Jump to content

Search the Community

Showing results for tags 'Dll'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 21 results

  1. Hello, I'm working on my parent's computer. Thought I could do a couple of scans to help them. Laptop was running slow, had .dll error popups all the time, computer/printer both had trouble with going offline, found privacy settings all messed up. I'm infected - What do I do now? By AdvancedSetup, January 9, 2009 in Windows Malware Removal Help & Support So, I just read the post (above) which states to not use file cleaners with .dll issues. Hope I haven't made this too complicated. Here is what I've done today: Ran CC Cleaner, Avast anti-virus, Malwarebytes, AdwCleaner and Farbar recovery tool. That's when I searched for help on the .dll popups that are still showing. Results from the Farbar recover tool are below. You help is very appreciated!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019 Ran by RogerandCarolyn (administrator) on LAPTOP (SAMSUNG ELECTRONICS CO., LTD. 300E4C/300E5C/300E7C) (05-01-2020 17:39:47) Running from C:\Users\RogerandCarolyn\Downloads Loaded Profiles: UpdatusUser & RogerandCarolyn & Administrator (Available Profiles: UpdatusUser & RogerandCarolyn & Administrator) Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe (Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\RogerandCarolyn\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters). HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-06-09] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-29] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2017-09-09] ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (Creative Home) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0229FE54-7F8A-4BC6-8537-3DA5534C0EE6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {09F2290E-D290-4D75-968A-A01D57EC7484} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {169A8CEA-644B-4105-8DC0-8912C1B116B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1444144 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {20AC35B9-11EA-4A35-84C2-513D4DE19148} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {2F3E51CA-AC61-4F19-B47B-8B6BD8E9007E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {54674A86-B0C3-46F4-A94E-8F34D4E18DDB} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {54F80910-2D15-44F1-B969-89D3021B16C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {62FEA6D2-E391-48D0-B4FB-8C8B131ECBB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {73FDB1F2-1D92-442C-BB66-78A83C324646} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {7706032A-1383-4805-A3AE-E982C4F0FDED} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) Task: {77442580-C398-4990-9B8C-2C290E12D2A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {82094149-3D9B-4666-BAB6-9CECBAEF5B92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {8D7F7842-6FD8-4608-9824-A15C770F3697} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {A3DE6797-CD46-4EDB-94F5-D8639455F33E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {BF96A4F6-DAB9-4E14-9069-1049D93CF99E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C009E4B1-C0A2-4E49-BF0F-9FFDFCE44373} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) Task: {D4511157-15F2-40FF-AF0E-F0CDD3D20B9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {D60D7324-82FF-4B34-B28F-FCED0F591001} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) Task: {E69ECF15-7D26-4E30-945F-D56A5A286DF7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E8D9ACB5-F922-4BB3-9DBC-BA142B750476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) Task: {FCBBCA1C-EFA4-4C13-9F73-2042BB2B1042} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{66474192-536a-496c-b883-07f40842719c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{bffff08d-c055-465c-aa62-134bdd9f70fe}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://inebraska.com/ HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxps://outlook.live.com/owa/?path=/mail/inbox/rp","hxxps://www.facebook.com/","hxxps://www.facebook.com/melissa.dorpinghaus.1/media_set?set=a.10205317837064033.1073741840.1791145513&type=3" CHR DefaultSearchURL: Default -> hxxps://www.searchsecurepro.co/search.php?type=search&id=MTI4NzU&q={searchTerms} CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://auto.searchsecurepro.co/autocomplete.js?omni=true&appId=MTI4NzU&q={searchTerms} CHR Notifications: Default -> hxxps://justforchill.com; hxxps://search.hgetrecipes.com; hxxps://www.facebook.com; hxxps://www.yumrecipefinder.com CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default [2020-01-05] CHR Extension: (Slides) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Web) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhckedkghbciendefbknenmokkgcnfa [2019-11-28] CHR Extension: (Docs) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11] CHR Extension: (YouTube) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-11] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-22] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-25] CHR Extension: (Sheets) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (Avast Online Security) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-21] CHR Extension: (CouponViewer Add-On) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpabcakadbfmhiinljgodpkdeolfchlo [2019-10-01] CHR Extension: (Classic Blue) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-08-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-05] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-05] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-20] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-01-20] (AVAST Software s.r.o. -> The OpenVPN Project) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:29 - 2020-01-05 17:29 - 002272256 _____ (Farbar) C:\Users\RogerandCarolyn\Downloads\FRST64 (1).exe 2020-01-05 17:26 - 2020-01-05 17:26 - 000000000 ___HD C:\OneDriveTemp 2020-01-05 17:22 - 2020-01-05 17:22 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-05 17:22 - 2020-01-05 17:22 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-01-05 17:02 - 2020-01-05 17:04 - 008237744 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\adwcleaner_8.0.1.exe 2020-01-05 16:53 - 2020-01-05 16:53 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\cache 2020-01-05 16:48 - 2020-01-05 16:48 - 001883976 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\MBSetup.exe 2020-01-04 08:26 - 2020-01-04 08:26 - 000080475 _____ C:\Users\RogerandCarolyn\Documents\Merry Christmas and Happy 2020.pdf 2019-12-16 05:24 - 2019-12-16 05:24 - 000093629 _____ C:\Users\RogerandCarolyn\Downloads\Pics.zip 2019-12-15 17:16 - 2019-12-15 17:16 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:41 - 2019-10-28 11:54 - 000026134 _____ C:\Users\RogerandCarolyn\Downloads\FRST.txt 2020-01-05 17:40 - 2019-10-28 11:53 - 000000000 ____D C:\FRST 2020-01-05 17:33 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-05 17:27 - 2018-06-27 12:01 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\AVAST Software 2020-01-05 17:26 - 2016-02-06 15:02 - 000000000 ___RD C:\Users\RogerandCarolyn\OneDrive 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\UpdatusUser 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\Administrator 2020-01-05 17:22 - 2019-11-11 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-05 17:21 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-05 17:19 - 2015-03-29 17:30 - 000000000 ____D C:\Users\RogerandCarolyn\Desktop\PC Fixes (Julie) 2020-01-05 17:07 - 2014-10-16 18:41 - 000000000 ____D C:\AdwCleaner 2020-01-05 17:01 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-01-05 16:50 - 2019-08-04 16:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-01-05 16:50 - 2019-08-04 16:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-01-05 16:48 - 2018-01-30 07:50 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\Packages 2020-01-05 16:09 - 2019-08-04 17:24 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Computer Maintenance 2020-01-05 16:08 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-05 15:56 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-04 08:30 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Outlook Files 2019-12-31 06:08 - 2019-11-11 07:25 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2019-12-29 09:51 - 2019-11-11 07:26 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915191271-1565821320-4066514102-1002 2019-12-29 09:51 - 2019-11-11 07:25 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2019-12-29 09:51 - 2019-11-11 07:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-29 09:51 - 2019-11-11 07:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2019-12-29 09:51 - 2019-11-11 07:25 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-29 09:51 - 2019-11-11 07:25 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2019-12-29 09:51 - 2019-11-11 07:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2019-12-29 09:39 - 2019-11-11 06:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-12-23 06:17 - 2017-04-05 13:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-12-23 06:13 - 2018-04-04 03:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-12-21 05:42 - 2019-11-11 06:57 - 000000000 ____D C:\Users\RogerandCarolyn 2019-12-18 06:53 - 2017-02-11 12:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-12-17 09:41 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\F8CC88CE-444A-405B-B5DC-FF6B9FD95DFF.aplzod 2019-12-17 07:50 - 2017-03-26 01:09 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\ElevatedDiagnostics 2019-12-17 07:12 - 2018-02-10 14:05 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\PlaceholderTileLogoFolder 2019-12-15 17:41 - 2019-10-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther 2019-12-15 17:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-12-15 17:41 - 2018-06-27 13:34 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\CrashDumps 2019-12-15 17:39 - 2019-11-11 07:09 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-15 17:36 - 2013-01-16 19:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-15 17:35 - 2016-03-18 08:43 - 000000000 ___RD C:\Users\RogerandCarolyn\3D Objects 2019-12-15 17:32 - 2019-11-11 06:47 - 000537440 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-15 17:28 - 2017-04-05 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-15 17:24 - 2017-04-05 16:07 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-15 17:23 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-12-15 16:14 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-12-15 16:07 - 2017-02-11 14:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-12-15 15:20 - 2019-11-11 07:25 - 000004294 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update ==================== Files in the root of some directories ======== 2018-06-27 13:06 - 2018-06-27 13:06 - 000007628 _____ () C:\Users\RogerandCarolyn\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== ------------------------------------------------------------------------------------------------------------------------------------------------------ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by RogerandCarolyn (05-01-2020 17:43:32) Running from C:\Users\RogerandCarolyn\Downloads Windows 10 Home Version 1903 18362.535 (X64) (2019-11-11 13:27:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-915191271-1565821320-4066514102-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-915191271-1565821320-4066514102-503 - Limited - Disabled) Guest (S-1-5-21-915191271-1565821320-4066514102-501 - Limited - Disabled) RogerandCarolyn (S-1-5-21-915191271-1565821320-4066514102-1002 - Administrator - Enabled) => C:\Users\RogerandCarolyn UpdatusUser (S-1-5-21-915191271-1565821320-4066514102-1001 - Limited - Enabled) => C:\Users\UpdatusUser WDAGUtilityAccount (S-1-5-21-915191271-1565821320-4066514102-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software) Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Hallmark Print Studio (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.1.10 - Creative Home) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.) HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden Packages: ========= Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [2019-10-23] (eyeo GmbH) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-16] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-22] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\RogerandCarolyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a253f58d8885b1\Adblock Plus - free ad blocker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cfhdojbkjhnklbpkdaibdccddilifddb ==================== Loaded Modules (Whitelisted) ============= 2018-06-09 11:07 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll 2019-03-24 06:24 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-02-03 19:25 - 2019-01-04 12:06 - 000000833 _____ C:\WINDOWS\system32\drivers\etc\hosts 2017-11-24 07:57 - 2017-11-24 08:02 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RogerandCarolyn\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg HKU\S-1-5-21-915191271-1565821320-4066514102-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B85FB4F1-652C-4F51-BC88-906444C1B106}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2FC7D647-01ED-459A-99CD-232F4B8092B4}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{0E52EBE8-CF58-4ECB-96EA-BF3FB3C8B2CA}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{A74FB5AF-1697-42E8-A9B4-72FAF368CC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F39B3152-559E-41A2-A457-7D30288BE67C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{32B9E7A8-A7D4-4694-9261-43B1291FAFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5CDCF021-BE3C-40E3-AF16-5122300471E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C1268FE7-A3B6-41FF-8D8D-124CBFBE9A8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DC9ABA8A-8F06-4868-8519-4C114298CCE7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{40D6534E-5B8C-4E5B-87D0-65840E8C371E}] => (Allow) LPort=5357 FirewallRules: [{D26D81C3-C41C-40CA-B327-8281965DC3B2}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{EAB14282-B89B-4BFD-9BCF-96B0DDCCDE8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 13-12-2019 09:32:41 Scheduled Checkpoint 15-12-2019 16:46:43 Removed HP Dropbox Plugin 23-12-2019 07:38:11 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/05/2020 05:43:36 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:27:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.449, time stamp: 0xd42474b6 Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea Exception code: 0xc0000005 Fault offset: 0x000000000019f64b Faulting process id: 0xaf0 Faulting application start time: 0x01d5c41f03424ae8 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll Report Id: 28891c56-6d86-4ebd-9068-7f20283dbe3d Faulting package full name: Faulting package-relative application ID: Error: (01/05/2020 05:10:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5172,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:01:11 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 04:25:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 28144 and the required size was 33408. Error: (01/05/2020 04:00:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x0000000000000204 Faulting process id: 0x23a4 Faulting application start time: 0x01d5c4137559b351 Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe Faulting module path: unknown Report Id: cbf7c28b-843a-460d-83f9-418cab5a1f61 Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Laptop.local already in use; will try Laptop-2.local instead Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Laptop.local. AAAA FE80:0000:0000:0000:6C2D:A807:C972:C9D0 System errors: ============= Error: (01/05/2020 05:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.1778.0). Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED5875F-5DC0-11E4-B843-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED58760-5DC0-11E4-8336-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:12:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CleanupPSvc service. Windows Defender: =================================== Date: 2020-01-02 08:22:42.325 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7F0F726A-B4E5-46A6-AA8E-B02A0F6B94FA} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-29 07:25:15.491 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.1352.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2020-01-05 17:39:00.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:39:00.378 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.235 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Phoenix Technologies Ltd. P09RAP 11/01/2013 Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP300E5C-A06US Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz Percentage of memory in use: 64% Total physical RAM: 3795.54 MB Available physical RAM: 1333.53 MB Total Virtual: 5011.54 MB Available Virtual: 2547.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:272.54 GB) (Free:227.84 GB) NTFS \\?\Volume{d56f1b01-047a-4f3c-9a45-8a1882843cc6}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS \\?\Volume{8e1dffc5-821a-4ebc-bcc5-4ba3091fc763}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS \\?\Volume{51cb7d1c-3d4c-4c1b-b9f0-972755c35fe9}\ (SAMSUNG_REC2) (Fixed) (Total:23.15 GB) (Free:1.1 GB) NTFS \\?\Volume{347b6fb9-62bc-4bd7-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.27 GB) FAT32 \\?\Volume{d68c5adc-790b-48a8-8648-2585bfbbb17e}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 467FC636) Partition: GPT. ==================== End of Addition.txt =======================
  2. I have been using Cute FTP for years, and now out of nowhere I am getting the following error message when I try to launch the program... System error - RichEdit initialization failed. Please make sure that the latest RichEdit libraries are present. Google searches are no help. No two sites suggest the same solution, and there seems to be no simple straight forward solution. Any ideas or help would be greatly appreciated. I am running Windows 10 Professional. My computer is a laptop purchased about six months ago. This is the first time I have tried it since about August, I believe, and it worked fine then.
  3. Hello, malwarebytes users i have one problem with virus I hope someone can help me. The problem is the following "I have other viruses too, but they are not a problem" The problem is the virus I got a few days ago I'm not a malware analyst or anything like that but I managed to connect these viruses svghost.exe, mserver.exe and usp20.dll this files make other files and changes in registry i delete it but they back after i restart my pc, including registry I scanned them with malwarebytes some detect as viruses and remove but after restart, they come back again I see they use 100% CPU I guess It's a miner But I'm not sure. If anyone can help me solve this, I would be very appreciate.
  4. Even after finish cleaning with MalwareBytes (user ver.) SppExtComObjHook.dll still restart at windows startup Is SppExtComObjHook.dll dangerous ? How to remove it completely ?
  5. I've been struggling with malware that keeps coming back to my Windows install. This Windows install is not clean because I haven't had the need to use it since I use Debian as my main OS This is the second time I do a Windows restore since everytime I try to clean dlls the system breaks down I've used malwarebytes, spybot search and destroy and I get a clean analysis so I tried to use boot up recovery disks, sfc /scannow and lastly "Unhack me" where I could see the suspicious files but manually since the programs above trust all "Trusted installer " signed files and processes, after that I used SVChostanalyzer and Security Task Manager and realized suspicious instructions inside of wininit.exe, services.exe, lsass.exe ,one of them being a on purpose BSOD when you kill a certain process so that the rootkit can backup itself, another being a programmed memory.dmp creation instruction and as usually many instances of svchost.exe are not a good sign. I uploaded two of these files to Hybrid-Analysis (online sandbox analyzer) ; svchost.exe Which showed header timestamps into the future (2050) and forged Microsoft signatures Inside of lsass.exe I found TCP connections an Ip which seems to be part of Akamai-Technologies I already know that the best option is to make a clean and secure install in this partition but I wanted to know if this is could possibly be work of an enteprise stealing data or just maybe someone who is playing with tools and tunneling this to that Ip, I would gladly receive any counsel, comment or help for this issue if there was any to kill this malware without the cleanup. Thanks svchost.txt lsass.txt
  6. I've been using MBAM Premium 3.0.6 on Windows 10. Today I downloaded and installed ARW beta 8 from the Malwarebytes site . The version showed as 0.9.17.661. ARW appeared in my ProgramFiles folder but when I tried to start it, I got the message "Unable to start - unable to connect to Service". I also found that my MBAM Premium would not open after installing ARW. I tried to uninstall ARW, and that seemed to work, but MBAM still won't start. I get the error that three dll's are missing. Thos dll's are - IPHLPAPI.dll - MPR.dll - and NETAPI32.dll - all with the recommendation that I should "reinstall the program". Which program does this instruction refer to - MBAM itself, or the individual dll's? And if it's the dll's, where do I find these?
  7. Hi people, thanks for the help. Well, everthing was fine just a few days ago, when some programs ( four until now) stop working. The first one was Razer Synapse (doesnt open), after Battle.net ( blizzard one, it opens but doesnt connect with internet), overwatch ( doesnt connect with internet) and geforce experience ( doesnt open). I already try to scan with windows 10 antivirus, eset online, malwarebyte 3.0 and the sfc /scannow ( it stops in 80% with "the operation cannot be executed"). I try to fix some HD (?) errors running the repair in disk :C, it found an error in disk C, repairs, but the error keep showing. mb3.txt Addition.txt FRST.txt
  8. Hi I have a issue. Malware bytes does not work together with Sophos AV. I followed the tutorial on your forum how to make them work together but it does not Work. I still cannot browse in any browser after i installed MWB and sophos together on one system. https://support.malwarebytes.com/customer/en/portal/articles/2477531-configuring-exclusions-with-sophos-antivirus-and-malwarebytes-anti-malware?b_id=6438 I am Using Windows 10 So i deinstalled MWB. But after deinstalling i have two files sitting in my programs folder which can NOT be deleted as i do not have rights to those. Nor can i take the rights of the folders and files. I want to get rid of these as they are leftovers from a MWB install and not needed anymore. How to delete them? I do not want to reinstall my pc again because of this. Please provide a cleanup program that takes care of this. See attachment. Thanks !
  9. I had a problem earlier, I couldn't click on anything so I tried to fix it and it was fixed! But now I have a bad image error constantly popping up and I really need assistance !!!
  10. Hi recently I installed a copy of cdrwin from my friend, and part of the instructions for installing was replacing EmRegSys.Dll with a edited version provided, so I found the DLL and replaced it later I saw another text file which said the program came from a cracked source which really annoyed me, because I don't know if the emregsys.dll I replace the system copy with could of been a virus, I did some googling and found that EMRegSys.dll is a virus and only SpyHunter can take care of it, unfortunately after some more researching I found SpyHunter to be a really abusive software. So I scanned my system with MalwareBytes(Free) and Avira(Free) which found nothing, I am thinking of replacing emregsys.dll with a copy on my mums window 8 computer, is this safe? I really feel like a idiot for copying over what could of been a cracked emregsys.dll and replacing the legit one, that's my fault for thinking the program was already payed for, when I should'nt get it of someone but buy it myself where I know I'm getting a legit version. If you can help set my mind at ease that would be great, Thank You
  11. Please help! After running MBAM on a Win7 32-bit workstation suspected of having malware, I'm now getting the following attached dialog box before almost every program I run for the first time. Clicking OK runs the app and it appears to be just fine, but I've scoured the internet and can't get rid of this no matter what I try. For those that can't see the attachment, the titlebar is: [program name] - Bad Image c:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\umpo.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. I've tried the following: MalwareBytes Anti-Malware ADWCleaner HiJackThis! NOD32 Thanks in advance for your prompt support! FRST.txt Addition.txt
  12. Hi I am having a problem with a run dll box that keeps popping up specifically it says C:\user default ~1.Def\AppData\local\arcade~1\aghelp.dll I red a post in this forum: https://forums.malwarebytes.org/index.php?/topic/163922-geniusbox-removed-and-run-dll-keeps- popping-up-help-please/ but the solution sounds like it is system specific and the topic is closed. I tried to search the site to find more post but was unsuccessful. Can you point me in the right direction to get help. I have run mal ware bytes.I use Lavasoft Adware Anti virus I am running windows 7 service pack 1. If this is not the right way to go about getting help again please point me in the right direction. Thanks
  13. Sorry I also had trouble pasting logs. Thanks in advance Matt FRST.txt Addition.txt
  14. Greetings, My MBAM flagged user32.dll as a threat but I didn't want to delete it since it seems like an integral system file Cheers, Frank Logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.51.2 Run by Win at 2:10:13 on 2014-04-03 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16268.11911 [GMT 1:00] . AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\ASRock\XFast LAN\spd.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\Win\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll uRun: [ASRockXTU] <no file> mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61} : DHCPNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\4514C4B44514C4B4D2231324133303 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{EEC8F26E-177A-47FC-A71A-1AC89A558E61}\6796277696E6D65646961633235363236373 : DHCPNameServer = 194.168.4.100 194.168.8.100 AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll SSODL: WebCheck - <orphaned> x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 validation.sls.microsoft.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\3hl3da3n.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Users\Win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760] R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-6-10 31016] R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-1-25 116000] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-10 16152] R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-1-25 1120032] R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-1-25 183224] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-1-25 161568] R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-1-25 117024] R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-6-10 17192] R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-6-10 15936] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-10 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-10 131544] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-10 169432] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-11 418376] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-1-25 367200] R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-6-12 1918976] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-6-10 59392] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-6-10 84608] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-10 331264] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-10 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-10 787736] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29280] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-11 25928] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-9-16 32344] R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2014-2-5 75592] R4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-1-25 3873784] R4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735112] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2013-1-14 356128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-11 701512] S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-6-12 32320] S3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536] S3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536] S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-10-14 121416] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-22 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-14 31800] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-10 1255736] . =============== Created Last 30 ================ . 2014-03-31 21:58:06 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2014-03-17 20:27:21 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared 2014-03-14 13:40:35 -------- d-----w- C:\Users\Win\AppData\Local\VS Revo Group 2014-03-14 13:40:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2014-03-14 13:40:31 -------- d-----w- C:\ProgramData\VS Revo Group 2014-03-14 13:40:30 -------- d-----w- C:\Program Files\VS Revo Group 2014-03-12 18:33:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-03-12 18:33:18 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 18:33:17 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 18:33:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 18:33:17 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-03-12 18:33:17 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-03-12 18:32:54 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 18:32:54 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll . ==================== Find3M ==================== . 2014-03-18 21:23:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-18 21:23:00 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-18 22:47:41 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-02-01 09:18:25 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-01-25 22:21:44 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2014-01-25 22:21:42 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys 2014-01-25 22:21:41 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys 2014-01-25 22:21:41 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys 2014-01-25 22:21:38 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys 2014-01-25 22:21:36 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys 2014-01-25 22:21:36 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys 2014-01-25 22:21:35 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll 2014-01-03 22:44:58 6574592 ----a-w- C:\Windows\System32\mstscax.dll . ============= FINISH: 2:10:28.72 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 10/06/2013 13:42:57 System Uptime: 02/04/2014 06:29:12 (20 hours ago) . Motherboard: ASRock | | Z77 Extreme6 Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 156.204 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: A0NYK206 IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: A0NYK206 IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: anewdz9q . ==== System Restore Points =================== . RP164: 31/03/2014 22:58:13 - Device Driver Package Install: Elaborate Bytes AG Storage controllers RP166: 31/03/2014 23:00:45 - Revo Uninstaller Pro's restore point - Fraps (remove only) RP168: 02/04/2014 17:28:10 - Revo Uninstaller Pro's restore point - . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Acrobat.com Acronis True Image 2014 Adobe AIR Adobe Flash Player 12 Plugin Adobe Photoshop CS6 Adobe Premiere Pro CC Adobe Reader XI (11.0.06) Adobe Update Management Tool Age of Empires II: HD Edition Age of Empires® III: Complete Collection AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Asmedia ASM106x SATA Host Controller Driver ASRock App Charger v1.0.6 ASRock eXtreme Tuner v0.1.183 ASRock InstantBoot v1.29 ASRock Restart to UEFI v1.0.1 ASRock XFast RAM v2.0.9 µTorrent Audacity 2.0.5 Broadcom NetLink Controller Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CloneCD Content Transfer CPUID HWMonitor 1.24 D3DX10 Defraggler Empire Earth Etron USB3.0 Host Controller FLAC 1.2.1b (remove only) foobar2000 v1.3.1 GameRanger Geeks3D.com FurMark 1.9.2 HandBrake 0.9.9.1 ImgBurn Intel® Control Center Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 51 Java Auto Updater Junk Mail filter update Kaspersky Anti-Virus 2013 LAME v3.99.3 (for Windows) Live 8.2.2 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4.5.1 Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Monkey's Audio MotioninJoy Gamepad tool 0.7.1001 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.57 MpcStar 5.4 MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 NeoEE_Open Test OCCT 4.4.0 Origin PDF Settings CS6 PFPortChecker 1.0.39 Photo Common PunkBuster Services Realtek High Definition Audio Driver Revo Uninstaller Pro 3.0.8 Rising Storm Beta Rising Storm/Red Orchestra 2 Multiplayer Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Spotify Steam TeamSpeak 3 Client The Elder Scrolls Online Beta TigerGame Superjoy Box Series Total War: ROME II TP-LINK TL-WN821N_WN822N Driver Twin USB Vibration Gamepad Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) UserTesting.com Recorder Plugin VIRTU MVP 2.1.114 VirtualCloneDrive Visual Studio 2010 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.3 XFast LAN v6.61 XFastUSB . ==== Event Viewer Messages From Past Week ======== . 02/04/2014 12:21:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service. 01/04/2014 23:06:10, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 01/04/2014 13:14:13, Error: Service Control Manager [7043] - The Acronis Sync Agent Service service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================
  15. Hello Guys. Im currently trying to install malwarebytes in a Windows Server 2012 Core (my own server). But when i have installed it, and open mbam.exe it says that its missing a MSVBVM60.DLL... this is not normally a problem to add this to the installation folder, but is there an easy way to install mbam on a Windows Server Core? (image attached)
  16. Just got a Quarentine notification about C:\Program Files (x86)\Extensis\Suitcase Fusion 4\Interop.SHDocVw.dll saying that it was a Trojan.Agent logs.zip
  17. Hello. Recently, whenever I log into my account on my computer, I receive a system error saying "Could not load C:\Users\Jonah\AppData\Local\ATI\APPS\dhzixr.dll" I researched this, and figured out that dhzixr.dll is a malicious file, and most likely Malwarebytes went ahead and deleted it during the scan. However, the malware that I seem to have been infected with must have added the dll to my registry right after Malwarebytes got to it. In my ATI folder, I do not have an APPS folder. I was almost thinking of creating a new folder, and creating an empty file called dhzixr.dll to stop the warning prompt on each log in, but I wanted to solve the problem, not cover it up. My computer is Win7, it's a shared computer and this warning does not happen on anyone else's account on this computer. So, I'm here to ask you guys what is the smartest thing to do? Remove the dll from my registry(Never used regedit.exe, I would need help with this)? Do a special type of scan? Spam some other forum with my problems? Any help would be appreciated, If you need anymore information and/or specs I would be happy to supply them. Thank you and have a nice day.
  18. Hello, Recently my MB detected a trojan, named "FlashlK.dll". I do not want to permenantly remove a file if I am unsure of whether or not it is a false positive - I read on another topic that this same issue had been investigated and was a false positive, but it has supposedly been fixed in an update. My MB is up to date, so I am unsure what to do next. Can anyone help? Thanks, -Rmac
  19. I was told to come here and post, this is the original message: Hello all, I have recently gotten the following errors and I don't know how. I have done a malwarebytes scan and it found 1 i think 7 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9. The following error comes up when i boot my computer and I get 2 little boxes that state the following: compntui64.dll c:\users\MYNAME\appdata\local\temp\iscskeys.dll I have seen online that there are scan systems to fix these but I tried to download a fixcleaner.com and it wont download for me, also it clears my history and shuts down my comp with a blue screen and restarts it and I lose the saved usernames and passwords and now trying to use google.com every search I do i get this... Error Refferer If i do a system restore would that help? Any good scans I could download for free and fix this myself once in a while my IE will say an error has occured and needs to reopen the tab. Thanks for any help. ****also i deleted QUICKTIME PLAYER because i thought that was the problem and it wasnt and i need it for a website,... is it ok to re-install quicktime?*** *******I DID A QUICK SCAN AND GOT THE FOLLOWING REPORT******** URGENT! You must restart your system to remove all active threats properly. Click Yes to restart now. ( i have done this AFTER I finish this post) --also i changed my name on the files to NAME as I dont want my name all over the forum--- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.27.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 NAME :: NAME-PC [administrator] 5/30/2012 9:26:41 PM mbam-log-2012-05-30 (21-26-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214826 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Detected: 2 C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> 2960 -> Delete on reboot. C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> 4524 -> Delete on reboot. Memory Modules Detected: 1 C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ICMPrinter (Trojan.Agent.SZ) -> Data: "C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe" /u -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{341509DC-CA89-03E9-E5EE-63E3B109C582} (Trojan.Birele) -> Data: C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmsttugc (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll",CreateProcessNotify -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 9 C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> Delete on reboot. C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> Delete on reboot. C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot. C:\Users\NAME\AppData\Local\Temp\k8h0pp.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully. C:\Users\NAME\AppData\Local\Temp\uoepougjrudefv.exe (Trojan.Agent.SZ) -> Quarantined and deleted successfully. C:\Users\NAME\AppData\Local\Temp\~!#755D.tmp (Trojan.Birele) -> Quarantined and deleted successfully. C:\Users\NAME\AppData\Local\Temp\~!#AB53.tmp (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\NAME\AppData\Local\Temp\~!#B352.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\NAME\AppData\Local\Temp\~!#B641.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully. (end) ok I am back after a restart and I still get this... error saying it has a problem starting up... compntui64.dll ALSO it doesn not save any of my browser history,... this includes passwords with what i want to keep stored as well, like here I came back and it had no malwarebytes forum in the main URL bar and I had to sign in here as well.
  20. Hello all, I have recently gotten the following errors and I don't know how. I have done a malwarebytes scan and it found 1 i think 7 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9. The following error comes up when i boot my computer and I get 2 little boxes that state the following: compntui64.dll c:\users\MYNAME\appdata\local\temp\iscskeys.dll I have seen online that there are scan systems to fix these but I tried to download a fixcleaner.com and it wont download for me, also it clears my history and shuts down my comp with a blue screen and restarts it and I lose the saved usernames and passwords and now trying to use google.com every search I do i get this... Error Refferer If i do a system restore would that help? Any good scans I could download for free and fix this myself once in a while my IE will say an error has occured and needs to reopen the tab. Thanks for any help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.