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 04 June 2018 - 06:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678398 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 05 June 2018 - 09:22 AM

What I have for install is a flash drive.  It was used to install this OS so I guess it's the "original" 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018

Ran by Evelyn (administrator) on EVELYN-PC (05-06-2018 10:15:09)

Running from C:\Users\Evelyn\Desktop

Loaded Profiles: Evelyn (Available Profiles: Evelyn)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-05-30] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)

HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-04-14]

ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{58FA2EB3-CE1F-4C77-B34E-E12C8F37A594}: [DhcpNameServer] 172.16.1.2 68.87.71.226 68.87.73.242

Tcpip\..\Interfaces\{8065449D-2098-41E8-BCBD-73655AD956B9}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)

 

Chrome:

=======

CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl","hxxps://www.google.com/","hxxp://www.google.com/"

CHR Profile: C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default [2018-06-05]

CHR Extension: (Slides) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]

CHR Extension: (Calmly Writer) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhdlhedoenicbbncfckobjedmboleig [2018-04-12]

CHR Extension: (Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]

CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-12]

CHR Extension: (MEGA) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-05-24]

CHR Extension: (Skype Calling) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2018-04-12]

CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]

CHR Extension: (Walmart's Savings Spotter) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmelcnhnemihidpaehodijpamdaeeglh [2018-05-25]

CHR Extension: (Honey) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-21]

CHR Extension: (Resolution Switcher) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfpobndlielepmhenppdhjgpjkdkokmi [2018-04-12]

CHR Extension: (Adobe Acrobat) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-12]

CHR Extension: (Sheets) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]

CHR Extension: (Caret Browsing) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklpgenihifpccgiifchnihilipmbffg [2018-04-12]

CHR Extension: (Google Docs Offline) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-12]

CHR Extension: (AdBlock) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-25]

CHR Extension: (Pinterest Save Button) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-01]

CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2018-04-12]

CHR Extension: (NPR Infinite Player) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2018-04-12]

CHR Extension: (Google Keep - notes and lists) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-06-01]

CHR Extension: (META SEO inspector) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef [2018-04-12]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-12]

CHR Extension: (SWOOOP) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2018-04-12]

CHR Extension: (Grammarly for Chrome) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-05-25]

CHR Extension: (W3C HTML5 & CSS3 Validator) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobpbiokkobnmnaefmpcodeeficgbfkg [2018-04-12]

CHR Extension: (Netflix Categories) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbopcabgddpanjmeabponnjngbmemml [2018-04-12]

CHR Extension: (Google Keep Chrome Extension) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-05-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]

CHR Extension: (Mercury Reader) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-04-12]

CHR Extension: (Freelancy Time Tracker) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2018-04-12]

CHR Extension: (Gmail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-12]

CHR Extension: (Chrome Media Router) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [318328 2018-05-30] (AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-05-30] (AVG Technologies CZ, s.r.o.)

R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-05-15] (AVAST Software)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-05-30] (AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-05-30] (AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-05-30] (AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-05-30] (AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-05-30] (AVG Technologies CZ, s.r.o.)

S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-05-30] (AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-05-30] (AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-05-30] (AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-05-30] (AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-05-30] (AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-05-30] (AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-05-30] (AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-05-30] (AVG Technologies CZ, s.r.o.)

R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-05-30] (Zemana Ltd.)

R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-05-30] (Zemana Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-05 10:14 - 2018-06-05 10:14 - 002413056 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST64.exe

2018-06-03 20:59 - 2018-06-03 20:59 - 000021595 _____ C:\Users\Evelyn\Desktop\62227_1_468.jpeg

2018-06-03 20:58 - 2018-06-03 20:58 - 000047548 _____ C:\Users\Evelyn\Desktop\giant-madagascar-hissing-cockroach-brooch-live-insect-jewelry.htm

2018-06-02 22:03 - 2018-06-02 22:03 - 000029316 _____ C:\Users\Evelyn\Desktop\image.webp

2018-06-01 20:29 - 2018-06-01 20:29 - 004554694 _____ C:\Users\Evelyn\Desktop\VID-20180529-WA0002.mp4

2018-05-31 21:27 - 2018-06-05 10:15 - 000016382 _____ C:\Users\Evelyn\Desktop\FRST.txt

2018-05-31 21:27 - 2018-06-05 10:09 - 000023851 _____ C:\Users\Evelyn\Desktop\Addition.txt

2018-05-31 21:27 - 2018-05-31 21:27 - 000033647 _____ C:\Users\Evelyn\Desktop\Shortcut.txt

2018-05-31 21:26 - 2018-06-05 10:15 - 000000000 ____D C:\FRST

2018-05-30 20:13 - 2018-05-30 20:13 - 000001833 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk

2018-05-30 20:13 - 2018-05-30 20:13 - 000000000 ____D C:\Users\Evelyn\AppData\Roaming\AVG

2018-05-30 20:13 - 2018-05-30 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2018-05-30 20:11 - 2018-06-02 16:12 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update

2018-05-30 20:11 - 2018-05-30 20:11 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

2018-05-30 20:11 - 2018-05-30 20:11 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys

2018-05-30 20:11 - 2018-05-30 20:11 - 000000000 ____D C:\Windows\System32\Tasks\AVG

2018-05-30 20:09 - 2018-05-30 20:09 - 000000000 ____D C:\Program Files\AVG

2018-05-30 20:08 - 2018-05-30 20:08 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Evelyn\Desktop\avg_antivirus_free_setup_a2e.exe

2018-05-30 19:46 - 2018-05-30 19:46 - 000001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2018-05-30 19:46 - 2018-05-30 19:46 - 000001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2018-05-30 19:46 - 2018-05-30 19:46 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2018-05-30 19:46 - 2018-05-30 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2018-05-30 19:46 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe

2018-05-30 19:45 - 2018-06-03 22:30 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2018-05-30 19:45 - 2018-05-30 21:21 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy

2018-05-30 19:42 - 2018-05-30 19:44 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Evelyn\Desktop\spybotsd-2.7.64.0.exe

2018-05-30 19:17 - 2018-06-05 10:15 - 001424699 _____ C:\Windows\ZAM.krnl.trace

2018-05-30 19:17 - 2018-06-05 10:15 - 000194690 _____ C:\Windows\ZAM_Guard.krnl.trace

2018-05-30 19:17 - 2018-05-30 19:17 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys

2018-05-30 19:17 - 2018-05-30 19:17 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys

2018-05-30 19:17 - 2018-05-30 19:17 - 000001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2018-05-30 19:17 - 2018-05-30 19:17 - 000000000 ____D C:\Users\Evelyn\AppData\Local\Zemana

2018-05-30 19:17 - 2018-05-30 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2018-05-30 19:17 - 2018-05-30 19:17 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2018-05-30 19:16 - 2018-05-30 19:17 - 006625600 _____ (Zemana Ltd. ) C:\Users\Evelyn\Desktop\Zemana.AntiMalware.Setup.exe

2018-05-29 23:44 - 2018-05-29 23:45 - 000183442 _____ C:\TDSSKiller.3.1.0.17_29.05.2018_23.44.37_log.txt

2018-05-27 21:02 - 2018-05-27 21:02 - 003061258 _____ C:\Users\Evelyn\Desktop\1474500955395-how-to-draw-animals-guide_453007.pdf

2018-05-26 11:03 - 2018-05-26 11:03 - 000954430 _____ C:\Users\Evelyn\Desktop\Sold-seals.zip

2018-05-25 17:12 - 2018-05-25 17:12 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk

2018-05-25 17:12 - 2018-05-25 17:12 - 000002178 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk

2018-05-25 17:12 - 2018-05-25 17:12 - 000001790 _____ C:\Users\Evelyn\Desktop\URLLink (1).acsm

2018-05-25 17:12 - 2018-05-25 17:12 - 000000000 ____D C:\Users\Evelyn\AppData\Local\Adobe_Systems_Incorporate

2018-05-25 17:12 - 2018-05-25 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

2018-05-25 17:11 - 2018-05-25 17:22 - 000000000 ____D C:\Users\Evelyn\Documents\My Digital Editions

2018-05-25 17:10 - 2018-05-25 17:11 - 008905360 _____ (Adobe Systems Incorporated) C:\Users\Evelyn\Desktop\ADE_4.5_Installer.exe

2018-05-25 17:10 - 2018-05-25 17:10 - 000001790 _____ C:\Users\Evelyn\Desktop\URLLink.acsm

2018-05-25 09:46 - 2018-05-25 09:46 - 000014796 _____ C:\ComboFix.txt

2018-05-25 09:40 - 2018-05-25 09:46 - 000000000 ____D C:\ComboFix

2018-05-25 09:40 - 2011-06-26 02:45 - 000256000 _____ C:\Windows\PEV.exe

2018-05-25 09:40 - 2010-11-07 13:20 - 000208896 _____ C:\Windows\MBR.exe

2018-05-25 09:40 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2018-05-25 09:40 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2018-05-25 09:40 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2018-05-25 09:40 - 2000-08-30 20:00 - 000098816 _____ C:\Windows\sed.exe

2018-05-25 09:40 - 2000-08-30 20:00 - 000080412 _____ C:\Windows\grep.exe

2018-05-25 09:40 - 2000-08-30 20:00 - 000068096 _____ C:\Windows\zip.exe

2018-05-25 09:39 - 2018-05-25 09:46 - 000000000 ____D C:\Qoobox

2018-05-25 09:39 - 2018-05-25 09:45 - 000000000 ____D C:\Windows\erdnt

2018-05-25 09:38 - 2018-05-25 09:39 - 005660506 ____R (Swearware) C:\Users\Evelyn\Desktop\ComboFix.exe

2018-05-21 21:30 - 2018-05-21 21:33 - 075629776 _____ (Malwarebytes ) C:\Users\Evelyn\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe

2018-05-21 21:09 - 2018-05-21 21:09 - 000000000 ___RD C:\Program Files (x86)\Skype

2018-05-21 21:08 - 2018-05-21 21:09 - 000000000 ____D C:\ProgramData\Skype

2018-05-21 21:08 - 2018-05-21 21:08 - 000000000 ____D C:\ProgramData\Package Cache

2018-05-21 21:06 - 2018-05-21 21:07 - 000184132 _____ C:\TDSSKiller.3.1.0.17_21.05.2018_21.06.49_log.txt

2018-05-21 21:04 - 2018-05-21 21:04 - 000001914 _____ C:\Users\Evelyn\Desktop\Rkill.txt

2018-05-21 21:00 - 2018-06-05 10:14 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-05-21 21:00 - 2018-05-21 21:00 - 000000000 ____D C:\Program Files\Malwarebytes

2018-05-21 20:50 - 2018-05-21 20:55 - 000000000 ____D C:\AdwCleaner

2018-05-21 20:48 - 2018-05-21 20:48 - 004949824 _____ (AO Kaspersky Lab) C:\Users\Evelyn\Desktop\tdsskiller.exe

2018-05-21 20:46 - 2018-05-21 20:46 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Evelyn\Desktop\rkill.exe

2018-05-21 20:45 - 2018-05-21 20:51 - 074288784 _____ (Malwarebytes ) C:\Users\Evelyn\Desktop\mb3-setup-1878.1878-3.5.1.2522.exe

2018-05-20 11:20 - 2018-05-20 11:20 - 000287714 _____ C:\Users\Evelyn\Desktop\Miniature Book Spines and Charms _ to use with tutorial on Y… _ Flickr.html

2018-05-20 11:20 - 2018-05-20 11:20 - 000000000 ____D C:\Users\Evelyn\Desktop\Miniature Book Spines and Charms _ to use with tutorial on Y… _ Flickr_files

2018-05-09 04:04 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2018-05-09 04:04 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2018-05-09 04:04 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2018-05-09 04:04 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-05-09 04:04 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2018-05-09 04:04 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2018-05-09 04:04 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2018-05-09 04:04 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2018-05-09 04:04 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2018-05-09 04:04 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-05-09 04:04 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2018-05-09 04:04 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2018-05-09 04:04 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2018-05-09 04:04 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2018-05-09 04:04 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2018-05-09 04:04 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2018-05-09 04:04 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys

2018-05-09 04:04 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2018-05-09 04:04 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-05-09 04:04 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2018-05-09 04:04 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2018-05-09 04:04 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll

2018-05-09 04:04 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2018-05-09 04:04 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2018-05-09 04:04 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2018-05-09 04:04 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2018-05-09 04:04 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2018-05-09 04:04 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2018-05-09 04:04 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2018-05-09 04:04 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2018-05-09 04:04 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2018-05-09 04:04 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2018-05-09 04:04 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2018-05-09 04:04 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2018-05-09 04:04 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2018-05-09 04:04 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2018-05-09 04:04 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2018-05-09 04:04 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2018-05-09 04:04 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2018-05-09 04:04 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2018-05-09 04:04 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2018-05-09 04:04 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2018-05-09 04:04 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2018-05-09 04:04 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-05-09 04:04 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2018-05-09 04:04 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2018-05-09 04:04 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2018-05-09 04:04 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2018-05-09 04:04 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2018-05-09 04:04 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2018-05-09 04:04 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2018-05-09 04:04 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2018-05-09 04:04 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2018-05-09 04:04 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-05-09 04:04 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2018-05-09 04:04 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2018-05-09 04:04 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2018-05-09 04:04 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2018-05-09 04:04 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2018-05-09 04:04 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2018-05-09 04:04 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2018-05-09 04:04 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2018-05-09 04:04 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2018-05-09 04:04 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2018-05-09 04:04 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2018-05-09 04:04 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2018-05-09 04:04 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2018-05-09 04:04 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2018-05-09 04:04 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2018-05-09 04:04 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2018-05-09 04:04 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2018-05-09 04:04 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2018-05-09 04:04 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2018-05-09 04:04 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2018-05-09 04:04 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2018-05-09 04:04 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2018-05-09 04:04 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2018-05-09 04:04 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2018-05-09 04:04 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2018-05-09 04:04 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2018-05-09 04:04 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2018-05-09 04:04 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2018-05-09 04:04 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2018-05-09 04:04 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2018-05-09 04:04 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2018-05-09 04:04 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2018-05-09 04:04 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2018-05-09 04:04 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2018-05-09 04:04 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2018-05-09 04:04 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2018-05-09 04:04 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2018-05-09 04:04 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2018-05-09 04:04 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2018-05-09 04:04 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2018-05-09 04:04 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2018-05-09 04:04 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2018-05-09 04:04 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2018-05-09 04:04 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx

2018-05-09 04:04 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll

2018-05-09 04:04 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx

2018-05-09 04:04 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll

2018-05-09 04:04 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe

2018-05-09 04:04 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe

2018-05-09 04:04 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll

2018-05-09 04:04 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll

2018-05-09 04:04 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll

2018-05-09 04:04 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll

2018-05-09 04:04 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2018-05-09 04:04 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

2018-05-09 04:04 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll

2018-05-09 04:04 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

2018-05-09 04:04 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2018-05-09 04:04 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

2018-05-09 04:04 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

2018-05-09 04:04 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll

2018-05-09 04:04 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-05-09 04:04 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2018-05-09 04:04 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2018-05-09 04:04 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2018-05-09 04:04 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2018-05-09 04:04 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2018-05-09 04:04 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2018-05-09 04:04 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2018-05-09 04:04 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2018-05-09 04:04 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2018-05-09 04:04 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2018-05-09 04:04 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2018-05-09 04:04 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2018-05-09 04:04 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2018-05-09 04:04 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2018-05-09 04:04 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2018-05-09 04:04 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2018-05-09 04:04 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2018-05-09 04:04 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2018-05-09 04:04 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2018-05-09 04:04 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2018-05-09 04:04 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2018-05-09 04:04 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-05 10:08 - 2018-01-10 12:22 - 000000000 ____D C:\Users\Evelyn\AppData\Roaming\Skype

2018-06-05 05:18 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-06-05 05:18 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-06-05 05:10 - 2016-06-30 10:48 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA32925D-8BA3-4CF6-80B1-4D3B30A0B49C}

2018-06-03 22:36 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI

2018-06-03 22:36 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf

2018-06-03 22:30 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-06-02 16:09 - 2018-04-14 16:08 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update

2018-06-02 08:55 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF

2018-05-30 21:36 - 2018-01-09 14:52 - 000000000 ____D C:\Users\Evelyn\AppData\Local\Avg

2018-05-30 20:13 - 2018-01-09 14:52 - 000000000 ____D C:\ProgramData\Avg

2018-05-30 20:13 - 2018-01-09 14:52 - 000000000 ____D C:\Program Files (x86)\AVG

2018-05-30 19:17 - 2016-06-30 10:23 - 000000000 ____D C:\Users\Evelyn

2018-05-25 17:11 - 2016-06-30 11:23 - 000000000 ____D C:\Program Files (x86)\Adobe

2018-05-25 09:45 - 2009-07-13 22:34 - 000000215 _____ C:\Windows\system.ini

2018-05-21 21:30 - 2018-04-12 11:08 - 000000000 ____D C:\ProgramData\AVAST Software

2018-05-21 09:21 - 2018-04-28 18:32 - 000000000 _____ C:\Windows\SysWOW64\last.dump

2018-05-18 15:25 - 2018-04-12 11:20 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2018-05-18 15:25 - 2018-04-12 11:20 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2018-05-17 16:39 - 2018-04-12 11:21 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-05-15 18:19 - 2016-06-30 11:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2018-05-15 18:19 - 2016-06-30 11:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2018-05-15 16:09 - 2018-04-14 16:08 - 000000000 ____D C:\Users\Evelyn\AppData\Roaming\Avast Tuneup

2018-05-13 04:39 - 2018-04-12 11:04 - 000000000 ____D C:\Users\Evelyn\AppData\Local\ElevatedDiagnostics

2018-05-11 19:18 - 2018-01-09 16:45 - 000000000 ____D C:\Users\Evelyn\AppData\Local\Microsoft Games

2018-05-11 15:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache

2018-05-10 03:24 - 2009-07-14 00:45 - 000408800 _____ C:\Windows\system32\FNTCACHE.DAT

2018-05-10 03:06 - 2018-01-10 04:02 - 000000000 ____D C:\Windows\system32\MRT

2018-05-10 03:04 - 2018-01-10 04:02 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2018-05-10 03:04 - 2018-01-10 04:02 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2018-05-10 03:04 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared

2018-05-10 03:01 - 2018-02-10 13:51 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2018-05-08 22:31 - 2016-06-30 11:52 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2018-05-08 22:31 - 2016-06-30 11:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2018-05-08 22:31 - 2016-06-30 11:52 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2018-05-08 22:31 - 2016-06-30 11:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed

2018-05-08 22:31 - 2016-06-30 11:52 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2018-04-12 11:11 - 2018-04-12 11:12 - 004096000 _____ () C:\Program Files (x86)\GUT1AB1.tmp

Some files in TEMP:

====================

2018-05-25 17:12 - 2018-05-25 17:12 - 000179408 ____T (Symantec Corporation) C:\Users\Evelyn\AppData\Local\Temp\SCC.dll

2018-05-27 20:13 - 2018-05-27 20:14 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Evelyn\AppData\Local\Temp\SkypeSetup.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-30 06:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Evelyn (05-06-2018 10:15:31)
Running from C:\Users\Evelyn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-06-30 14:23:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2902289068-1233731407-2539393651-500 - Administrator - Disabled)
Evelyn (S-1-5-21-2902289068-1233731407-2539393651-1000 - Administrator - Enabled) => C:\Users\Evelyn
Guest (S-1-5-21-2902289068-1233731407-2539393651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2902289068-1233731407-2539393651-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.8 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4840 - AVAST Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
ColorPro 2.6 (HKLM-x32\...\{e9f4db7c-7f0b-432e-a256-c3839197a34c}_is1) (Version:  - Iconico, Inc.)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{A7DFB089-B91A-4EF4-AB8D-66FB66E5114F}) (Version: 6.6.133 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\...\{c82ddcda-ec3f-45d9-a5e7-7628b4459848}) (Version: 6.6.133 - Grammarly)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2902289068-1233731407-2539393651-1000_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Evelyn\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.133\C6CAEB9F7A\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2902289068-1233731407-2539393651-1000_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-05-30] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-05-30] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-05-30] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-05-30] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07AF0FC9-42F9-47C1-BA73-F5AD87DA2688} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-05-30] (AVG Technologies CZ, s.r.o.)
Task: {409D2FAF-46FD-4FD5-98BB-97F1831304AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-12] (Google Inc.)
Task: {57296F2A-8A34-40CE-8AAA-736B8D455F7C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-31] (AVAST Software)
Task: {66DAEF32-2EA5-43FF-A7F2-1B0EFB474064} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {6B3EB561-3D07-4D12-A9C4-57732F2B8B15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {70B7FB25-775B-4A87-BAE8-CE90469F452A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-12] (Google Inc.)
Task: {96CF342E-48F5-4CF0-8F93-3AA08BB9113B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B5884A17-D5FD-41FD-B97B-2D7A4887C6F5} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-05-15] (AVAST Software)
Task: {B8140AA6-AA41-4BC9-8DDD-E27F952D65BF} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-05-31] (AVG Technologies CZ, s.r.o.)
Task: {DE39CBEB-3C2D-4B3B-BCA8-BD035524EC89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {F6D64295-505D-4A7D-813C-9AD333E95396} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calmly Writer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=adhdlhedoenicbbncfckobjedmboleig
ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SWOOOP.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jblimahfbhdcengjfbdpdngcfcghladf
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-30 19:17 - 2018-05-30 19:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000738032 _____ () c:\Program Files\AVG\Antivirus\x64\vaarclient.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 001067248 _____ () C:\Program Files\AVG\Antivirus\x64\ffl2.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000595696 _____ () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-05-17 16:39 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 16:39 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000481008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000886512 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-05-30 20:13 - 2018-05-30 20:13 - 000925936 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000983792 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-05-30 20:11 - 2018-05-30 20:11 - 000520944 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-06-05 05:50 - 2018-06-05 05:50 - 005851376 _____ () C:\Program Files\AVG\Antivirus\defs\18060500\algo.dll
2018-06-05 10:06 - 2018-06-05 10:06 - 005851376 _____ () C:\Program Files\AVG\Antivirus\defs\18060502\algo.dll
2018-05-30 20:13 - 2018-05-30 20:13 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-14 16:08 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-05-25 09:45 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2902289068-1233731407-2539393651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0D407621-837A-4A3A-8D3B-3D4860385AEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{540ECFDD-915D-476B-91D5-0CF2C3706459}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{56EA1F32-DE6E-4A7D-A3F3-57EFB991059F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
25-05-2018 09:14:12 Windows Update
29-05-2018 09:29:45 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2018 10:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/03/2018 08:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/02/2018 04:31:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/02/2018 08:57:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/01/2018 06:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 11:14:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 08:56:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/30/2018 11:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/03/2018 10:27:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/03/2018 08:30:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/02/2018 04:30:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/02/2018 08:56:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/01/2018 06:08:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
Error: (06/01/2018 06:07:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/01/2018 06:07:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (05/31/2018 11:12:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-25 09:45:00.088
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-05-25 09:45:00.019
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1045T Processor
Percentage of memory in use: 30%
Total physical RAM: 8191.28 MB
Available physical RAM: 5686.54 MB
Total Virtual: 16380.72 MB
Available Virtual: 12612.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:18.17 GB) NTFS
Drive e: () (Fixed) (Total:908.52 GB) (Free:94.94 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{7f8ddfcb-3ee5-11e6-b784-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: EAC5E03D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=908.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=23 GB) - (Type=42)
 
==================== End of Addition.txt ============================

Edited by elbarney, 05 June 2018 - 11:55 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 10 June 2018 - 07:58 PM

Greetings elbarney and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. This issue does not appear to be malware related. We can do some poking around but I may end up referring you to BleepingComputer's Networking Forum.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste this information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
U5 AppMgmt; C:\Windows\system32\svchost.exe
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2018-05-25 17:12 - 2018-05-25 17:12 - 000179408 ____T (Symantec Corporation) C:\Users\Evelyn\AppData\Local\Temp\SCC.dll
2018-05-27 20:13 - 2018-05-27 20:14 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Evelyn\AppData\Local\Temp\SkypeSetup.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • A SystemSummary flie will be created on your Desktop. Attach that file to your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right click JRT.exe and select Run as administrator
  • Press any key to continue
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Avast Cleanup Premium
AVG AntiVirus FREE
Spybot - Search & Destroy
Zemana AntiMalware
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
  • Reboot your computer into Normal Boot and check the performance and Internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached System Summary file
  • Junkware report
  • MTB.txt
  • Programs uninstall?
  • Computer/Internet performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 10 June 2018 - 08:16 PM

Thank you for your reply, Gary.  Yes, my friends call me Ev or Evelyn.  I do have one question before I proceed.  I removed Malware Bites as the trial had expired.  If I remove all the programs you list, I will have no antivirus at all.  Of the free programs available - which one do you recommend?

 

Cheers, 

 

Ev      :huh:


Edited by elbarney, 10 June 2018 - 08:17 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 10 June 2018 - 08:33 PM

Hi Ev.

I want to remove those programs for a very short period of time to see if any of them are affecting your Wifi connection. Once we get through all the steps in this post and check your computer/Internet performance we will install an antivirus program before continuing on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 10 June 2018 - 08:41 PM

got it



#8 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 10 June 2018 - 09:04 PM

I know I'm going to feel like an idiot as soon as you point this out - but I don't see an attach icon.  Just before I saw your reply, I had taken some prescription antihistamines and am now quite woozy.  I'll have to reinstall AVG and get back to this tomorrow.  

 

My apologies.

 

Thank you for your patience. 

 

I should also tell you that Comcast called in reply to an email I sent them about this. They agree with you that this is not a malware issue.  They are sending a tech out on Tuesday.  Still, I'd like to be able to point to evidence that this is not viral  (since no aging woman - even one who once worked in IT when she had to schlep heavy towers and CRT monitors up and down the school halls - could POSSIBLY know what she is talking about on her own ;) )



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 10 June 2018 - 09:14 PM

No problem Ev.

See here on how to attach the file and we will touch base tomorrow after a good night's sleep. :)

 

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 11 June 2018 - 10:17 AM

Hi Gary, 

 

I'm more convinced than ever that this problem is NOT malware - and may be mechanical.  I'm going to thank you for your time and close this thread.  (or perhaps you have to do that?)  If the issue continues after the Comcast tech comes - I'll be back ;)

 

Ev



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 11 June 2018 - 10:20 AM

Hi Ev.

OK, I will close the topic. If necessary, send me a Personal Message to re-open the topic and we will continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 12 June 2018 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users