Jump to content

Search the Community

Showing results for tags 'dll'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. Hello, I'm working on my parent's computer. Thought I could do a couple of scans to help them. Laptop was running slow, had .dll error popups all the time, computer/printer both had trouble with going offline, found privacy settings all messed up. I'm infected - What do I do now? By AdvancedSetup, January 9, 2009 in Windows Malware Removal Help & Support So, I just read the post (above) which states to not use file cleaners with .dll issues. Hope I haven't made this too complicated. Here is what I've done today: Ran CC Cleaner, Avast anti-virus, Malwarebytes, AdwCleaner and Farbar recovery tool. That's when I searched for help on the .dll popups that are still showing. Results from the Farbar recover tool are below. You help is very appreciated!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019 Ran by RogerandCarolyn (administrator) on LAPTOP (SAMSUNG ELECTRONICS CO., LTD. 300E4C/300E5C/300E7C) (05-01-2020 17:39:47) Running from C:\Users\RogerandCarolyn\Downloads Loaded Profiles: UpdatusUser & RogerandCarolyn & Administrator (Available Profiles: UpdatusUser & RogerandCarolyn & Administrator) Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe (Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\RogerandCarolyn\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters). HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-06-09] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-29] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2017-09-09] ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (Creative Home) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0229FE54-7F8A-4BC6-8537-3DA5534C0EE6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {09F2290E-D290-4D75-968A-A01D57EC7484} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {169A8CEA-644B-4105-8DC0-8912C1B116B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1444144 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {20AC35B9-11EA-4A35-84C2-513D4DE19148} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {2F3E51CA-AC61-4F19-B47B-8B6BD8E9007E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {54674A86-B0C3-46F4-A94E-8F34D4E18DDB} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {54F80910-2D15-44F1-B969-89D3021B16C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {62FEA6D2-E391-48D0-B4FB-8C8B131ECBB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {73FDB1F2-1D92-442C-BB66-78A83C324646} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {7706032A-1383-4805-A3AE-E982C4F0FDED} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) Task: {77442580-C398-4990-9B8C-2C290E12D2A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {82094149-3D9B-4666-BAB6-9CECBAEF5B92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {8D7F7842-6FD8-4608-9824-A15C770F3697} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {A3DE6797-CD46-4EDB-94F5-D8639455F33E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {BF96A4F6-DAB9-4E14-9069-1049D93CF99E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C009E4B1-C0A2-4E49-BF0F-9FFDFCE44373} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) Task: {D4511157-15F2-40FF-AF0E-F0CDD3D20B9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {D60D7324-82FF-4B34-B28F-FCED0F591001} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) Task: {E69ECF15-7D26-4E30-945F-D56A5A286DF7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E8D9ACB5-F922-4BB3-9DBC-BA142B750476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) Task: {FCBBCA1C-EFA4-4C13-9F73-2042BB2B1042} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{66474192-536a-496c-b883-07f40842719c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{bffff08d-c055-465c-aa62-134bdd9f70fe}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://inebraska.com/ HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxps://outlook.live.com/owa/?path=/mail/inbox/rp","hxxps://www.facebook.com/","hxxps://www.facebook.com/melissa.dorpinghaus.1/media_set?set=a.10205317837064033.1073741840.1791145513&type=3" CHR DefaultSearchURL: Default -> hxxps://www.searchsecurepro.co/search.php?type=search&id=MTI4NzU&q={searchTerms} CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://auto.searchsecurepro.co/autocomplete.js?omni=true&appId=MTI4NzU&q={searchTerms} CHR Notifications: Default -> hxxps://justforchill.com; hxxps://search.hgetrecipes.com; hxxps://www.facebook.com; hxxps://www.yumrecipefinder.com CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default [2020-01-05] CHR Extension: (Slides) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Web) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhckedkghbciendefbknenmokkgcnfa [2019-11-28] CHR Extension: (Docs) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11] CHR Extension: (YouTube) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-11] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-22] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-25] CHR Extension: (Sheets) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (Avast Online Security) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-21] CHR Extension: (CouponViewer Add-On) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpabcakadbfmhiinljgodpkdeolfchlo [2019-10-01] CHR Extension: (Classic Blue) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-08-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-05] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-05] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-20] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-01-20] (AVAST Software s.r.o. -> The OpenVPN Project) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:29 - 2020-01-05 17:29 - 002272256 _____ (Farbar) C:\Users\RogerandCarolyn\Downloads\FRST64 (1).exe 2020-01-05 17:26 - 2020-01-05 17:26 - 000000000 ___HD C:\OneDriveTemp 2020-01-05 17:22 - 2020-01-05 17:22 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-05 17:22 - 2020-01-05 17:22 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-01-05 17:02 - 2020-01-05 17:04 - 008237744 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\adwcleaner_8.0.1.exe 2020-01-05 16:53 - 2020-01-05 16:53 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\cache 2020-01-05 16:48 - 2020-01-05 16:48 - 001883976 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\MBSetup.exe 2020-01-04 08:26 - 2020-01-04 08:26 - 000080475 _____ C:\Users\RogerandCarolyn\Documents\Merry Christmas and Happy 2020.pdf 2019-12-16 05:24 - 2019-12-16 05:24 - 000093629 _____ C:\Users\RogerandCarolyn\Downloads\Pics.zip 2019-12-15 17:16 - 2019-12-15 17:16 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:41 - 2019-10-28 11:54 - 000026134 _____ C:\Users\RogerandCarolyn\Downloads\FRST.txt 2020-01-05 17:40 - 2019-10-28 11:53 - 000000000 ____D C:\FRST 2020-01-05 17:33 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-05 17:27 - 2018-06-27 12:01 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\AVAST Software 2020-01-05 17:26 - 2016-02-06 15:02 - 000000000 ___RD C:\Users\RogerandCarolyn\OneDrive 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\UpdatusUser 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\Administrator 2020-01-05 17:22 - 2019-11-11 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-05 17:21 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-05 17:19 - 2015-03-29 17:30 - 000000000 ____D C:\Users\RogerandCarolyn\Desktop\PC Fixes (Julie) 2020-01-05 17:07 - 2014-10-16 18:41 - 000000000 ____D C:\AdwCleaner 2020-01-05 17:01 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-01-05 16:50 - 2019-08-04 16:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-01-05 16:50 - 2019-08-04 16:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-01-05 16:48 - 2018-01-30 07:50 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\Packages 2020-01-05 16:09 - 2019-08-04 17:24 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Computer Maintenance 2020-01-05 16:08 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-05 15:56 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-04 08:30 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Outlook Files 2019-12-31 06:08 - 2019-11-11 07:25 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2019-12-29 09:51 - 2019-11-11 07:26 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915191271-1565821320-4066514102-1002 2019-12-29 09:51 - 2019-11-11 07:25 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2019-12-29 09:51 - 2019-11-11 07:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-29 09:51 - 2019-11-11 07:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2019-12-29 09:51 - 2019-11-11 07:25 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-29 09:51 - 2019-11-11 07:25 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2019-12-29 09:51 - 2019-11-11 07:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2019-12-29 09:39 - 2019-11-11 06:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-12-23 06:17 - 2017-04-05 13:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-12-23 06:13 - 2018-04-04 03:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-12-21 05:42 - 2019-11-11 06:57 - 000000000 ____D C:\Users\RogerandCarolyn 2019-12-18 06:53 - 2017-02-11 12:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-12-17 09:41 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\F8CC88CE-444A-405B-B5DC-FF6B9FD95DFF.aplzod 2019-12-17 07:50 - 2017-03-26 01:09 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\ElevatedDiagnostics 2019-12-17 07:12 - 2018-02-10 14:05 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\PlaceholderTileLogoFolder 2019-12-15 17:41 - 2019-10-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther 2019-12-15 17:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-12-15 17:41 - 2018-06-27 13:34 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\CrashDumps 2019-12-15 17:39 - 2019-11-11 07:09 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-15 17:36 - 2013-01-16 19:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-15 17:35 - 2016-03-18 08:43 - 000000000 ___RD C:\Users\RogerandCarolyn\3D Objects 2019-12-15 17:32 - 2019-11-11 06:47 - 000537440 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-15 17:28 - 2017-04-05 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-15 17:24 - 2017-04-05 16:07 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-15 17:23 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-12-15 16:14 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-12-15 16:07 - 2017-02-11 14:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-12-15 15:20 - 2019-11-11 07:25 - 000004294 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update ==================== Files in the root of some directories ======== 2018-06-27 13:06 - 2018-06-27 13:06 - 000007628 _____ () C:\Users\RogerandCarolyn\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== ------------------------------------------------------------------------------------------------------------------------------------------------------ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by RogerandCarolyn (05-01-2020 17:43:32) Running from C:\Users\RogerandCarolyn\Downloads Windows 10 Home Version 1903 18362.535 (X64) (2019-11-11 13:27:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-915191271-1565821320-4066514102-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-915191271-1565821320-4066514102-503 - Limited - Disabled) Guest (S-1-5-21-915191271-1565821320-4066514102-501 - Limited - Disabled) RogerandCarolyn (S-1-5-21-915191271-1565821320-4066514102-1002 - Administrator - Enabled) => C:\Users\RogerandCarolyn UpdatusUser (S-1-5-21-915191271-1565821320-4066514102-1001 - Limited - Enabled) => C:\Users\UpdatusUser WDAGUtilityAccount (S-1-5-21-915191271-1565821320-4066514102-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software) Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Hallmark Print Studio (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.1.10 - Creative Home) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.) HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden Packages: ========= Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [2019-10-23] (eyeo GmbH) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-16] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-22] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\RogerandCarolyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a253f58d8885b1\Adblock Plus - free ad blocker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cfhdojbkjhnklbpkdaibdccddilifddb ==================== Loaded Modules (Whitelisted) ============= 2018-06-09 11:07 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll 2019-03-24 06:24 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-02-03 19:25 - 2019-01-04 12:06 - 000000833 _____ C:\WINDOWS\system32\drivers\etc\hosts 2017-11-24 07:57 - 2017-11-24 08:02 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RogerandCarolyn\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg HKU\S-1-5-21-915191271-1565821320-4066514102-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B85FB4F1-652C-4F51-BC88-906444C1B106}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2FC7D647-01ED-459A-99CD-232F4B8092B4}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{0E52EBE8-CF58-4ECB-96EA-BF3FB3C8B2CA}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{A74FB5AF-1697-42E8-A9B4-72FAF368CC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F39B3152-559E-41A2-A457-7D30288BE67C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{32B9E7A8-A7D4-4694-9261-43B1291FAFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5CDCF021-BE3C-40E3-AF16-5122300471E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C1268FE7-A3B6-41FF-8D8D-124CBFBE9A8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DC9ABA8A-8F06-4868-8519-4C114298CCE7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{40D6534E-5B8C-4E5B-87D0-65840E8C371E}] => (Allow) LPort=5357 FirewallRules: [{D26D81C3-C41C-40CA-B327-8281965DC3B2}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{EAB14282-B89B-4BFD-9BCF-96B0DDCCDE8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 13-12-2019 09:32:41 Scheduled Checkpoint 15-12-2019 16:46:43 Removed HP Dropbox Plugin 23-12-2019 07:38:11 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/05/2020 05:43:36 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:27:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.449, time stamp: 0xd42474b6 Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea Exception code: 0xc0000005 Fault offset: 0x000000000019f64b Faulting process id: 0xaf0 Faulting application start time: 0x01d5c41f03424ae8 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll Report Id: 28891c56-6d86-4ebd-9068-7f20283dbe3d Faulting package full name: Faulting package-relative application ID: Error: (01/05/2020 05:10:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5172,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:01:11 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 04:25:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 28144 and the required size was 33408. Error: (01/05/2020 04:00:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x0000000000000204 Faulting process id: 0x23a4 Faulting application start time: 0x01d5c4137559b351 Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe Faulting module path: unknown Report Id: cbf7c28b-843a-460d-83f9-418cab5a1f61 Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Laptop.local already in use; will try Laptop-2.local instead Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Laptop.local. AAAA FE80:0000:0000:0000:6C2D:A807:C972:C9D0 System errors: ============= Error: (01/05/2020 05:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.1778.0). Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED5875F-5DC0-11E4-B843-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED58760-5DC0-11E4-8336-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:12:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CleanupPSvc service. Windows Defender: =================================== Date: 2020-01-02 08:22:42.325 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7F0F726A-B4E5-46A6-AA8E-B02A0F6B94FA} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-29 07:25:15.491 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.1352.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2020-01-05 17:39:00.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:39:00.378 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.235 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Phoenix Technologies Ltd. P09RAP 11/01/2013 Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP300E5C-A06US Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz Percentage of memory in use: 64% Total physical RAM: 3795.54 MB Available physical RAM: 1333.53 MB Total Virtual: 5011.54 MB Available Virtual: 2547.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:272.54 GB) (Free:227.84 GB) NTFS \\?\Volume{d56f1b01-047a-4f3c-9a45-8a1882843cc6}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS \\?\Volume{8e1dffc5-821a-4ebc-bcc5-4ba3091fc763}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS \\?\Volume{51cb7d1c-3d4c-4c1b-b9f0-972755c35fe9}\ (SAMSUNG_REC2) (Fixed) (Total:23.15 GB) (Free:1.1 GB) NTFS \\?\Volume{347b6fb9-62bc-4bd7-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.27 GB) FAT32 \\?\Volume{d68c5adc-790b-48a8-8648-2585bfbbb17e}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 467FC636) Partition: GPT. ==================== End of Addition.txt =======================
  2. I have been using Cute FTP for years, and now out of nowhere I am getting the following error message when I try to launch the program... System error - RichEdit initialization failed. Please make sure that the latest RichEdit libraries are present. Google searches are no help. No two sites suggest the same solution, and there seems to be no simple straight forward solution. Any ideas or help would be greatly appreciated. I am running Windows 10 Professional. My computer is a laptop purchased about six months ago. This is the first time I have tried it since about August, I believe, and it worked fine then.
  3. Hello, malwarebytes users i have one problem with virus I hope someone can help me. The problem is the following "I have other viruses too, but they are not a problem" The problem is the virus I got a few days ago I'm not a malware analyst or anything like that but I managed to connect these viruses svghost.exe, mserver.exe and usp20.dll this files make other files and changes in registry i delete it but they back after i restart my pc, including registry I scanned them with malwarebytes some detect as viruses and remove but after restart, they come back again I see they use 100% CPU I guess It's a miner But I'm not sure. If anyone can help me solve this, I would be very appreciate.
  4. Even after finish cleaning with MalwareBytes (user ver.) SppExtComObjHook.dll still restart at windows startup Is SppExtComObjHook.dll dangerous ? How to remove it completely ?
  5. I've been struggling with malware that keeps coming back to my Windows install. This Windows install is not clean because I haven't had the need to use it since I use Debian as my main OS This is the second time I do a Windows restore since everytime I try to clean dlls the system breaks down I've used malwarebytes, spybot search and destroy and I get a clean analysis so I tried to use boot up recovery disks, sfc /scannow and lastly "Unhack me" where I could see the suspicious files but manually since the programs above trust all "Trusted installer " signed files and processes, after that I used SVChostanalyzer and Security Task Manager and realized suspicious instructions inside of wininit.exe, services.exe, lsass.exe ,one of them being a on purpose BSOD when you kill a certain process so that the rootkit can backup itself, another being a programmed memory.dmp creation instruction and as usually many instances of svchost.exe are not a good sign. I uploaded two of these files to Hybrid-Analysis (online sandbox analyzer) ; svchost.exe Which showed header timestamps into the future (2050) and forged Microsoft signatures Inside of lsass.exe I found TCP connections an Ip which seems to be part of Akamai-Technologies I already know that the best option is to make a clean and secure install in this partition but I wanted to know if this is could possibly be work of an enteprise stealing data or just maybe someone who is playing with tools and tunneling this to that Ip, I would gladly receive any counsel, comment or help for this issue if there was any to kill this malware without the cleanup. Thanks svchost.txt lsass.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.