Jump to content

Disk Defragmenter won't run


Recommended Posts

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

here are the scans requested.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/7/2016
Scan Time: 7:09 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.07.08
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alice
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315302
Time Elapsed: 14 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v5.101 - Logfile created 07/03/2016 at 20:08:57
# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Alice - MININT-J99BOLF
# Running from : C:\Users\Alice\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Service Not Deleted : CouponPrinterService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Alice\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Alice\AppData\Roaming\ParetoLogic
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : paretologic registration3
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [3105 bytes] - [07/03/2016 20:08:57]
C:\Program Files\AdwCleaner\AdwCleaner[s1].txt - [3018 bytes] - [07/03/2016 20:06:17]
 
########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [3279 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x86 
Ran by Alice (Administrator) on Mon 03/07/2016 at 20:22:05.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 25 
 
Failed to delete: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25VVNMLX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\couponprinter.ocx (File) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FUN7592 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GLHDQO0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MO8J8T3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56YU7Y4F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GN1ST7J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OGA9ZL9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASU7ZATY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMY4P0Y8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZD1EQFD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISHR2CZ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2K62UG3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FUN7592 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GLHDQO0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MO8J8T3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25VVNMLX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56YU7Y4F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GN1ST7J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OGA9ZL9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASU7ZATY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMY4P0Y8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZD1EQFD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISHR2CZ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2K62UG3 (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BAD64A432570774A860D804351820E25 (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/07/2016 at 20:23:22.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.33, February 2016 (build 5.33.12300.0)
Started On Mon Mar 07 20:25:19 2016
 
Engine: 1.1.12400.0
Signatures: 1.213.4702.0
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Alice (administrator) on MININT-J99BOLF (07-03-2016 20:39:58)
Running from C:\Users\Alice\Desktop
Loaded Profiles: Alice (Available Profiles: Alice)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2014-10-10]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2038DBFC-7F56-472C-98D7-7931FC0D08BF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3249006778-2420017719-1096663853-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3249006778-2420017719-1096663853-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.charter.net/"
CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (Pin It Button) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-24] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [20328 2011-06-05] (NVIDIA Corporation)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjvst.sys [63976 2011-03-23] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [62576 2011-06-20] (STMicroelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2009-04-17] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2011-03-24] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 20:24 - 2016-03-07 20:25 - 53708000 _____ (Microsoft Corporation) C:\Users\Alice\Downloads\Windows-KB890830-V5.33.exe
2016-03-07 20:23 - 2016-03-07 20:23 - 00004803 _____ C:\Users\Alice\Desktop\JRT.txt
2016-03-07 20:21 - 2016-03-07 20:21 - 01609216 _____ (Malwarebytes) C:\Users\Alice\Downloads\JRT.exe
2016-03-07 20:21 - 2016-03-07 20:21 - 01609216 _____ (Malwarebytes) C:\Users\Alice\Downloads\JRT (1).exe
2016-03-07 20:04 - 2016-03-07 20:08 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-07 20:03 - 2016-03-07 20:03 - 01524224 _____ C:\Users\Alice\Desktop\AdwCleaner.exe
2016-03-07 19:04 - 2016-03-07 19:04 - 00031039 _____ C:\Users\Alice\Desktop\CheckResults.txt
2016-03-07 13:21 - 2016-03-07 13:22 - 00022538 _____ C:\Users\Alice\Desktop\Addition.txt
2016-03-07 13:19 - 2016-03-07 20:39 - 00014472 _____ C:\Users\Alice\Desktop\FRST.txt
2016-03-07 13:18 - 2016-03-07 13:18 - 00000000 ____D C:\Users\Alice\Desktop\FRST-OlderVersion
2016-03-02 18:52 - 2016-03-07 20:39 - 00000000 ____D C:\FRST
2016-03-02 18:50 - 2016-03-07 13:18 - 01725440 _____ (Farbar) C:\Users\Alice\Desktop\FRST.exe
2016-03-02 18:45 - 2016-03-02 18:45 - 01706112 _____ (Malwarebytes) C:\Users\Alice\Desktop\mbam-check-2.3.2.0.exe
2016-03-02 13:51 - 2016-03-02 13:51 - 00000832 _____ C:\Users\Public\Desktop\AVG.lnk
2016-03-02 13:51 - 2016-03-02 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-03-02 12:41 - 2016-03-02 14:16 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-01 20:13 - 2016-03-01 20:13 - 06837784 _____ (Piriform Ltd) C:\Users\Alice\Downloads\ccsetup515.exe
2016-03-01 17:54 - 2016-03-01 19:59 - 00000000 ____D C:\Windows\pss
2016-03-01 16:45 - 2016-03-01 16:45 - 00003544 ____N C:\bootsqm.dat
2016-03-01 13:06 - 2016-03-01 13:12 - 00000000 ____D C:\Users\Alice\AppData\Local\ElevatedDiagnostics
2016-02-14 08:14 - 2016-02-14 08:14 - 00313232 _____ C:\Users\Alice\Downloads\photo (1).htm
2016-02-09 18:26 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-09 18:26 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 18:26 - 2016-01-22 01:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 18:26 - 2016-01-22 01:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 18:26 - 2016-01-22 01:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 18:26 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 18:26 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 18:26 - 2016-01-22 01:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 18:26 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 18:26 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 18:26 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 18:26 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 18:26 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 18:26 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 18:26 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 18:26 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 18:26 - 2016-01-22 00:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 18:26 - 2016-01-22 00:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 18:26 - 2016-01-21 23:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 18:26 - 2016-01-21 23:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 18:26 - 2016-01-21 23:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 18:26 - 2016-01-21 23:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 18:26 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 18:26 - 2016-01-21 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 18:26 - 2016-01-21 23:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 18:26 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 18:26 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 18:26 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 18:26 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 18:26 - 2016-01-16 13:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 18:26 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 18:26 - 2016-01-16 13:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 18:26 - 2016-01-11 09:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 18:26 - 2016-01-11 09:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 18:26 - 2016-01-11 09:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 18:26 - 2016-01-11 09:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 18:26 - 2016-01-11 09:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 18:26 - 2016-01-07 12:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 18:26 - 2016-01-07 12:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 18:26 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 18:26 - 2016-01-06 12:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 18:25 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 18:25 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 18:25 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 18:25 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 18:25 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 18:25 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 18:25 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 18:25 - 2016-01-22 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 18:25 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 18:25 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 18:25 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 18:25 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 18:25 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 18:25 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 18:25 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 18:25 - 2016-01-22 00:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 18:25 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 18:25 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 18:25 - 2016-01-22 00:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 18:25 - 2016-01-22 00:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 18:25 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 18:25 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 18:25 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 18:25 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 18:25 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 18:25 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 18:25 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 18:25 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 18:25 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 18:25 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 18:25 - 2016-01-22 00:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 18:25 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 18:25 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 18:25 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 18:25 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 18:25 - 2016-01-11 13:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 18:25 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 18:25 - 2016-01-11 13:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 18:25 - 2016-01-11 13:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 18:25 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 18:25 - 2016-01-11 13:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 18:25 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 18:25 - 2016-01-11 13:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 18:25 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 18:25 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 18:25 - 2016-01-11 13:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 17:55 - 2016-02-09 17:55 - 00333608 _____ C:\Users\Alice\Downloads\photo.htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 20:38 - 2016-02-03 18:33 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15edb3cd04158.job
2016-03-07 20:25 - 2015-01-30 19:01 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-07 20:22 - 2009-07-13 23:34 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 20:22 - 2009-07-13 23:34 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 20:15 - 2010-11-20 16:01 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 20:15 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-03-07 20:14 - 2015-11-10 14:34 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 20:11 - 2016-02-03 18:33 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15edb3cb3b0d5.job
2016-03-07 20:11 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-07 20:08 - 2015-01-30 16:58 - 00000000 ____D C:\ProgramData\MFAData
2016-03-04 11:58 - 2015-04-09 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-02 14:18 - 2015-10-27 14:56 - 00000000 ____D C:\Users\Alice\AppData\Local\AvgSetupLog
2016-03-02 14:06 - 2015-02-27 14:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-02 13:56 - 2015-08-30 18:48 - 00000000 ____D C:\Users\Alice\AppData\Roaming\HpUpdate
2016-03-02 13:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-03-02 13:52 - 2015-10-27 14:57 - 00000000 ____D C:\ProgramData\Avg
2016-03-02 13:52 - 2015-05-25 05:38 - 00000000 ____D C:\Users\Alice\AppData\Local\Avg
2016-03-02 13:52 - 2015-01-30 17:00 - 00000000 ____D C:\Program Files\AVG
2016-03-02 12:50 - 2015-01-30 16:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-02 12:50 - 2015-01-30 16:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-02 12:44 - 2015-06-11 17:29 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-01 20:13 - 2015-11-10 14:30 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-01 20:04 - 2015-01-30 16:11 - 00000000 ____D C:\Users\Alice
2016-03-01 20:02 - 2015-01-30 20:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-01 20:02 - 2010-11-20 19:47 - 00000000 ____D C:\Windows\ShellNew
2016-03-01 20:02 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Msdtc
2016-03-01 19:59 - 2015-11-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-01 19:59 - 2015-11-10 14:30 - 00000000 ____D C:\Program Files\CCleaner
2016-03-01 19:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2016-03-01 19:38 - 2015-01-30 16:11 - 00000000 ____D C:\Users\Alice\AppData\Local\VirtualStore
2016-02-26 07:41 - 2015-09-10 17:45 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-19 15:16 - 2015-03-26 08:51 - 00002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-11 19:05 - 2015-01-30 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-10 13:43 - 2009-07-13 23:33 - 00267016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 13:41 - 2015-01-30 20:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 13:41 - 2010-11-20 19:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 13:18 - 2015-01-30 19:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 06:11 - 2015-03-26 08:51 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-10 06:11 - 2015-03-26 08:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
==================== Files in the root of some directories =======
 
2015-08-30 18:47 - 2015-08-30 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Alice\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-02 15:43
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Alice (2016-03-07 20:40:28)
Running from C:\Users\Alice\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-01-30 21:11:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3249006778-2420017719-1096663853-500 - Administrator - Disabled)
Alice (S-1-5-21-3249006778-2420017719-1096663853-1002 - Administrator - Enabled) => C:\Users\Alice
Guest (S-1-5-21-3249006778-2420017719-1096663853-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4540 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Zen (Version: 1.41.29 - AVG Technologies) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
Dell ControlVault Host Components Installer (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IncrediMail (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09B7F041-F6A0-43F1-91E3-B26D1FEFDD89} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {20070212-89E4-4BCA-AABA-06ABEAC116AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {599810E3-9F0D-4C8D-A4B1-868B4E17489B} - System32\Tasks\GoogleUpdateTaskMachineCore1d15edb3cb3b0d5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {B187381D-3671-485C-8FE3-F1A0B6014706} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B3A8F250-4B7C-4C19-9829-313CB58D1713} - System32\Tasks\GoogleUpdateTaskMachineUA1d15edb3cd04158 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {F8A1EA48-EADC-4B0F-A2E4-CB859A3D4F2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {FB6C09A5-B0A4-4E63-B0B3-41F29AF934AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-02] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15edb3cb3b0d5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15edb3cd04158.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-19 15:16 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 15:16 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3249006778-2420017719-1096663853-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D8053011-B2BD-4A62-AFE5-0E0D7BB3A798}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7FC03978-C7AC-4A9C-BD99-9DC3E443DFD4}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{CDE0D716-8D93-4213-88A1-E1EE61305557}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{DB6C454E-ECCA-48D1-9FA5-5B949EB07980}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{54670147-6046-4F2B-A5CF-E15ECCFFB707}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{09AD8152-6662-42E8-B0F2-C983F9BAA7B2}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{DE47D595-B0B4-474F-A611-A600DE4C7C15}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{961DCC04-E39F-4E01-9547-07CE1950F300}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{4BB1CE79-DFA5-45CC-81A9-E3715EB6C1C4}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1FFB4B51-FF94-41F4-8007-01E8B781B633}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{0667F349-DA9D-4F94-9278-192E3694D73B}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A5B7C04A-6BA6-464E-9CD2-6250C7FA15C6}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{3E9D7193-5A08-4343-8E2F-6A9A08846E72}] => (Allow) LPort=5357
FirewallRules: [{34DDEDC8-45F5-4432-8A03-7CC50A14B490}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3254CDA9-6703-4D05-8FA8-0B5838784815}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{2FE7BF07-DEDC-41C6-B5F2-BC53A2787D20}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{15AD0149-80C4-4F66-BBD1-69196DCE5F20}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{9073C335-0876-4641-ABB9-37F84498E5FA}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{E5CCDF72-010B-4133-9E33-5816D6B324AE}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{92548877-8F71-4F7B-8133-1F8D911AE48E}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{47702570-3328-4E0B-8D05-5D26CDAF7885}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{FBEE76EE-95E8-4C9E-837B-E293C2BEC045}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{597DE0B8-7930-4901-B1F3-117DD31D4C65}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-02-2016 09:30:06 Windows Update
01-03-2016 19:52:06 Restore Operation
04-03-2016 11:57:54 Windows Update
07-03-2016 20:22:08 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2016 08:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2016 11:57:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/02/2016 02:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2016 02:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2016 08:04:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2016 07:44:34 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).
 
Error: (03/01/2016 06:31:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2016 06:24:14 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).
 
Error: (03/01/2016 06:19:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2016 06:16:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/07/2016 08:22:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Driver Helper Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/07/2016 08:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/07/2016 08:11:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (03/07/2016 08:09:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/07/2016 08:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/07/2016 08:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/07/2016 08:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/07/2016 08:08:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/07/2016 08:08:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/07/2016 08:08:54 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 2985.02 MB
Available physical RAM: 1557.05 MB
Total Virtual: 5968.35 MB
Available Virtual: 4522.34 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:219.2 GB) (Free:185.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:8.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A7208EBE)
Partition 1: (Active) - (Size=219.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
I hope I done them right   Larry
Link to post
Share on other sites

No obvious malware or infection in the FRST logs.. The issue you are concerned about is defrag does not work.  I assume you are using Windows service and not a 3rd party application. Windows 7 disk defrag is usually set to run on its own as required.. Lets check check the service first

 

Select start > type services.msc into the search box, tap enter. The services window will open, scroll down to Disk Defragmenter Is the service running? what is its start up type?

 

Have a read at the following links on how to run defrag...

 

How to use defragmenter - http://www.sevenforums.com/tutorials/11733-disk-defragmenter-open-use.html

 

How to turn defrag scheduler on/off - http://www.sevenforums.com/tutorials/3292-disk-defragmenter-schedule-turn-off.html

 

Let me know if that helps with the defrag problem...

 

Thank you,

 

Kevin

Link to post
Share on other sites

The service is running. the startup type is automatic. this is the error message i get when i try to run defrag (Windows app.)

disk defragmenter was scheduled using another program.   disk defrag is currently using custom settings created by another program.

before you can modify the schedule you must remove the custom settings.  I have no idea what program is hooked to disk defrag.

Link to post
Share on other sites

I have gone through the avg program, and did not see any avg tuneup i  did have it in the  past.  i do remember choosing disk defrag, but can not find where that option went. i have removed avg and installed avg many times. i thought i used advast free disk defrag before so i installed it again today, but did not find that option in advast either. i deleted all antivirus and tried windows defrag and got the message. larry

Link to post
Share on other sites

If the options were set with AVG tune up then you will have to re-install and look at what options you have... There is nothing showing in Sheduled Tasks listed in FRST.. The issue is not malware/infection related, that is what we deal with in this forum....

 

Re-install AVG tune up, look at the options for a defrag, use it to run a sheduled task, when that is run and completed remove the settings for the shedule... I`ve never used anything whatsoever from AVG so am not really sure how it works...

 

Let me know if you make any progress...

 

Cheers,

 

Kevin

Link to post
Share on other sites

jUST WANTED TO LET YOU KNOW WHATS GOING ON. i COULD NOT FIND ANY where in avg tuneup to fix the issue. I did find a place to change or un check the disk defrag. I unchecked it and tried again, and got  the same error message.  I also discovered that all the task files in task schuelder are courupted or tampered with. I am in the  process of doing a dell factory image restore. Lets hope everything will be fixed. I will let you know after the restore is done. I guess you can close this topic. Larry

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.