Sponsored By

Sign in to follow this  
Followers 0
MissMary

help with virus

31 posts in this topic

Computer running very slow, need to restart frequently to make computer work.  Unable to install updates from virus protection I have purchased.

Share this post


Link to post
Share on other sites


Howdy MissMary and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

===================================

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

NEXT

 

    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>> https://www.malwarebytes.org/antimalware/
      Click the FREE version !!
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

 

Post for me to review:

1. AdwCleaner log

2. JRT log

3. Malwarebytes log

 

Work on these as time permits you !!

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

AdwCleaner v5.102 - Logfile created 16/03/2016 at 13:35:21
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mary - MARY-PC
# Running from : C:\Users\Mary\Downloads\adwcleaner_5.102(1).exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKCU\Software\DesktopDockApp
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnTBMon

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2945 bytes] - [16/03/2016 13:35:21]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2982 bytes] - [16/03/2016 13:28:40]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3131 bytes] ##########

 

Share this post


Link to post
Share on other sites

Mary, nothing real serious so far a bunch of junk that needed to go !!!

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

kware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mary (Administrator) on Wed 03/16/2016 at 14:08:06.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 23

Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/16/2016 at 14:10:07.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Share this post


Link to post
Share on other sites

Good job so far ! It's starting to clean up good ! What made you think it was infected with a virus ?? We have more to do so it will show up if you do !! Either way it did need a good cleaning !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Mary, If you have a virus i will find it ! But it never hurts to clean a computer every 6 months so it does not slow down !

When you get time get me the Malwarebytes Log please !

 

Chuck

 

 

Share this post


Link to post
Share on other sites

Mary after you get me the Malwarebytes log run this program below also & post the logs !!

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

 

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

Morning Mary,

To find Malwarebytes log !
Open Malwarebytes Icon on your desk top, DO NOT run the scan !!!

Click "History" and "Delete All" !!
Click "Applicattion Logs" ............ Click "Scan Log"  .......... click "Export" ...... Click "text file" (*.txt) name it "MBAM"  ..... Save ..... click "Open" !!


Open%20Malwarebytes%20located%20on%20you

 

 

 

The DDS log should of pop-ed up like the other programs ! Are the on your desk top, if not run the program again  ?

 

Thanks

Chuck

 

 

 

 

Share this post


Link to post
Share on other sites

Post the DDS logs next Mary !!

Thanks

Chuck

 

Share this post


Link to post
Share on other sites

unkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mary (Administrator) on Wed 03/16/2016 at 14:08:06.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 23

Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5E5M1O6E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94JRLHGI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWH8KXLT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB6J0K9U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJPQ5BOK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5MN4JZA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI6MZ3VN (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/16/2016 at 14:10:07.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Share this post


Link to post
Share on other sites

Mary that is the log from Junkware Removal tool you posted yesterday ! Try to get me a DDS Log please ! It's ok, i know you worked late last night !

 

Thank You

Chuck

Share this post


Link to post
Share on other sites

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18231  BrowserJavaVersion: 11.45.2
Run by Mary at 13:12:28 on 2016-03-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3984.1348 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Outdated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AV: AVG AntiVirus 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Outdated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [SmileboxTray] "C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe" C:\Program Files (x86)\AVG\AVG2015\avgui.exe
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}\2656C6B696E6E2168356E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}\2656C6B696E6E2733383E2765756374737 : DHCPNameServer = 192.168.169.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\v2bmvnc9.default-1456672828127\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2016-1-13 299440]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2016-1-22 255920]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-14 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-14 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-14 20464]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-12-16 315312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-12-16 296368]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-8-4 300464]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-1-14 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2014-10-28 322176]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2016-2-4 3646888]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-2-18 1045928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2016-2-4 335656]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-14 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-3-16 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-3-16 1135416]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-1-14 246488]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2014-1-14 1911312]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2016-2-15 4364200]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-14 368624]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-14 790000]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-3-16 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-3-16 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-3-16 63704]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-1-14 326368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-14 872152]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-1-14 34544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2016-2-15 32304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;"C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe" --> C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [?]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-1-30 23760]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-1-30 23312]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-1-14 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-14 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2014-1-14 30448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-9 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2016-03-16 19:26:35    192216    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-03-16 19:24:51    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2016-03-16 19:24:51    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2016-03-16 19:24:51    109272    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2016-03-16 19:24:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2016-03-16 19:24:51    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-16 18:28:08    --------    d-----w-    C:\Program Files (x86)\AdwCleaner
2016-03-09 18:43:34    5572032    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2016-03-09 18:42:55    381440    ----a-w-    C:\Windows\System32\mfds.dll
2016-02-21 05:13:09    30208    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPDBX.DLL
2016-02-21 05:13:09    101888    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPPBX.DLL
2016-02-21 05:12:58    391168    ----a-w-    C:\Windows\System32\CNMLMBX.DLL
2016-02-21 05:11:27    367104    ----a-w-    C:\Windows\System32\CNC_BXL.dll
2016-02-21 05:11:27    282624    ----a-w-    C:\Windows\System32\CNC_BXC.dll
2016-02-21 05:11:27    106496    ----a-w-    C:\Windows\System32\CNC_BXI.dll
2016-02-21 04:59:18    98816    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPPAQ.DLL
2016-02-21 04:59:18    30208    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPDAQ.DLL
2016-02-21 04:59:02    385536    ----a-w-    C:\Windows\System32\CNMLMAQ.DLL
2016-02-21 04:47:19    373248    ----a-w-    C:\Windows\System32\CNC_AQL.dll
2016-02-21 04:47:19    323584    ----a-w-    C:\Windows\SysWow64\CNC_AQL.dll
2016-02-21 04:47:19    302080    ----a-w-    C:\Windows\System32\CNC_AQC.dll
2016-02-21 04:47:19    17920    ----a-w-    C:\Windows\System32\CNHMCA6.dll
2016-02-21 04:47:19    15872    ----a-w-    C:\Windows\SysWow64\CNHMCA.dll
2016-02-21 04:47:19    114688    ----a-w-    C:\Windows\SysWow64\CNC_AQU.dll
2016-02-21 04:47:19    112128    ----a-w-    C:\Windows\System32\CNC_AQI.dll
2016-02-17 05:34:05    37288    ----a-w-    C:\Windows\System32\authuitu.dll
2016-02-17 05:34:05    32680    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2016-02-17 05:34:02    48552    ----a-w-    C:\Windows\System32\uxtuneup.dll
2016-02-17 05:34:02    42408    ----a-w-    C:\Windows\SysWow64\uxtuneup.dll
.
==================== Find3M  ====================
.
2016-03-10 20:24:17    797376    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2016-03-10 20:24:17    142528    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-19 19:02:43    38336    ----a-w-    C:\Windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11    1168896    ----a-w-    C:\Windows\System32\aeinv.dll
2016-02-19 14:07:35    1373184    ----a-w-    C:\Windows\System32\appraiser.dll
2016-02-15 16:36:22    45992    ----a-w-    C:\Windows\System32\TURegOpt.exe
2016-02-12 18:52:23    98816    ----a-w-    C:\Windows\System32\wudriver.dll
2016-02-12 18:52:23    3169792    ----a-w-    C:\Windows\System32\wucltux.dll
2016-02-12 18:52:23    192512    ----a-w-    C:\Windows\System32\wuwebv.dll
2016-02-12 18:44:43    91136    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2016-02-12 18:39:55    174080    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2016-02-12 18:18:22    37888    ----a-w-    C:\Windows\System32\wuapp.exe
2016-02-12 18:18:05    12288    ----a-w-    C:\Windows\System32\wu.upgrade.ps.dll
2016-02-12 18:05:17    93696    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2016-02-12 18:05:13    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2016-02-11 18:56:26    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2016-02-11 18:56:26    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2016-02-11 18:52:52    1733592    ----a-w-    C:\Windows\System32\ntdll.dll
2016-02-11 18:49:42    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2016-02-11 18:49:42    243712    ----a-w-    C:\Windows\System32\wow64.dll
2016-02-11 18:49:42    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2016-02-11 18:49:24    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2016-02-11 18:49:19    210432    ----a-w-    C:\Windows\System32\wdigest.dll
2016-02-11 18:49:08    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2016-02-11 18:49:00    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2016-02-11 18:49:00    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2016-02-11 18:48:58    503808    ----a-w-    C:\Windows\System32\srcore.dll
2016-02-11 18:48:58    50176    ----a-w-    C:\Windows\System32\srclient.dll
2016-02-11 18:48:16    28160    ----a-w-    C:\Windows\System32\secur32.dll
2016-02-11 18:48:14    344064    ----a-w-    C:\Windows\System32\schannel.dll
2016-02-11 18:48:12    1214464    ----a-w-    C:\Windows\System32\rpcrt4.dll
2016-02-11 18:47:33    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2016-02-11 18:45:59    312320    ----a-w-    C:\Windows\System32\ncrypt.dll
2016-02-11 18:45:56    315392    ----a-w-    C:\Windows\System32\msv1_0.dll
2016-02-11 18:45:51    60416    ----a-w-    C:\Windows\System32\msobjs.dll
2016-02-11 18:45:35    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2016-02-11 18:44:45    3994560    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44:45    3938240    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44:42    1461248    ----a-w-    C:\Windows\System32\lsasrv.dll
2016-02-11 18:44:34    730112    ----a-w-    C:\Windows\System32\kerberos.dll
2016-02-11 18:44:34    422400    ----a-w-    C:\Windows\System32\KernelBase.dll
2016-02-11 18:42:25    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2016-02-11 18:42:24    43520    ----a-w-    C:\Windows\System32\cryptbase.dll
2016-02-11 18:42:24    22016    ----a-w-    C:\Windows\System32\credssp.dll
2016-02-11 18:38:24    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2016-02-11 18:38:24    665088    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2016-02-11 18:38:24    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2016-02-11 18:38:23    275456    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2016-02-11 18:38:07    171520    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2016-02-11 18:38:00    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2016-02-11 18:37:53    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2016-02-11 18:37:11    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2016-02-11 18:37:09    251392    ----a-w-    C:\Windows\SysWow64\schannel.dll
2016-02-11 18:35:14    223232    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2016-02-11 18:35:09    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2016-02-11 18:35:06    60416    ----a-w-    C:\Windows\SysWow64\msobjs.dll
2016-02-11 18:34:26    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2016-02-11 18:33:30    553472    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2016-02-11 18:31:25    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2016-02-11 17:48:11    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2016-02-11 17:43:48    50176    ----a-w-    C:\Windows\SysWow64\auditpol.exe
2016-02-11 17:41:42    338432    ----a-w-    C:\Windows\System32\conhost.exe
2016-02-11 17:40:09    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2016-02-11 17:34:45    159232    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2016-02-11 17:34:01    290816    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2016-02-11 17:33:54    129024    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2016-02-11 17:32:46    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2016-02-11 17:32:46    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2016-02-11 17:32:45    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2016-02-11 17:32:43    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2016-02-11 17:32:25    30720    ----a-w-    C:\Windows\System32\lsass.exe
2016-02-11 17:32:18    112640    ----a-w-    C:\Windows\System32\smss.exe
2016-02-11 17:31:01    36352    ----a-w-    C:\Windows\SysWow64\cryptbase.dll
2016-02-11 17:30:47    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 17:30:47    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 17:30:47    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 17:30:47    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 14:07:46    689152    ----a-w-    C:\Windows\System32\generaltel.dll
2016-02-09 09:57:08    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2016-02-09 09:56:09    5120    ----a-w-    C:\Windows\System32\msdxm.ocx
2016-02-09 09:56:09    5120    ----a-w-    C:\Windows\System32\dxmasf.dll
2016-02-09 09:55:34    30720    ----a-w-    C:\Windows\System32\seclogon.dll
2016-02-09 09:54:38    9728    ----a-w-    C:\Windows\System32\spwmp.dll
2016-02-09 09:51:32    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2016-02-09 09:13:14    4096    ----a-w-    C:\Windows\SysWow64\msdxm.ocx
2016-02-09 09:13:14    4096    ----a-w-    C:\Windows\SysWow64\dxmasf.dll
2016-02-09 09:13:10    8192    ----a-w-    C:\Windows\SysWow64\spwmp.dll
2016-02-08 20:51:13    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2016-02-08 20:39:06    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2016-02-08 20:39:06    496640    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2016-02-08 20:38:29    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2016-02-08 20:38:20    341504    ----a-w-    C:\Windows\SysWow64\html.iec
2016-02-08 20:37:31    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2016-02-08 20:28:52    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2016-02-08 20:28:32    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2016-02-08 20:16:21    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-02-08 20:10:37    4611072    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2016-02-08 20:01:48    2050560    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2016-02-08 20:01:43    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2016-02-08 19:43:04    2121216    ----a-w-    C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 13:13:31.40 ===============

 

DDS.txt

Share this post


Link to post
Share on other sites

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2014 3:27:56 PM
System Uptime: 3/17/2016 11:21:07 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0MJNYC
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz | U3E1 | 1683/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 366.996 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 22 GiB total, 11.587 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{13B67E97-545B-41DC-AC44-6FEDE5FE6087}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{13B67E97-545B-41DC-AC44-6FEDE5FE6087}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{61118058-486C-4BB0-B4B8-ACE4DCADEC44}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8855C1D2-9BFE-4B96-BCBF-CBB9682C76BD}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8855C1D2-9BFE-4B96-BCBF-CBB9682C76BD}_LOCALMFG&0000\8&1EB887E6&0&000000000000_00000000
Service:
.
==== System Restore Points ===================
.
RP214: 2/26/2016 3:00:26 AM - Windows Update
RP215: 3/5/2016 1:13:48 PM - Scheduled Checkpoint
RP216: 3/10/2016 3:00:48 AM - Windows Update
RP217: 3/14/2016 3:00:33 AM - Windows Update
RP218: 3/16/2016 2:08:11 PM - JRT Pre-Junkware Removal
.
==== Installed Programs ======================
.
Adobe Flash Player 21 ActiveX
Adobe Flash Player 21 NPAPI
Adobe Reader XI (11.0.06)  MUI
Adobe Reader XI (11.0.15)
Adobe Refresh Manager
Amped Wireless High Power Wireless-N Pro USB Adapter Driver
AVG 2015
AVG PC TuneUp
Business Contact Manager for Microsoft Outlook 2010
Canon MG2100 series MP Drivers
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB3114887) 32-Bit Edition
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Edoc Viewer
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
FMW 1
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 8 Update 45
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft .NET Framework 4.6.1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Movie Maker
Mozilla Firefox 44.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Photo Common
Photo Gallery
Qualcomm Atheros Bluetooth Suite (64)
Realtek Ethernet Controller All-In-One Windows Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition
Security Update for Microsoft Excel 2010 (KB3114759) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB3114883) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3114396) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114402) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3114878) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Smilebox
Sql Server Customer Experience Improvement Program
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Update for Microsoft Office 2010 (KB3085512) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VisualRoute
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Find My Laptop
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
3/17/2016 4:08:00 AM, Error: Service Control Manager [7000]  - The ZoneAlarm AntiTheft service failed to start due to the following error:  The system cannot find the file specified.
3/17/2016 11:40:37 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/16/2016 3:07:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
3/16/2016 3:07:42 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/16/2016 3:07:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/16/2016 11:53:36 AM, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0 The details view of this entry contains further information.
3/16/2016 1:36:17 PM, Error: Service Control Manager [7038]  - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/16/2016 1:36:17 PM, Error: Service Control Manager [7000]  - The Print Spooler service failed to start due to the following error:  The service did not start due to a logon failure.
3/16/2016 1:36:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll
3/16/2016 1:35:50 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
3/16/2016 1:35:21 PM, Error: Service Control Manager [7034]  - The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:21 PM, Error: Service Control Manager [7034]  - The Office  Source Engine service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:20 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:20 PM, Error: Service Control Manager [7034]  - The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:20 PM, Error: Service Control Manager [7034]  - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:20 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/16/2016 1:35:20 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/16/2016 1:35:19 PM, Error: Service Control Manager [7034]  - The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:19 PM, Error: Service Control Manager [7034]  - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:19 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/16/2016 1:35:19 PM, Error: Service Control Manager [7031]  - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
3/16/2016 1:35:19 PM, Error: Service Control Manager [7031]  - The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 250 milliseconds: Restart the service.
3/16/2016 1:35:18 PM, Error: Service Control Manager [7034]  - The AtherosSvc service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:18 PM, Error: Service Control Manager [7034]  - The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:18 PM, Error: Service Control Manager [7031]  - The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
3/16/2016 1:35:17 PM, Error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:17 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
3/16/2016 1:35:17 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2016 1:48:11 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
3/10/2016 12:49:18 PM, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
3/10/2016 1:15:14 PM, Error: Service Control Manager [7024]  - The TrueVector Internet Monitor service terminated with service-specific error The operation completed successfully..
.
==== End Of File ===========================

 

Share this post


Link to post
Share on other sites

Mary, thanks that was the logs i needed. I need you to go to Control Panel/ Uninstall Programs and remove/uninstall this >>> AVG PC TuneUp !! Let me know if you did this ??

NEXT

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

http://www.bleepingcomputer.com/download/securitycheck/dl/123/

 

 

NEXT

 

Download OldTimer to your desk top !
Links: http://www.majorgeeks.com/mg/get/otl_(oldtimers_list_it),1.html
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

Almost done hang in there a little longer, if you don't get this done before you go to work we will finish tomorrow !!

Thanks

Chuck

Share this post


Link to post
Share on other sites

Thanks Mary, now when ever you get time the Security Check & OTL logs please !!

Chuck

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ZoneAlarm Extreme Security Antivirus   
AVG AntiVirus 2015                     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player 21.0.0.182  
 Adobe Reader XI  
 Mozilla Firefox (45.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Share this post


Link to post
Share on other sites

OTL logfile created on: 3/20/2016 1:27:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mary\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.31% Memory free
7.78 Gb Paging File | 5.61 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 366.48 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive Y: | 21.67 Gb Total Space | 11.59 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
 
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/03/20 01:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Downloads\OTL.exe
PRC - [2016/03/19 10:31:01 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/03/10 15:24:17 | 003,446,976 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
PRC - [2016/02/04 17:51:04 | 003,646,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2016/02/04 17:48:08 | 003,795,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2016/02/04 17:41:40 | 000,335,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2016/02/04 17:39:42 | 000,436,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe
PRC - [2015/12/14 00:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/11/19 16:39:58 | 000,341,976 | ---- | M] (Smilebox, Inc.) -- C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/04/02 02:40:46 | 003,673,448 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2015/04/02 02:39:50 | 000,134,792 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/09/05 11:02:16 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/08/30 22:18:16 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/08/30 15:18:20 | 004,128,784 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/08/30 15:18:06 | 001,911,312 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/06/01 07:31:08 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/06/01 07:31:06 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/03/10 15:41:59 | 001,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\7f9ec71afa900c872f939e54fa4e4d95\System.ServiceModel.Web.ni.dll
MOD - [2016/03/10 15:41:54 | 000,516,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\98ac79296c7352c56a3af1ad4734031a\System.Net.Http.ni.dll
MOD - [2016/03/10 15:41:53 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ef2e5e601d8fd0804e446172490c7da3\System.IdentityModel.ni.dll
MOD - [2016/03/10 15:41:51 | 019,425,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\2a8713eedeaf6d6c00948d77ff3581ea\System.ServiceModel.ni.dll
MOD - [2016/03/10 15:41:31 | 000,390,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8d7428e22cc38e3f9e767316ea20dbf8\System.Xml.Linq.ni.dll
MOD - [2016/03/10 15:24:16 | 019,397,824 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
MOD - [2016/03/10 04:18:36 | 019,069,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9aff68eb3524d70dd775756cbd2635e9\PresentationFramework.ni.dll
MOD - [2016/03/10 04:18:19 | 011,557,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\95b7e5d848244f4419f95388bdd1cee9\PresentationCore.ni.dll
MOD - [2016/03/10 04:18:04 | 012,944,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d5e32df5d21eeb0f6fbf3d41ef612a60\System.Windows.Forms.ni.dll
MOD - [2016/03/10 04:18:02 | 003,973,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\88f184ed14ba3012f0a1ed5b2738e3a4\WindowsBase.ni.dll
MOD - [2016/03/10 04:17:59 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da4d29a50a176623f5153506820ec374\System.Configuration.ni.dll
MOD - [2016/03/10 04:17:57 | 007,516,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\da179dca12c65389f0de319660361465\System.Core.ni.dll
MOD - [2016/03/10 04:17:52 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\316017ca4449d37ac373dba24f8e5684\System.Xaml.ni.dll
MOD - [2016/03/10 04:17:51 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\c45d576e325941bc8f78ec39950a88e3\PresentationFramework.Aero.ni.dll
MOD - [2016/02/11 04:05:01 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cebdd889c7234fcae5cfb871a95e35a3\System.Drawing.ni.dll
MOD - [2016/02/11 04:03:22 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ffcfe63b55aad9fa5f53c1d3794ddfc2\System.ServiceModel.Internals.ni.dll
MOD - [2016/02/11 04:03:22 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\06c07175fe9e7bf18cd1c8d9f85614f3\SMDiagnostics.ni.dll
MOD - [2016/02/11 04:03:21 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\37523c98ca4b37b2a6d189294e443202\System.Runtime.Serialization.ni.dll
MOD - [2016/02/11 04:03:20 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a0ff5cf8fa18aa8b462fc3d07f25e8fc\System.Xml.ni.dll
MOD - [2016/02/11 04:03:15 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ada1627a652c6c1e7e89f270d9e3b786\System.Management.ni.dll
MOD - [2016/02/11 04:03:11 | 009,981,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0b980f1580b78efeb67af4884ae21c00\System.ni.dll
MOD - [2016/02/10 12:36:53 | 018,120,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/22 16:26:28 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/11/26 00:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/26 00:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2016/03/19 10:30:59 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/03/10 15:24:31 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/02/04 17:51:04 | 003,646,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2016/02/04 17:41:40 | 000,335,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2015/12/14 00:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/11/05 21:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/04/02 02:40:46 | 003,673,448 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014/10/28 01:34:02 | 000,322,176 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/05 01:01:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/30 15:18:06 | 001,911,312 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/06/01 07:31:08 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/06/01 07:31:06 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
[2014/11/23 22:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
[2016/02/28 10:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\v2bmvnc9.default-1456672828127\extensions
[2016/03/19 10:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000..\Run: [SmileboxTray] C:\Users\Mary\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D3FC4B-69AF-4811-9D01-DEE7B168B3D9}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{167059b2-0d3d-11e5-a812-5435302b9362}\Shell - "" = AutoRun
O33 - MountPoints2\{167059b2-0d3d-11e5-a812-5435302b9362}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{28e62253-2187-11e5-8650-5435302b9362}\Shell - "" = AutoRun
O33 - MountPoints2\{28e62253-2187-11e5-8650-5435302b9362}\Shell\AutoRun\command - "" = F:\VerizonWirelessUpgradeAssistantSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/03/20 01:17:44 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2016/03/19 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/03/17 14:30:02 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\GWX
[2016/03/16 14:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/03/16 14:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/03/16 14:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/03/16 13:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdwCleaner
[2016/03/09 13:44:38 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/03/09 13:44:38 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 13:44:38 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 13:44:38 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 13:44:38 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 13:44:38 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 13:44:38 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 13:44:37 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 13:44:37 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 13:44:37 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 13:44:37 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 13:44:37 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 13:44:37 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 13:44:37 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 13:44:37 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 13:44:37 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 13:44:37 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 13:44:37 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 13:44:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/09 13:44:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/09 13:44:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/09 13:44:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/09 13:44:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/03/09 13:44:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/03/09 13:44:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/03/09 13:44:16 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/03/09 13:44:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/03/09 13:44:15 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/03/09 13:44:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/03/09 13:44:13 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/09 13:44:13 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/09 13:44:13 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/09 13:44:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/03/09 13:44:12 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/03/09 13:44:12 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/03/09 13:44:10 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/03/09 13:44:10 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/03/09 13:44:09 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/03/09 13:44:09 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/03/09 13:44:09 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/03/09 13:43:30 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/03/09 13:43:29 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/03/09 13:43:19 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/03/09 13:43:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/03/09 13:43:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/03/09 13:43:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/09 13:43:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/09 13:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/09 13:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/03/09 13:43:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/03/09 13:43:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/03/09 13:43:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/03/09 13:43:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/03/09 13:43:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/09 13:43:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/09 13:43:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/03/09 13:43:15 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/03/09 13:43:15 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/03/09 13:43:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/03/09 13:43:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/03/09 13:42:55 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/09 13:42:54 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/09 13:42:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/03/09 13:42:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/09 13:42:49 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/09 13:42:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/03/09 13:42:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/03/09 13:42:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/03/09 13:42:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016/02/28 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\Old Firefox Data
[2016/02/20 23:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
[2016/02/20 23:59:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2016/02/20 23:47:19 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQL.dll
[2016/02/20 23:47:19 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQU.dll
[2016/02/20 23:47:19 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2016/02/20 17:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2016/02/20 17:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2 C:\Users\Mary\Documents\*.tmp files -> C:\Users\Mary\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/03/20 01:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/03/20 01:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/03/20 01:16:22 | 3133,427,712 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/16 14:24:54 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/03/10 15:24:17 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/03/10 15:24:17 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\Mary\Documents\*.tmp files -> C:\Users\Mary\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/03/16 14:24:54 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/02/20 23:47:19 | 000,063,744 | ---- | C] () -- C:\Windows\SysWow64\CNC1751D.TBL
[2014/05/03 16:15:07 | 000,000,034 | ---- | C] () -- C:\Users\Mary\VisualRoute-Path
[2014/04/22 13:47:19 | 000,019,049 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2014/04/22 11:37:02 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2014/04/22 11:37:02 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2014/04/22 11:37:02 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2014/01/14 19:44:21 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 01:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 01:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/11/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\AVG
[2015/06/23 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2015/11/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\AVG
[2015/06/23 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2016/02/17 00:34:06 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG
[2015/06/22 07:44:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\AVG2015
[2014/04/22 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\CheckPoint
[2014/03/04 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Leadertech
[2014/06/06 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\MailFrontier
[2014/04/08 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\OpenOffice
[2014/03/08 15:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\PCDr
[2015/11/30 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Smilebox
[2015/05/24 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\TuneUp Software
[2014/10/01 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

 

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 3/20/2016 1:27:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mary\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.31% Memory free
7.78 Gb Paging File | 5.61 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 366.48 Gb Free Space | 82.53% Space Free | Partition Type: NTFS
Drive Y: | 21.67 Gb Total Space | 11.59 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
 
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007996A6-C570-4C9E-BCC2-0714D11BF6DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{0165F5FE-C1C2-43F5-AEF1-82E936231DB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{02A214C2-2DA5-4BA7-9914-C6917FF3E151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{039B1928-FF16-4CA7-8852-F502EDCAA5B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{08620A6A-3086-4569-932B-74A6837F67C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BDFB379-2FDC-4138-8BC5-A1FCB3527442}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A843DE5-BF8E-428C-849D-97F9B6910899}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2651E1DD-E07F-4035-8896-F4ABD5A7CA12}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C7B9973-4170-46F8-ADA2-AEF9F0D07648}" = rport=10243 | protocol=6 | dir=out | app=system |
"{44CC65D0-1DBB-4C52-9D2C-A1D9E9150483}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E95DD83-1461-4F23-A68B-373E3DA1AC6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{64E42852-8655-42E2-81AE-36346E9E3FFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66177D9C-BE26-4930-8706-48FEE76C96C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6725AB7C-D7FA-49CC-8DD5-9A0E39F2BBDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D542DE4-4D12-4E67-A949-1CDF050089D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85AFBA15-E460-4D60-9851-44F08A31A8A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{956F3657-AB96-44F6-8A6F-2B3648FA78FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DCA40B9-C0EB-4849-926E-85595FE5CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A14E2910-8BBA-4B14-BB53-409B383288C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDB1700F-E337-40DB-AE44-85D57BCB94D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDCF60FA-BB65-4074-A84A-7351A30CBD0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF625DAD-7041-406C-B719-6E7C6E907F90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E17C39EB-369C-432A-A9AB-61D0CEA0DF90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECF85378-6F19-4D5C-8AA6-FD4A1EA65432}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3BD4DE9-56A8-4FC7-86FE-E315EF7838FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FF7DFA95-E3C0-4DA2-839C-6ABA39A2EE3C}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5EE1E4-C546-4644-ADC3-394C50C4B7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1F497782-7FAA-48D8-ACF4-3CFADD03622F}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{1FFCC843-4345-4D01-9EDC-7B49798FB41C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22006C4F-2D4B-433E-8033-EEF274FBB721}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2520833D-C4EA-4793-8CD5-24C0BAD038C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25A139CD-D9A3-4070-9117-4844F9E04D60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{2A8985CE-8D34-4152-9875-C328DBE67E02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30DBE1A1-7574-4F2F-8509-79B8AB8E2634}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{33926794-9962-40F1-9EA6-CD5FDDE7246D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{3A053704-D06D-43BF-8DC2-F039AE98E9EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B7A3127-AE7E-4F3D-A59A-4BBA493CAF48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{3CCB7CF4-C22E-47F9-BEDE-EA26DC3C6298}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4450C57C-4792-4D49-BD9E-EE3BDC21DB74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{4B46BFD3-F061-4A19-B535-4AA4A437705F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D7B3847-E437-41F2-AAC5-3A1BDBE90D57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52C4217D-8610-43C9-BE1C-EC5A95E7ABED}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{540CF6BB-52D8-4977-8250-BCB25044BFCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{579537E3-BEED-4DB2-97C2-32B29309016F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{653A8D91-7755-4B2E-93FD-DCFD0B2EFD70}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{6EAB48CE-C735-4337-B4DF-53E8CE3273B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{757095C4-4A42-4861-BBDE-52C63AD13543}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{85775E56-33D8-4076-8BC8-2889F14A4C2A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{86180E96-97B5-4D6C-A7FD-2170826AC796}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{861A3419-0D7A-4E24-94CD-4F1851C99882}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{87B4F387-5134-4564-B730-D4ECD46946F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{8B277DC5-FBBC-41BE-AFAC-1B4E5E0E4D59}" = protocol=1 | dir=in | [email protected],-28543 |
"{8B39BC96-60DB-42CC-9937-6924F7997F43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{8DB3B69E-7B54-4A62-A28F-FDA1E3F24783}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E54B279-24B2-49E8-A3F8-E65DF7A81E07}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{961D709D-0FBA-42E2-AD24-ECD4977F352B}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{9B38FD7F-4FF7-4489-B77C-6C9F5C4E6EA1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{9EA3C78B-1C53-4E12-AB45-4DE7B49F9524}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{A535F625-BAEA-4273-A97C-D018DD292540}" = protocol=58 | dir=in | [email protected],-28545 |
"{B08CFA63-CED6-4570-B8D0-D77AF2B316B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B5376A65-9CFF-4DEC-8E36-7B98742446E3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C7FCE1E3-9AF3-4E5A-8769-FAC4C8938D8A}" = protocol=6 | dir=out | app=system |
"{C8ADBBCE-F10E-4C9D-8BB1-72F3937052AB}" = protocol=1 | dir=out | [email protected],-28544 |
"{D2B415CB-783B-4A9C-B31F-BABFBC65366B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DF15D7F5-A00B-40A7-9FB6-727C25B9DE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E58E1A61-4602-4C04-8304-4E5B1F5173C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F28E8A91-7015-43E6-A24E-8734C59867B4}" = protocol=58 | dir=out | [email protected],-28546 |
"{F51B91F0-3AA1-420F-B3C1-C9C7DABA6691}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADCCBD-1101-41E4-9B03-A5690FFFA95E}" = ZoneAlarm Find My Laptop
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A121E1B-1E87-4F37-BC9C-F8D073047942}" = ZoneAlarm Security
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.15)
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)  MUI
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = Amped Wireless High Power Wireless-N Pro USB Adapter Driver
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 45.0.1 (x86 en-US)" = Mozilla Firefox 45.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VisualRoute" = VisualRoute
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3531111531-3042523129-2775233575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/27/2015 9:56:12 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/27/2015 10:04:30 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/27/2015 10:12:03 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 12:50:48 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 1:11:14 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 1:18:48 AM | Computer Name = Mary-PC | Source = Application Hang | ID = 1002
Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 108c    Start Time:
 01d0f9abffdca0a2    Termination Time: 60000    Application Path: UNKNOWN    Report Id: 2450d701-65a0-11e5-a31e-5435302b9362

 
Error - 9/28/2015 9:21:24 AM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 2:31:07 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 2:51:13 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/28/2015 3:25:38 PM | Computer Name = Mary-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 3/19/2016 10:38:00 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm AntiTheft service failed to start due to the following
 error:   %%2
 
Error - 3/19/2016 11:45:38 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm AntiTheft service failed to start due to the following
 error:   %%2
 
Error - 3/19/2016 11:46:05 AM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred.    Reported by component: Processor
 Core  Error Source: 3  Error Type: 9  Processor ID: 0    The details view of this entry contains
 further information.
 
Error - 3/19/2016 10:03:06 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7038
Description = The sppsvc service was unable to log on as NT AUTHORITY\NetworkService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 3/19/2016 10:03:06 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The Software Protection service failed to start due to the following
 error:   %%1069
 
Error - 3/19/2016 10:04:58 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm AntiTheft service failed to start due to the following
 error:   %%2
 
Error - 3/19/2016 10:05:14 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred.    Reported by component: Processor
 Core  Error Source: 3  Error Type: 9  Processor ID: 0    The details view of this entry contains
 further information.
 
Error - 3/19/2016 11:37:29 PM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm AntiTheft service failed to start due to the following
 error:   %%2
 
Error - 3/19/2016 11:37:42 PM | Computer Name = Mary-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred.    Reported by component: Processor
 Core  Error Source: 3  Error Type: 9  Processor ID: 0    The details view of this entry contains
 further information.
 
Error - 3/20/2016 2:16:57 AM | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm AntiTheft service failed to start due to the following
 error:   %%2
 
 
< End of report >

 

Share this post


Link to post
Share on other sites

Mary we are looking great just a little longer !

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL
Copy everthing in RED and Paste into the box in the OTL program !!
:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE - HKLM\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKLM\..\SearchScopes\{3B6B9E73-24EA-45EF-A963-BE15C41F8379}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
IE - HKU\S-1-5-21-3531111531-3042523129-2775233575-1000\..\SearchScopes,DefaultScope = {3B6B9E73-24EA-45EF-A963-BE15C41F8379}
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]


# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !
Thanks
Chuck

 

 

Share this post


Link to post
Share on other sites

If that OTL fix removes all them then we have one more program to remove all our programs & their logs from your computer,

if you find one not removed you can delete it manually !

We will wrap this up shortly !!

Thanks

Chuck

Share this post


Link to post
Share on other sites

Hi Mary,

Update Java Runtime

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.

[*]Please go here to install Java >>> http://www.java.com/en/

  [o]  click on the Free Java Download Button
  [o]  click on Agree and start Free download
  [o]  click on Run
  [o]  click on run again
  [o]  click on install
  [o]  when install is complete click on close

[*]Reboot your computer

 

========================

 

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

 

===================

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

[url= https://adblockplus.org/en/firefox] adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0