ArizonaEagle Posted September 1, 2016 ID:1059492 Share Posted September 1, 2016 You guys helped me a few years ago, I have problems again. I have Dell 660: Windows 7 Home Premium. 1) FireFox / Chrome? = "Adobe Flash plugin has crashed." "Shockwave Flash may be busy." "Shockwave just crashed." System locks up and I go to Windows task manager to individually end task, and all web sites I'm on disappear. 2) Chrome = "Aw Snap." Same as above. 3) Internet Explorer = "...Stopped working." It hangs up & stops working, also shuts down and restarts. I've run Malwarebytes "Free" that I have on my PC, as well as AVG. Neither shows anything wrong, but there is obviously something wrong. None of my scans show any malware, but something is wrong... Is there anything you could point me to and help me figure this out? Thanks in advance... Link to post Share on other sites More sharing options...
AlexSmith Posted September 1, 2016 ID:1059589 Share Posted September 1, 2016 Just letting you know that I moved your topic to the General Computer Help area of our Forums. Thanks for coming to the Malwarebytes Forums!! While you are awaiting for assistance, try seeing if the issues go away in Safe Mode with Networking. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 1, 2016 Author ID:1059640 Share Posted September 1, 2016 Thanks Alex, I'm doing some work right now, so I'll try that shortly. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 1, 2016 Author ID:1059679 Share Posted September 1, 2016 I'm in Safe Mode and will leave the system on while running a few errands. I have a couple of frequently used web sites active. I'll check back later. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 1, 2016 Author ID:1059692 Share Posted September 1, 2016 One of the problems does occur in Safe Mode in that I have 4 windows open in IE. Although one of the windows does show on the task bar, (the title of the web site) the page will not display. This is one of the challenges... Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 2, 2016 Author ID:1059712 Share Posted September 2, 2016 "Problem with this website caused it to close and then reopen." error... This in Safe Mode... Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 2, 2016 Author ID:1059713 Share Posted September 2, 2016 FireFox also showed this problem when shutting down with Windows Task Manager. "System cannot end this program because it is waiting for a response from you." When I hit "End now" tab, all programs (3) in Firefox closed. This has been one of the problems / symptoms as well. Thanks. Link to post Share on other sites More sharing options...
AlexSmith Posted September 2, 2016 ID:1059832 Share Posted September 2, 2016 @ArizonaEagle, since there hasn't been anyone to come in and help you yet, I thought I would offer some guidance to help get the ball rolling. While I don't feel you are infected, many of the logs that are asked for in the Malware Removal for Windows area would help in getting a better idea of the state of your PC. Can you by chance post a FRST.txt and Additions.txt file via the FARBAR Tool discussed here? https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 2, 2016 Author ID:1059861 Share Posted September 2, 2016 Hi Alex, I just logged on to check emails and have to be at an appointment in 40 minutes. I'll do this later this after noon and I know it's a long holiday weekend, so I don't expect you to spend any time on this over the weekend. I'm sure you have family where you'd rather spend time with. I'll do as you suggest here, and I have 2 other questions. 1) Since I have CC Cleaner, and haven't run it in several months, would that be an option - AFTER I POST what you want? 2) Is there something I can do daily or weekly to keep my computer "clean," such as CC Cleaner, or other daily or weekly tasks? If there is a post on your web site, I'll follow that as well, to keep my computer clean. Ooops..., last question: Should I be concerned that I have - in my area - I have a strong wireless signal of something I don't feel should be there. I have the usual Comcast and AT&T signals with varying degrees of strength, along with one that reads: Name: "84a8a35ce3fb3acc256cab91653b0634" Security Type WPA2-PSX Radio Type 802.11N SSID (Same as number above) From your experience, can this be a hacker in my neighborhood?? Just concerned because this is a relatively new signal on my "Open Network and Sharing Center." Thank you!!!! Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 3, 2016 Author ID:1059913 Share Posted September 3, 2016 Here is the results of FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Arizona Eagle (administrator) on ARIZONAEAGLE-PC (02-09-2016 16:56:48) Running from C:\Users\Arizona Eagle\Downloads Loaded Profiles: Arizona Eagle (Available Profiles: Arizona Eagle) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () Q:\140066.enu\Office14\WINWORDC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe () Q:\140066.enu\Office14\OffSpon.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\RunOnce: [Uninstall C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64" HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\RunOnce: [Uninstall C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{978EA2B4-9D05-40C7-B460-6E329CF28234}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{FDE6EDD0-0090-4794-8F0E-7EF701D9C6C7}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1 SearchScopes: HKLM -> DefaultScope {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Arizona Eagle\AppData\Roaming\Mozilla\Firefox\Profiles\07y94zzs.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1018525127-3197894228-3462546734-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Arizona Eagle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-16] (Citrix Online) FF Extension: (Yahoo! Toolbar) - C:\Users\Arizona Eagle\AppData\Roaming\Mozilla\Firefox\Profiles\07y94zzs.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-08-26] [not signed] Chrome: ======= CHR Profile: C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11] CHR Extension: (Google Docs) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11] CHR Extension: (Google Drive) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (YouTube) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (Google Search) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Google Sheets) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11] CHR Extension: (Google Docs Offline) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Gmail) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27] CHR Extension: (Chrome Media Router) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4878096 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [49424 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-07] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [298752 2016-07-12] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-02 16:56 - 2016-09-02 16:56 - 00018491 _____ C:\Users\Arizona Eagle\Downloads\FRST.txt 2016-09-02 16:56 - 2016-09-02 16:56 - 00000000 ____D C:\FRST 2016-09-02 16:49 - 2016-09-02 16:55 - 02397696 _____ (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64(1).exe 2016-09-02 16:44 - 2016-09-02 16:45 - 02397696 _____ (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64.exe 2016-09-01 13:11 - 2016-09-01 13:11 - 00057290 _____ C:\Windows\ntbtlog.txt 2016-09-01 13:07 - 2016-09-01 13:07 - 00014371 _____ C:\Users\Arizona Eagle\Downloads\Lay Mission - Small Group Roster.xlsx 2016-09-01 12:57 - 2016-09-01 12:57 - 02738911 _____ C:\Users\Arizona Eagle\Downloads\Lay Vocation - Course Reader - 2016_08_12 (1).pdf 2016-08-31 21:03 - 2016-08-31 21:03 - 02738911 _____ C:\Users\Arizona Eagle\Downloads\The Lay Vocation - Course Reader - 2016_08_12.pdf 2016-08-30 18:30 - 2016-08-30 18:30 - 00014359 _____ C:\Users\Arizona Eagle\Downloads\Small group roster.xlsx 2016-08-24 22:37 - 2016-08-26 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-24 19:49 - 2016-08-24 19:49 - 00000000 ____D C:\Users\Arizona Eagle\Documents\New folder 2016-08-23 09:22 - 2016-08-19 16:30 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll 2016-08-20 12:40 - 2016-08-20 12:40 - 00005653 _____ C:\Users\Arizona Eagle\Documents\Envelope - Lay Mission Project.odt 2016-08-16 14:02 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-16 14:02 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-10 01:27 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 01:27 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 01:27 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 01:27 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 01:27 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 01:27 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 01:27 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 01:27 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 01:27 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 01:27 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 01:27 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 01:27 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 01:27 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 01:27 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 01:27 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 01:27 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 01:27 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 01:27 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 01:27 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 01:27 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 01:27 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 01:27 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 01:27 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 01:27 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 01:27 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 01:27 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 01:27 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 01:27 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 01:27 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 01:27 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 01:27 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 01:27 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 01:27 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 01:27 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 01:27 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 01:27 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 01:27 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 01:27 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 01:27 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 01:27 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 01:27 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 01:27 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 01:27 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 01:27 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 01:27 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 01:27 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 01:27 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 01:27 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 01:27 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 01:27 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 01:27 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 01:27 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 01:27 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 01:27 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 01:27 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 01:27 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 01:27 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 01:27 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 01:27 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 01:27 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 01:27 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 01:27 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 01:27 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 01:27 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 01:27 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 01:27 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 01:27 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 01:27 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 01:26 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 19:32 - 2016-08-09 19:32 - 00261467 _____ C:\Users\Arizona Eagle\Downloads\Enterprise - Employment Application.xml 2016-08-08 20:39 - 2016-08-08 20:40 - 09532228 _____ C:\Users\Arizona Eagle\Downloads\FALL SCRIPTURE POSTER (1).pptx 2016-08-08 20:39 - 2016-08-08 20:39 - 09532228 _____ C:\Users\Arizona Eagle\Downloads\FALL SCRIPTURE POSTER.pptx 2016-08-05 23:47 - 2016-08-05 23:47 - 00242192 _____ C:\Users\Arizona Eagle\Downloads\Firefox Setup Stub 48.0.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-02 16:29 - 2016-07-28 14:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e91adabeeed1.job 2016-09-02 16:29 - 2016-07-28 14:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e91ada987a81.job 2016-09-02 14:01 - 2014-09-08 14:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2016-09-02 14:00 - 2014-09-09 12:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher 2016-09-02 14:00 - 2014-09-08 14:05 - 00003478 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2016-09-02 11:11 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-02 11:11 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-02 08:05 - 2015-10-08 21:28 - 00000000 ____D C:\ProgramData\MFAData 2016-09-01 17:38 - 2014-09-08 12:02 - 00059280 _____ C:\Users\Arizona Eagle\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-01 17:38 - 2012-06-01 09:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-09-01 17:37 - 2012-06-01 09:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-09-01 17:37 - 2012-06-01 09:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-09-01 17:37 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-01 13:16 - 2015-08-07 13:58 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Local\ElevatedDiagnostics 2016-09-01 13:09 - 2014-09-08 14:21 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Roaming\SoftGrid Client 2016-08-26 13:41 - 2014-09-18 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-25 23:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-08-23 18:19 - 2014-09-08 14:05 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2016-08-23 09:22 - 2016-04-23 21:14 - 00002554 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2016-08-23 09:22 - 2016-04-23 21:14 - 00002542 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2016-08-23 09:22 - 2016-04-23 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2016-08-21 18:00 - 2014-09-08 14:05 - 00004298 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-08-19 16:35 - 2016-04-23 21:14 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe 2016-08-18 06:52 - 2016-02-24 19:20 - 00012140 _____ C:\Users\Arizona Eagle\Downloads\Budget 2016 Bob.xlsx 2016-08-10 03:21 - 2009-07-13 21:45 - 00265800 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-09 16:56 - 2015-10-08 21:30 - 00000938 _____ C:\Users\Public\Desktop\AVG Protection.lnk 2016-08-09 16:56 - 2015-10-08 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-08-08 15:03 - 2014-09-08 14:15 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 15:02 - 2014-09-08 14:15 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-06 19:02 - 2014-09-08 14:05 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Local\Adobe 2016-08-06 19:02 - 2012-06-01 09:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-08-06 19:02 - 2012-06-01 09:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-05 23:50 - 2016-03-14 11:45 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-08-05 23:50 - 2016-03-14 11:45 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-08-04 13:53 - 2015-07-01 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk Some files in TEMP: ==================== C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_081548299606.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08156298752.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_081927633790.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08479216649.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08556981622.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08638982554.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-16 02:14 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 3, 2016 Author ID:1059914 Share Posted September 3, 2016 Here is the result of Additional scan: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Arizona Eagle (02-09-2016 16:58:07) Running from C:\Users\Arizona Eagle\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2014-09-08 19:02:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1018525127-3197894228-3462546734-500 - Administrator - Disabled) Arizona Eagle (S-1-5-21-1018525127-3197894228-3462546734-1000 - Administrator - Enabled) => C:\Users\Arizona Eagle Guest (S-1-5-21-1018525127-3197894228-3462546734-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1018525127-3197894228-3462546734-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) AVG (Version: 16.101.7752 - AVG Technologies) Hidden AVG (Version: 16.71.7597 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4649 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.52.2 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies) Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Blio (HKLM-x32\...\{6DA891AB-4D45-4BA6-B656-F02391204661}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft) Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.) Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline) High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG) SyncUP (x32 Version: 1.12.11100.9.104 - Nero AG) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1018525127-3197894228-3462546734-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Arizona Eagle\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {100BE4B3-F75C-4F26-B93D-ABBA27A38E0E} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {11F02AF8-134E-45E4-B8A4-E90438EA72AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {138EC951-BBDC-4C35-AD72-1B41B0355E1A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {22AF2E6D-FFE9-43DC-8EE4-5A9C6DD6B190} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-08-19] (AVG Technologies CZ, s.r.o.) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {31AB3089-D3FC-4019-8112-00565DA81420} - System32\Tasks\G2MUploadTask-S-1-5-21-1018525127-3197894228-3462546734-1000 => C:\Users\Arizona Eagle\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {48EA4492-CBC2-4BF4-9B66-47DAA0E2AE3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {70A5840B-7072-42E8-920D-931C51327C1E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e91adabeeed1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {85D93508-6555-4E74-8A07-72EFEBB6F017} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B71D546F-3F05-497C-A7EF-6EE44D22AB7C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.) Task: {B8C1829F-E082-4F8C-A071-7039E50CAD9C} - System32\Tasks\{67C2A212-F1FF-48A0-A3E8-720ED6F889D3} => Firefox.exe Task: {B94436DE-DECE-4899-B3F2-BF3090E72CAB} - System32\Tasks\{69C85D21-D95D-4107-8915-31FFAAA6BEF4} => Firefox.exe Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D2DD4292-96CA-402E-A9FB-87DC469EBCA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {D4BDDACF-C810-491D-BFA3-6F27424B8DBC} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e91ada987a81 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {E0B514E3-8C36-401D-B466-30F523DEE214} - System32\Tasks\{DDC8B466-4DED-4C59-816A-19F11EEED822} => Firefox.exe Task: {E5083048-A851-4F95-A615-670C411E36F1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1018525127-3197894228-3462546734-1000 => C:\Users\Arizona Eagle\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E6F64711-9617-4148-8BF1-49BB95496FDA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.) Task: {E8F26CAC-BB0B-469F-817B-B4F95BD9CED6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.) Task: {F53C39E0-D08B-414C-BFB7-EB3F73444C2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated) Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1018525127-3197894228-3462546734-1000.job => C:\Users\Arizona Eagle\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1018525127-3197894228-3462546734-1000.job => C:\Users\Arizona Eagle\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e91ada987a81.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e91adabeeed1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-06-01 09:49 - 2012-01-26 19:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2012-06-01 10:54 - 2012-03-19 16:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-06-27 17:26 - 2011-06-27 17:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe 2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe 2011-06-29 06:52 - 2011-06-29 06:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe 2010-02-28 00:33 - 2010-02-28 00:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2010-03-16 18:28 - 2010-03-16 18:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll 2010-03-22 13:52 - 2010-03-22 13:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll 2010-03-16 18:28 - 2010-03-16 18:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll 2010-03-16 18:28 - 2010-03-16 18:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll 2011-06-24 21:20 - 2011-06-24 21:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll 2011-06-27 17:25 - 2011-06-27 17:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll 2011-06-24 21:21 - 2011-06-24 21:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll 2010-03-11 17:52 - 2010-03-11 17:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll 2010-03-05 13:07 - 2010-03-05 13:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll 2010-03-05 13:07 - 2010-03-05 13:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll 2010-03-11 17:52 - 2010-03-11 17:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll 2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll 2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll 2015-10-08 21:29 - 2016-05-28 01:23 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2016-05-11 03:37 - 2016-05-11 03:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a8eeeddc97028a9f94d0518c22f4c2c\IsdiInterop.ni.dll 2012-06-01 09:42 - 2011-11-29 18:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-06-01 09:40 - 2011-12-16 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-08-06 19:02 - 2016-08-06 19:02 - 19483328 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll 2016-08-08 15:02 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 15:02 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-08-08 15:02 - 2016-08-02 16:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2015-08-02 19:42 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arizona Eagle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9C0DCB81-EA99-441A-B19E-452EAFE55433}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{105358DF-CEA8-44D0-BBC0-8A94ECBD51C9}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{AB91BB2B-6801-4F02-97B9-F6CA57A379C2}] => (Allow) LPort=9700 FirewallRules: [{8792BDD6-B356-4AA9-BB15-8136174F51FC}] => (Allow) LPort=9701 FirewallRules: [{8DB2F543-DFC1-455D-AB70-B26131845ED9}] => (Allow) LPort=9702 FirewallRules: [{0812ED68-E46A-4C4E-83E8-21753FE0EC44}] => (Allow) LPort=9700 FirewallRules: [{08C4E204-6CBF-4B9C-908B-01E2F5A691A2}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{93EF4338-2170-40E5-B63D-3373F221631B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{E853B41D-28EE-444E-91EF-BABE5A173BF7}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{A6352F1F-5BDC-4291-9548-6AC5BABFE5EB}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{7D8E2B9E-441D-446D-BC78-41A4880A04D9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{D7CF4344-9000-4072-B707-63224F64F41B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{976C3780-CD16-4C84-8BE7-4320A6743270}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{576D49A1-BD17-4986-ADD3-A2D325E53485}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{D0ECB2CF-9678-43D7-8C08-78115778C281}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{726D5605-78D9-4D7E-B105-C70D2713BE00}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{A9626B41-6C16-4F0B-8946-925E5EA9A924}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe FirewallRules: [{1B913613-17E1-439C-85CA-D0158DB9C028}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe FirewallRules: [{634D19B6-F7C6-4444-832F-DA99047A118E}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe FirewallRules: [{2B755EC2-CD69-4058-9AFE-5DABCF30897D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B1ACA79B-4794-4216-B87D-476A19F7D896}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{34C43E81-2B91-4C62-8BA4-31F9BF10F8B9}] => (Allow) LPort=2869 FirewallRules: [{D22794DD-E0CB-471B-A5EE-3B852D719935}] => (Allow) LPort=1900 FirewallRules: [{3C964776-4D4D-4D58-9096-1F69D88BB9D9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{C833AAF3-2307-4F8E-9665-227FCDE752CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8E6BAEBC-B3FC-4B35-9B6B-F727895D3625}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4041F019-DFF5-412F-920D-CB456A84D73C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{A29CDDAF-927D-42B8-A0BF-2703C80D3FCD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E0714BA2-85C7-457B-9D59-45A9C5909979}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C931EE65-3D48-46C7-B531-72ECB740BE8E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F05DEB95-5031-45FA-92A4-975DC2B261C0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{41C9C79E-24F5-4159-80A3-8544229E191F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{8D9B0B0E-FF65-4BD9-A05F-2217CDCC86DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{8FBC7899-7E1F-4352-B8C4-3E17606C1A51}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{F6F2E368-F75C-494F-A5D6-F0AFC2F15FAA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2016 04:38:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18427, time stamp: 0x57a02609 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x23687300 Faulting process id: 0x217c Faulting application start time: 0x01d205723754ada3 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: unknown Report Id: 5e6df717-7166-11e6-8ada-7845c409987e Error: (09/02/2016 06:13:09 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422). Error: (09/02/2016 06:11:56 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422). Error: (09/01/2016 07:41:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18427, time stamp: 0x57a02609 Faulting module name: jscript9.dll, version: 11.0.9600.18427, time stamp: 0x57a02dab Exception code: 0xc0000005 Fault offset: 0x00012634 Faulting process id: 0x1e64 Faulting application start time: 0x01d204b5b3b04035 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\jscript9.dll Report Id: c4ce5d76-70b6-11e6-8ada-7845c409987e Error: (09/01/2016 06:35:10 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422). Error: (09/01/2016 05:47:45 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object. Error: (09/01/2016 05:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/01/2016 05:32:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 48.0.2.6079, time stamp: 0x57bd3628 Faulting module name: mozglue.dll, version: 48.0.2.6079, time stamp: 0x57bd2857 Exception code: 0x80000003 Fault offset: 0x0000efe5 Faulting process id: 0x9dc Faulting application start time: 0x01d2048eac392ba8 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: b1f51d62-70a4-11e6-8a27-7845c409987e Error: (09/01/2016 01:13:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/01/2016 11:38:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18427, time stamp: 0x57a02609 Faulting module name: jscript9.dll, version: 11.0.9600.18427, time stamp: 0x57a02dab Exception code: 0xc0000005 Fault offset: 0x0015744d Faulting process id: 0x22ac Faulting application start time: 0x01d2047fa088f298 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\jscript9.dll Report Id: 3b6a0431-7073-11e6-8040-7845c409987e System errors: ============= Error: (09/01/2016 07:44:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (09/01/2016 05:39:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/01/2016 01:12:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (09/01/2016 01:12:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (09/01/2016 01:12:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21 Error: (09/01/2016 01:12:08 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (09/01/2016 01:12:02 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (09/01/2016 01:11:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 Avgloga Avguniva discache spldr Wanarpv6 Error: (09/01/2016 01:11:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2016 01:11:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentage of memory in use: 77% Total physical RAM: 6022.16 MB Available physical RAM: 1337.81 MB Total Virtual: 12042.5 MB Available Virtual: 5229.23 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:839.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D303AB00) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
AlexSmith Posted September 3, 2016 ID:1059918 Share Posted September 3, 2016 Thanks for posting all of that info. My first suggestion here is to see if removing AVG changes any of the symptoms. I would also recommend removing and reinstalling the latest version of Java and Flash. Try that and let me know if the issue goes away. As far as the SSID thing goes, I wouldn't worry about that. Looks like someone nearby likes to have a unique and secure SSID that you can't easily pinpoint who it belongs to. It's certainly not a sign of a hacker or anything of that nature. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 3, 2016 Author ID:1059919 Share Posted September 3, 2016 Thanks. By the way, AVG sold me an AVG PC Tune Up program. I initially thought I was just upgrading their "Free" anti-virus. I was wrong as it's a different program. I also have Malwarebytes "Free" antivirus and want to upgrade that. Can I "assume" I'm better off getting rid of everything but Malwarebytes? I'll let you know later if the symptoms go away. Link to post Share on other sites More sharing options...
AlexSmith Posted September 3, 2016 ID:1059923 Share Posted September 3, 2016 18 minutes ago, ArizonaEagle said: Thanks. By the way, AVG sold me an AVG PC Tune Up program. I initially thought I was just upgrading their "Free" anti-virus. I was wrong as it's a different program. I also have Malwarebytes "Free" antivirus and want to upgrade that. Can I "assume" I'm better off getting rid of everything but Malwarebytes? I'll let you know later if the symptoms go away. AVG has been interesting lately. That's for sure. The Tune Up program isn't really going to help keep your PC secure and it may or may not actually improve the performance of your PC. As far as proper protection goes, it's good to have a multi-layered approach to help prevent malware from effecting you. So that means keeping your PC up to date (e.g. latest updates and drivers) in conjunction with having a good anti-malware solution, a good anti-exploit solution, a good anti-virus solution, and a solid data backup solution (local and in the cloud with versioning support). Personally, we offer the best anti-malware and anti-exploit protection out their with our Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium. We are also working on a new anti-ransomware product that will change the industry in my mind. If you want to know more, check out the FAQs in the Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit sections of the forums. Currently though, you need to bring along your own anti-virus solution as our products do not provide a traditional anti-virus engine. That could be something from Kaspersky, Bit Defender, Webroot, or even AVG. That choice is up to you. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 6, 2016 Author ID:1060458 Share Posted September 6, 2016 Hi Alex, I didn't want to bother you over the weekend. Just to let you know I still have all the same "problems." All 3 platforms. Before I run CC Cleaner, or some other cleanup, is there anything you'd want me to do? Thanks. Link to post Share on other sites More sharing options...
AlexSmith Posted September 6, 2016 ID:1060463 Share Posted September 6, 2016 Can you post a fresh set of logs? Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 6, 2016 Author ID:1060469 Share Posted September 6, 2016 Here ya' go... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Arizona Eagle (administrator) on ARIZONAEAGLE-PC (06-09-2016 09:15:53) Running from C:\Users\Arizona Eagle\Downloads Loaded Profiles: Arizona Eagle (Available Profiles: Arizona Eagle) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () Q:\140066.enu\Office14\WINWORDC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () Q:\140066.ENU\OFFICE14\OffSpon.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64(2).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\RunOnce: [Uninstall C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64" HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\...\RunOnce: [Uninstall C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5849.0427" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Arizona Eagle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{978EA2B4-9D05-40C7-B460-6E329CF28234}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{FDE6EDD0-0090-4794-8F0E-7EF701D9C6C7}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ HKU\S-1-5-21-1018525127-3197894228-3462546734-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1 SearchScopes: HKLM -> DefaultScope {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Arizona Eagle\AppData\Roaming\Mozilla\Firefox\Profiles\07y94zzs.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1018525127-3197894228-3462546734-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Arizona Eagle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-16] (Citrix Online) FF Extension: (Yahoo! Toolbar) - C:\Users\Arizona Eagle\AppData\Roaming\Mozilla\Firefox\Profiles\07y94zzs.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-08-26] [not signed] Chrome: ======= CHR Profile: C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11] CHR Extension: (Google Docs) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11] CHR Extension: (Google Drive) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (YouTube) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (Google Search) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Google Sheets) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11] CHR Extension: (Google Docs Offline) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Gmail) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27] CHR Extension: (Chrome Media Router) - C:\Users\Arizona Eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4878096 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [49424 2016-08-19] (AVG Technologies CZ, s.r.o.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-07] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-06 09:15 - 2016-09-06 09:15 - 02397696 _____ (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64(2).exe 2016-09-03 12:26 - 2016-09-03 12:26 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Roaming\Sun 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\Users\Arizona Eagle\AppData\LocalLow\Sun 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\Users\Arizona Eagle\.oracle_jre_usage 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\ProgramData\Oracle 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-03 12:26 - 2016-09-03 12:26 - 00000000 ____D C:\Program Files (x86)\Java 2016-09-02 16:58 - 2016-09-02 16:59 - 00033683 _____ C:\Users\Arizona Eagle\Downloads\Addition.txt 2016-09-02 16:56 - 2016-09-06 09:15 - 00018067 _____ C:\Users\Arizona Eagle\Downloads\FRST.txt 2016-09-02 16:56 - 2016-09-06 09:15 - 00000000 ____D C:\FRST 2016-09-02 16:49 - 2016-09-02 16:55 - 02397696 _____ (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64(1).exe 2016-09-02 16:44 - 2016-09-02 16:45 - 02397696 _____ (Farbar) C:\Users\Arizona Eagle\Downloads\FRST64.exe 2016-09-01 13:11 - 2016-09-01 13:11 - 00057290 _____ C:\Windows\ntbtlog.txt 2016-09-01 13:07 - 2016-09-01 13:07 - 00014371 _____ C:\Users\Arizona Eagle\Downloads\Lay Mission - Small Group Roster.xlsx 2016-09-01 12:57 - 2016-09-01 12:57 - 02738911 _____ C:\Users\Arizona Eagle\Downloads\Lay Vocation - Course Reader - 2016_08_12 (1).pdf 2016-08-31 21:03 - 2016-08-31 21:03 - 02738911 _____ C:\Users\Arizona Eagle\Downloads\The Lay Vocation - Course Reader - 2016_08_12.pdf 2016-08-30 18:30 - 2016-08-30 18:30 - 00014359 _____ C:\Users\Arizona Eagle\Downloads\Small group roster.xlsx 2016-08-24 22:37 - 2016-08-26 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-24 19:49 - 2016-08-24 19:49 - 00000000 ____D C:\Users\Arizona Eagle\Documents\New folder 2016-08-23 09:22 - 2016-08-19 16:30 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll 2016-08-23 09:22 - 2016-08-19 16:30 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll 2016-08-20 12:40 - 2016-08-20 12:40 - 00005653 _____ C:\Users\Arizona Eagle\Documents\Envelope - Lay Mission Project.odt 2016-08-16 14:02 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-16 14:02 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-10 01:27 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 01:27 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 01:27 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 01:27 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 01:27 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 01:27 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 01:27 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 01:27 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 01:27 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 01:27 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 01:27 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 01:27 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 01:27 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 01:27 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 01:27 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 01:27 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 01:27 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 01:27 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 01:27 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 01:27 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 01:27 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 01:27 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 01:27 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 01:27 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 01:27 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 01:27 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 01:27 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 01:27 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 01:27 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 01:27 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 01:27 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 01:27 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 01:27 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 01:27 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 01:27 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 01:27 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 01:27 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 01:27 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 01:27 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 01:27 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 01:27 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 01:27 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 01:27 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 01:27 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 01:27 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 01:27 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 01:27 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 01:27 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 01:27 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 01:27 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 01:27 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 01:27 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 01:27 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 01:27 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 01:27 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 01:27 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 01:27 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 01:27 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 01:27 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 01:27 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 01:27 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 01:27 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 01:27 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 01:27 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 01:27 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 01:27 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 01:27 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 01:27 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 01:27 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 01:27 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 01:27 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 01:27 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 01:27 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 01:26 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 19:32 - 2016-08-09 19:32 - 00261467 _____ C:\Users\Arizona Eagle\Downloads\Enterprise - Employment Application.xml 2016-08-08 20:39 - 2016-08-08 20:40 - 09532228 _____ C:\Users\Arizona Eagle\Downloads\FALL SCRIPTURE POSTER (1).pptx 2016-08-08 20:39 - 2016-08-08 20:39 - 09532228 _____ C:\Users\Arizona Eagle\Downloads\FALL SCRIPTURE POSTER.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-06 09:01 - 2016-07-28 14:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e91adabeeed1.job 2016-09-06 08:48 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-06 08:48 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-05 15:01 - 2016-07-28 14:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e91ada987a81.job 2016-09-05 14:02 - 2014-09-08 14:05 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2016-09-05 14:00 - 2014-09-09 12:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher 2016-09-05 14:00 - 2014-09-08 14:05 - 00003478 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2016-09-05 13:01 - 2012-06-01 09:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-09-03 12:26 - 2014-09-08 12:02 - 00000000 ____D C:\Users\Arizona Eagle 2016-09-03 12:22 - 2014-09-08 14:05 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Local\Adobe 2016-09-03 12:22 - 2012-06-01 09:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-03 12:22 - 2012-06-01 09:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-03 12:19 - 2012-06-01 09:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-09-03 12:19 - 2012-06-01 09:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-09-03 12:16 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-02 18:52 - 2015-10-08 21:28 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Local\Avg 2016-09-02 18:52 - 2015-10-08 21:28 - 00000000 ____D C:\ProgramData\MFAData 2016-09-02 18:51 - 2014-09-08 14:21 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Roaming\SoftGrid Client 2016-09-01 17:38 - 2014-09-08 12:02 - 00059280 _____ C:\Users\Arizona Eagle\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-01 13:16 - 2015-08-07 13:58 - 00000000 ____D C:\Users\Arizona Eagle\AppData\Local\ElevatedDiagnostics 2016-08-26 13:41 - 2014-09-18 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-25 23:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-08-23 18:19 - 2014-09-08 14:05 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2016-08-23 09:22 - 2016-04-23 21:14 - 00002554 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2016-08-23 09:22 - 2016-04-23 21:14 - 00002542 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2016-08-23 09:22 - 2016-04-23 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2016-08-21 18:00 - 2014-09-08 14:05 - 00004298 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-08-19 16:35 - 2016-04-23 21:14 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe 2016-08-18 06:52 - 2016-02-24 19:20 - 00012140 _____ C:\Users\Arizona Eagle\Downloads\Budget 2016 Bob.xlsx 2016-08-10 03:21 - 2009-07-13 21:45 - 00265800 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-08 15:03 - 2014-09-08 14:15 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 15:02 - 2014-09-08 14:15 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk Some files in TEMP: ==================== C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_081548299606.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08156298752.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_081927633790.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08479216649.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08556981622.exe C:\Users\Arizona Eagle\AppData\Local\Temp\avguirn_08638982554.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-05 01:41 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
AlexSmith Posted September 6, 2016 ID:1060485 Share Posted September 6, 2016 (edited) According to the logs AVG is still on here. Specifically the Tune Up software. Please remove that and let me know if that helps. Also, do you need custom DNS and DHCP settings to access something? Just asking in case that's the problem. Edited September 6, 2016 by AlexSmith Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 6, 2016 Author ID:1060510 Share Posted September 6, 2016 I don't want to sound like a dummy, but what is custom DNS and DHCP? Meanwhile, I'll get rid of the AVG Tune Up software. I wonder if AVG will give me a refund?? That's the thing I paid $39.99 for thinking I was buying their upgrade Anti-Virus. It may take several hours to know if it helps. I know my PC was acting up prior to the purchase of the AVG Tune Up program. I'll get back to you later today... Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 6, 2016 Author ID:1060528 Share Posted September 6, 2016 That didn't take long... Problem still happening... Link to post Share on other sites More sharing options...
AlexSmith Posted September 6, 2016 ID:1060532 Share Posted September 6, 2016 (edited) Great question!! Your DNS Server settings are what Windows uses to find sites on the internet. It translates the friendly website name to the actually ip address of the website server. So it translates google.com to the actual ip address where google's servers actually reside. With that being said, the logs above show that DNS on your pc is set to a manual setting which may be the root problem here. You will want to set your network connection to automatically obtain the DNS Server settings. The following link has directions: http://www.thewindowsclub.com/how-to-change-dns-settings-in-windows-7-vista Edited September 6, 2016 by AlexSmith Auto correct hates me Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 7, 2016 Author ID:1060720 Share Posted September 7, 2016 Again... Problem persists. FYI - Both the IP and DNS settings were set at: "Obtain ( both IP address & DNS server) automatically. I switched to 8.8.8.8. 8.8.4.4. Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 8, 2016 Author ID:1060750 Share Posted September 8, 2016 I'm getting pretty fed up with the IE errors. I post a lot on MLB. I get part way through a post and IE decides to "stop working." A box shows up stating that IE has stopped working, I can't post and when I click the box "X," - POOF..., my post disappears!! It's just as bad as it was... I reset the DNS back the way it was. IE was worse... Link to post Share on other sites More sharing options...
ArizonaEagle Posted September 8, 2016 Author ID:1060826 Share Posted September 8, 2016 Last night I ran Malwarebytes twice, just to see if anything was 'there.' The first time I got 26 "PUP.Optional.MindSpark.Generic." The location is: C:\Users\ArizonaEagle\App...\07y94zzs.default\prefs.js The second time I got 25 of these. They are all identical. I never got these before. Also, I'm running without any anti-virus right now. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 9, 2016 Root Admin ID:1061030 Share Posted September 9, 2016 Hello @arizona I'm going to move your topic into the Malware Removal section of the forum and assist you there. We'll run through some scans and cleanup and reset some items that should fix you up. Link to post Share on other sites More sharing options...
Recommended Posts