Jump to content

Recommended Posts

Hello,  I'm working on my parent's computer.  Thought I could do a couple of scans to help them.  Laptop was running slow, had .dll error popups all the time, computer/printer both had trouble with going offline, found privacy settings all messed up.

I'm infected - What do I do now?

By AdvancedSetup, January 9, 2009 in Windows Malware Removal Help & Support

So, I just read the post (above) which states to not use file cleaners with .dll issues.  Hope I haven't made this too complicated. 

Here is what I've done today:

Ran CC Cleaner, Avast anti-virus, Malwarebytes, AdwCleaner and Farbar recovery tool.  That's when I searched for help on the .dll popups that are still showing.  Results from the Farbar recover tool are below.  You help is very appreciated!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by RogerandCarolyn (administrator) on LAPTOP (SAMSUNG ELECTRONICS CO., LTD. 300E4C/300E5C/300E7C) (05-01-2020 17:39:47)
Running from C:\Users\RogerandCarolyn\Downloads
Loaded Profiles: UpdatusUser & RogerandCarolyn & Administrator (Available Profiles: UpdatusUser & RogerandCarolyn & Administrator)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\RogerandCarolyn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters).
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-915191271-1565821320-4066514102-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-06-09]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-29]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2017-09-09]
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (Creative Home) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0229FE54-7F8A-4BC6-8537-3DA5534C0EE6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {09F2290E-D290-4D75-968A-A01D57EC7484} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {169A8CEA-644B-4105-8DC0-8912C1B116B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1444144 2019-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {20AC35B9-11EA-4A35-84C2-513D4DE19148} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2F3E51CA-AC61-4F19-B47B-8B6BD8E9007E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {54674A86-B0C3-46F4-A94E-8F34D4E18DDB} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {54F80910-2D15-44F1-B969-89D3021B16C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {62FEA6D2-E391-48D0-B4FB-8C8B131ECBB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {73FDB1F2-1D92-442C-BB66-78A83C324646} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7706032A-1383-4805-A3AE-E982C4F0FDED} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {77442580-C398-4990-9B8C-2C290E12D2A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {82094149-3D9B-4666-BAB6-9CECBAEF5B92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {8D7F7842-6FD8-4608-9824-A15C770F3697} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {A3DE6797-CD46-4EDB-94F5-D8639455F33E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF96A4F6-DAB9-4E14-9069-1049D93CF99E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C009E4B1-C0A2-4E49-BF0F-9FFDFCE44373} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {D4511157-15F2-40FF-AF0E-F0CDD3D20B9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D60D7324-82FF-4B34-B28F-FCED0F591001} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {E69ECF15-7D26-4E30-945F-D56A5A286DF7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8D9ACB5-F922-4BB3-9DBC-BA142B750476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.)
Task: {FCBBCA1C-EFA4-4C13-9F73-2042BB2B1042} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66474192-536a-496c-b883-07f40842719c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bffff08d-c055-465c-aa62-134bdd9f70fe}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://inebraska.com/
HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://outlook.live.com/owa/?path=/mail/inbox/rp","hxxps://www.facebook.com/","hxxps://www.facebook.com/melissa.dorpinghaus.1/media_set?set=a.10205317837064033.1073741840.1791145513&type=3"
CHR DefaultSearchURL: Default -> hxxps://www.searchsecurepro.co/search.php?type=search&id=MTI4NzU&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://auto.searchsecurepro.co/autocomplete.js?omni=true&appId=MTI4NzU&q={searchTerms}
CHR Notifications: Default -> hxxps://justforchill.com; hxxps://search.hgetrecipes.com; hxxps://www.facebook.com; hxxps://www.yumrecipefinder.com
CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default [2020-01-05]
CHR Extension: (Slides) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Web) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhckedkghbciendefbknenmokkgcnfa [2019-11-28]
CHR Extension: (Docs) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11]
CHR Extension: (YouTube) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-11]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-25]
CHR Extension: (Sheets) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avast Online Security) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-21]
CHR Extension: (CouponViewer Add-On) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpabcakadbfmhiinljgodpkdeolfchlo [2019-10-01]
CHR Extension: (Classic Blue) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13]
CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-05]
CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-20] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-01-20] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-05 17:29 - 2020-01-05 17:29 - 002272256 _____ (Farbar) C:\Users\RogerandCarolyn\Downloads\FRST64 (1).exe
2020-01-05 17:26 - 2020-01-05 17:26 - 000000000 ___HD C:\OneDriveTemp
2020-01-05 17:22 - 2020-01-05 17:22 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-05 17:22 - 2020-01-05 17:22 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-05 17:02 - 2020-01-05 17:04 - 008237744 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\adwcleaner_8.0.1.exe
2020-01-05 16:53 - 2020-01-05 16:53 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\cache
2020-01-05 16:48 - 2020-01-05 16:48 - 001883976 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\MBSetup.exe
2020-01-04 08:26 - 2020-01-04 08:26 - 000080475 _____ C:\Users\RogerandCarolyn\Documents\Merry Christmas and Happy 2020.pdf
2019-12-16 05:24 - 2019-12-16 05:24 - 000093629 _____ C:\Users\RogerandCarolyn\Downloads\Pics.zip
2019-12-15 17:16 - 2019-12-15 17:16 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-15 17:16 - 2019-12-15 17:16 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-15 17:15 - 2019-12-15 17:15 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-15 17:15 - 2019-12-15 17:15 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-15 17:15 - 2019-12-15 17:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-15 17:14 - 2019-12-15 17:14 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-15 17:14 - 2019-12-15 17:14 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-15 17:14 - 2019-12-15 17:14 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-15 17:14 - 2019-12-15 17:14 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-15 17:14 - 2019-12-15 17:14 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-15 17:14 - 2019-12-15 17:14 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-05 17:41 - 2019-10-28 11:54 - 000026134 _____ C:\Users\RogerandCarolyn\Downloads\FRST.txt
2020-01-05 17:40 - 2019-10-28 11:53 - 000000000 ____D C:\FRST
2020-01-05 17:33 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-05 17:27 - 2018-06-27 12:01 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\AVAST Software
2020-01-05 17:26 - 2016-02-06 15:02 - 000000000 ___RD C:\Users\RogerandCarolyn\OneDrive
2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\UpdatusUser
2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\Administrator
2020-01-05 17:22 - 2019-11-11 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-05 17:21 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-01-05 17:19 - 2015-03-29 17:30 - 000000000 ____D C:\Users\RogerandCarolyn\Desktop\PC Fixes (Julie)
2020-01-05 17:07 - 2014-10-16 18:41 - 000000000 ____D C:\AdwCleaner
2020-01-05 17:01 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-05 16:50 - 2019-08-04 16:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-05 16:50 - 2019-08-04 16:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-05 16:48 - 2018-01-30 07:50 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\Packages
2020-01-05 16:09 - 2019-08-04 17:24 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Computer Maintenance
2020-01-05 16:08 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-05 15:56 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-04 08:30 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Outlook Files
2019-12-31 06:08 - 2019-11-11 07:25 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-12-29 09:51 - 2019-11-11 07:26 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915191271-1565821320-4066514102-1002
2019-12-29 09:51 - 2019-11-11 07:25 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2019-12-29 09:51 - 2019-11-11 07:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-29 09:51 - 2019-11-11 07:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-29 09:51 - 2019-11-11 07:25 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-29 09:51 - 2019-11-11 07:25 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-12-29 09:51 - 2019-11-11 07:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2019-12-29 09:39 - 2019-11-11 06:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-23 06:17 - 2017-04-05 13:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-23 06:13 - 2018-04-04 03:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-21 05:42 - 2019-11-11 06:57 - 000000000 ____D C:\Users\RogerandCarolyn
2019-12-18 06:53 - 2017-02-11 12:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-17 09:41 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\F8CC88CE-444A-405B-B5DC-FF6B9FD95DFF.aplzod
2019-12-17 07:50 - 2017-03-26 01:09 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\ElevatedDiagnostics
2019-12-17 07:12 - 2018-02-10 14:05 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\PlaceholderTileLogoFolder
2019-12-15 17:41 - 2019-10-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther
2019-12-15 17:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-15 17:41 - 2018-06-27 13:34 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\CrashDumps
2019-12-15 17:39 - 2019-11-11 07:09 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-15 17:36 - 2013-01-16 19:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-15 17:35 - 2016-03-18 08:43 - 000000000 ___RD C:\Users\RogerandCarolyn\3D Objects
2019-12-15 17:32 - 2019-11-11 06:47 - 000537440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-15 17:28 - 2017-04-05 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-15 17:24 - 2017-04-05 16:07 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-15 17:23 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-15 16:14 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-15 16:07 - 2017-02-11 14:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-15 15:20 - 2019-11-11 07:25 - 000004294 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update

==================== Files in the root of some directories ========

2018-06-27 13:06 - 2018-06-27 13:06 - 000007628 _____ () C:\Users\RogerandCarolyn\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

------------------------------------------------------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by RogerandCarolyn (05-01-2020 17:43:32)
Running from C:\Users\RogerandCarolyn\Downloads
Windows 10 Home Version 1903 18362.535 (X64) (2019-11-11 13:27:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-915191271-1565821320-4066514102-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-915191271-1565821320-4066514102-503 - Limited - Disabled)
Guest (S-1-5-21-915191271-1565821320-4066514102-501 - Limited - Disabled)
RogerandCarolyn (S-1-5-21-915191271-1565821320-4066514102-1002 - Administrator - Enabled) => C:\Users\RogerandCarolyn
UpdatusUser (S-1-5-21-915191271-1565821320-4066514102-1001 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-915191271-1565821320-4066514102-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Hallmark Print Studio (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.1.10 - Creative Home)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [2019-10-23] (eyeo GmbH)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\RogerandCarolyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a253f58d8885b1\Adblock Plus - free ad blocker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cfhdojbkjhnklbpkdaibdccddilifddb

==================== Loaded Modules (Whitelisted) =============

2018-06-09 11:07 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2019-03-24 06:24 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-03 19:25 - 2019-01-04 12:06 - 000000833 _____ C:\WINDOWS\system32\drivers\etc\hosts

2017-11-24 07:57 - 2017-11-24 08:02 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RogerandCarolyn\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
HKU\S-1-5-21-915191271-1565821320-4066514102-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B85FB4F1-652C-4F51-BC88-906444C1B106}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2FC7D647-01ED-459A-99CD-232F4B8092B4}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{0E52EBE8-CF58-4ECB-96EA-BF3FB3C8B2CA}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A74FB5AF-1697-42E8-A9B4-72FAF368CC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F39B3152-559E-41A2-A457-7D30288BE67C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32B9E7A8-A7D4-4694-9261-43B1291FAFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5CDCF021-BE3C-40E3-AF16-5122300471E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1268FE7-A3B6-41FF-8D8D-124CBFBE9A8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC9ABA8A-8F06-4868-8519-4C114298CCE7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{40D6534E-5B8C-4E5B-87D0-65840E8C371E}] => (Allow) LPort=5357
FirewallRules: [{D26D81C3-C41C-40CA-B327-8281965DC3B2}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{EAB14282-B89B-4BFD-9BCF-96B0DDCCDE8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-12-2019 09:32:41 Scheduled Checkpoint
15-12-2019 16:46:43 Removed HP Dropbox Plugin
23-12-2019 07:38:11 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/05/2020 05:43:36 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/05/2020 05:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.449, time stamp: 0xd42474b6
Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea
Exception code: 0xc0000005
Fault offset: 0x000000000019f64b
Faulting process id: 0xaf0
Faulting application start time: 0x01d5c41f03424ae8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll
Report Id: 28891c56-6d86-4ebd-9068-7f20283dbe3d
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/05/2020 05:10:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5172,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/05/2020 05:01:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/05/2020 04:25:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 28144 and the required size was 33408.

Error: (01/05/2020 04:00:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000204
Faulting process id: 0x23a4
Faulting application start time: 0x01d5c4137559b351
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: cbf7c28b-843a-460d-83f9-418cab5a1f61
Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Laptop.local already in use; will try Laptop-2.local instead

Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 Laptop.local. AAAA FE80:0000:0000:0000:6C2D:A807:C972:C9D0


System errors:
=============
Error: (01/05/2020 05:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.1778.0).

Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/05/2020 05:21:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)
Description: The server {8ED5875F-5DC0-11E4-B843-005056C00008} did not register with DCOM within the required timeout.

Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop)
Description: The server {8ED58760-5DC0-11E4-8336-005056C00008} did not register with DCOM within the required timeout.

Error: (01/05/2020 05:12:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CleanupPSvc service.


Windows Defender:
===================================
Date: 2020-01-02 08:22:42.325
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7F0F726A-B4E5-46A6-AA8E-B02A0F6B94FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-29 07:25:15.491
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.1352.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2020-01-05 17:39:00.384
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:39:00.378
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:38:57.249
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:38:57.235
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:33:39.132
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:33:39.061
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:33:37.417
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-05 17:33:37.410
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: Phoenix Technologies Ltd. P09RAP 11/01/2013
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP300E5C-A06US
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 3795.54 MB
Available physical RAM: 1333.53 MB
Total Virtual: 5011.54 MB
Available Virtual: 2547.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:272.54 GB) (Free:227.84 GB) NTFS

\\?\Volume{d56f1b01-047a-4f3c-9a45-8a1882843cc6}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{8e1dffc5-821a-4ebc-bcc5-4ba3091fc763}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS
\\?\Volume{51cb7d1c-3d4c-4c1b-b9f0-972755c35fe9}\ (SAMSUNG_REC2) (Fixed) (Total:23.15 GB) (Free:1.1 GB) NTFS
\\?\Volume{347b6fb9-62bc-4bd7-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.27 GB) FAT32
\\?\Volume{d68c5adc-790b-48a8-8648-2585bfbbb17e}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 467FC636)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

Link to post
Share on other sites

Hi,  @jammin67      :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.    Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

You mentioned this laptop had .dll error popups all the time    Is it just 1 DLL ?  or different DLL 's ?

and when do these "show up "?   For example,  when running some web browser ?

Which specific program is attempting to run whan that occurs?    I would like some fuller details.

ALSO

Can you get a screen grab of that window with that "message" ?

Use the following how-to article  ( "take a Screenshot on Windows" )
https://lifehacker.com/how-to-take-a-screenshot-or-picture-of-whats-on-your-co-5825771

 

I would appreciate that.

.

Also, let us do this.

This procedure will use the Windows System File Checker tool  ( SFC ).

 

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is

To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )

On that command prompt,  Copy & Paste this command

sfc /scannow

 

Have lots of patience.  Let it run to completion, no matter for how long.

 

Next,    Please start the Windows File Explorer  and go to the folder  C:\Windows\Logs\CBS

You will find the log-file CBS.log

with your mouse, click it one time so it has focus on the file.   Then do a right-click with the mouse on CBS.log and select "Send to Compressed Files folder".

It will show a message to the effect that the zip file will be created on the DESKTOP.

Proceed with the selection.   When done,  CBS.zip will be on Desktop.

Please attach the CBS.zip file with your reply.

.

Notes:  I notice from the Farbar FRST report that Windows Defender seems to be failing to update.

I also notice that Windows Update has some failures.

 

Know that the Farbar FRST is just a report.  What has Adwcleaner reported ?   What has the last Malwarebytes for Windows scan reported ?

What has Avast antivirus scan reported?

Had you just recently installed Avast ?    Did you buy Avast ?  or is this a free install?

 

We will do more after I get the CBS.log   and the screen grab.   Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

Sincerely.

Link to post
Share on other sites

You may call my Julie.  Please see my responses in red.

You mentioned this laptop had .dll error popups all the time    Is it just 1 DLL ?  or different DLL 's ? Multiple. Different.  See snips attached.

and when do these "show up "?  As soon as computer starts.  After closing (clicking on the "X" in upper right-hand corner), others popup.  There are less now, after the various scans done yesterday, than are showing up now.   For example,  when running some web browser ? Yesterday, yes some with running web browser.  Today, none with web browser.  Probably unrelated, but today I keep getting "2 Messages!" flashing on the tab of the browser on https://www.malwarebytes.com/ website.  There doesn't seem to be anything in my Malwarebytes inbox, or any new notifications.  ??

Which specific program is attempting to run whan that occurs?   See names of the snip attachments, for the order they appeared etc.  I would like some fuller details.

ALSO

Can you get a screen grab of that window with that "message" ? See snip attachments.

Use the following how-to article  ( "take a Screenshot on Windows" ) FYI, I'm pretty good with computers...just not an IT person.  :)
https://lifehacker.com/how-to-take-a-screenshot-or-picture-of-whats-on-your-co-5825771

I would appreciate that.

Also, let us do this.

This procedure will use the Windows System File Checker tool  ( SFC ).

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is

To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )

On that command prompt,  Copy & Paste this command

sfc /scannow

I assume it is now done.  See text below for last line on the screen of the sfc scan:


Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\WINDOWS\system32>

 

Have lots of patience.  Let it run to completion, no matter for how long.

Next,    Please start the Windows File Explorer  and go to the folder  C:\Windows\Logs\CBS

You will find the log-file CBS.log

with your mouse, click it one time so it has focus on the file.   Then do a right-click with the mouse on CBS.log and select "Send to Compressed Files folder".

It will show a message to the effect that the zip file will be created on the DESKTOP.

Proceed with the selection.   When done,  CBS.zip will be on Desktop.

Please attach the CBS.zip file with your reply. There were three items that said CBS.  I attached all three.  One said "persist" in the title from December sometime.  The other two files were from 1/5/2020 and this morning 1/6/2020.

Notes:  I notice from the Farbar FRST report that Windows Defender seems to be failing to update.

I also notice that Windows Update has some failures. I don't know about the Windows Update failures.  I do know that Farbar wouldn't update at first, so I restarted it and it seemed to work?

Know that the Farbar FRST is just a report.  What has Adwcleaner reported ?   Attached is the log from yesterday's Adwcleaner scan.  This does not list the PUP that I saw on that scan yesterday...something like PUP______Legacy??  I didn't write down exactly what I saw during the scan.

What has the last Malwarebytes for Windows scan reported ? It didn't find anything.  I don't see a report from that scan from yesterday. In the history though, we must have run in in 8/2019 and there are several things in quarantine.  It's not in a report or file, but if you want I could copy and paste it into a document.

What has Avast antivirus scan reported? When it was ran yesterday, it found nothing.  I could not find a report.  In settings, I guess the "generate report" was toggled to OFF.  I just changed that setting.

Had you just recently installed Avast ?    Did you buy Avast ?  or is this a free install? According to Installed Programs:  Avast Cleanup Premium was installed on 6/9/2018. Avast SecureLine installed on 3/24/19. (I don't even know what SecureLine is.)  Avast Premium Security installed on 11/11/19. 

Not sure the date, but my Dad recently signed up for Avast premium.  My Mom said yesterday, that my sister recently helped Dad to cancel the premium.  She said it was only a "free trial".  Computer still shows icons for premium, etc.  Not sure how we can correct this or clean up the Avast app now.

 

We will do more after I get the CBS.log   and the screen grab.   Please know I help here as a volunteer.  and that I am not on 24 x 7. Thank you so much for your time.  I have tried to help my parents before, but since they wouldn't let me take their laptop home, I had no way to follow through with Malwarebytes suggestions.  In fact, there are Farbar reports from 10/2019.  Let me know if you'd like to see them.

Also, we noticed a lot of apps by the Microsoft corporation.  They do have Office 365 with my sister.  Could this allow Microsoft to install all these apps that they won't ever use?  Examples: Voice Recorder, Camera, VP9 Video Extensions, Microsoft Pay, Movies & TV, Microsoft Wifi, Web Media extensions, Webp Image Extensions, Money, and more.  (Note: my Mom rarely uses MS Office. On my PC, I have Office 16.  I know eventually Microsoft is going to subscription only, but if it downloads all the needless apps, it seems like we will all eventually have problems.)

Along with the Microsoft apps, my parents mentioned that Microsoft calls them often and I don't think they answer the calls....but something about they want them to pay for this or that anything from $99 to $500.  Mom says they just don't answer.  I told her we need to get her laptop working first, then we will work with spam phone calls.  But, could they be related??

One more thing...Mom was very concerned about some kind of Intel update she believes must be done by 1/14/2020.  I just texted her to ask where she is getting this notification.  I don't see anything on her computer or in her email, etc.

Thank you again!!!!!

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

Sincerely.

dll_1 upon starting computer.png

dll_2 after snip open and after closing dll1.png

dll_3 after closing dll2.png

dll_4 after closing dll3.png

CBS (2).zip CBS.zip CbsPersist_20191223121121.zip AdwCleaner[C00]200105.txt

Link to post
Share on other sites

Hi  Julie.

I am writing this first real quick note because you mentioned your parents getting telephone calls from scammers.  Microsoft does not ever call consumers  ( unless it is agreed and pre-arranged).   What you described ARE scam calls from fraudulent persons.   Please make your parents & family to not fall for tech support scammers.

The fact that those callers mentioned money fees is a big real evidence of fraudsters.  Have them tell these folks to Never call your parents telephone.

Avoid tech support scams: This is a list of several articles about this topic.

This video features info from Microsoft and appears to be also sponsored by AARP. Well done and easy to understand.
This is "the link"

"Beware of US-based Tech Support Scams"

 

"see our Tech Support Scams – Help & Resource Page"

 

Plus these as well.
https://blog.malwarebytes.org/fraud-scam/2014/08/tech-support-scammers-rip-big-brand-security-software-with-fake-warnings/

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

Link to post
Share on other sites

[  message 2  for Monday ]

Julie,

The result of the SFC  ( system file checker app) is good.

The result of the Adwcleaner report was that only 1 item was detected & removed.   A adware type item on Chrome.   Savings Button: Deals + Cash Back

 

Advise the family to be real careful with what they do, what they accept while online.  Be wary of agreeing to "free stuff"  that they have not researched.

.

For the browser  programs:

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

DO the above for Chrome and for the EDGE browser.

 

[   2   ]

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

[  3   ]

Other suggestions, for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

 

[ 4 ]

NOTE:  Someone in the family would have installed Microsoft Office 365   ( you seem to indicate your sister ).   Or else, when the pc was new, the manufacturer may have included a Trial.

Microsoft does not push out apps / games.   But you should know that Windows 10 does include a certain set of built in apps.

This is to say, the hiccups of the DLL 's  is not from Microsoft pushing down stuff to your parent's machine.

[   5   ]

Do not be freaking out about the message for msvcp120.dll   /  msvcr120.dll

If needed, we can deal with that if they still happen.   Those are just notices by Windows that 1 or 2 DLL's  are having issues.  These are not indicators of a infection.

 

I would like to proceed with a mini cleanup.

This custom script is for  Jammin67  only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DOWNLOADS  folder

The tool named FRST64.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Desktop.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

and when you post back, tell me how Windows is doing over-all.

Fixlist.txt

Link to post
Share on other sites

Attached is the fix log.

Windows is much faster.  However, still have the .dll errors.  After the restart, they showed up on the screen before I'd even signed into the computer. 

I'm sure you'll direct, but was wondering about the failed windows updates you mentioned earlier. 

Also, do you have general guidance on the computer's settings for elderly people??  Or suggestions on maintenance?  I know what I do for my own computer, but I do not know how they surf the internet or in what way they introduce the vulnerabilities.  They don't seem to like me to run maintenance scans, etc until their computer is way slow and almost inoperable.  They will take your instructions as more important, than suggestions I make...since you do this for a living.

My father's computer will be obsolete after Microsoft ends support for Windows 7.  We're thinking of getting him a different device/laptop that would be easier for him.  He just likes to look at a few websites, such as the newspaper articles and some Facebook viewing, as well as basic email. Any suggestions?

Also, what about all those apps from Microsoft (Windows 10)?  Can we delete some of them??  

Thanks again for your help!

Fixlog.txt

Link to post
Share on other sites

And one more question...how do I correct the Avast app?  It is still installed as Premium, but they don't subscribe to the Premium anymore.  Do we uninstall and then install the correct free Avast anti-virus? 

Thank you

Link to post
Share on other sites

Thanks for the log.  The run was a good one.

 

This system runs Windows 10, which has the built in Windows Defender  antivirus.   It is a very capable antivirus.   Built-in and free.

Just uninstall the Avast.   Then restart Windows.   Windows Defender should then be on.

I would not go looking to uninstall Windows apps.

.

I can provide some general guidance for your relatives to follow, when we reach the end of the case.   And if you have done the suggestions 1, 2, 3   from above those are good starters.

As to your dad's  Windows 7 machine, it is possible to upgrade it to Windows 10 for free.  You just need to find out what the systemboard microprocessor is  & how much physical RAM memory is on it.    ( near the end of this case, you can run the Farbar FRST  on that machine  & that will  list the hardware secs.   just lets hold off for now).

If the hardware is capable & all he does is Email  & some basic web uses, he could well stay on same system.

.

As to the DLL messages, it is still not obvious the source that is causing that to trigger.

 

Let’s  please try to get and run a special  report  tool from Microsoft. 

It does not make changes. It will be just a report.

 

  • Please download Sysinternals Autoruns from here and save it to your desktop.
  • Note: you also need to do the following:
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK


Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

In the Autoruns Filter Options dialogue, verify that the following are unchecked, if they are checked, uncheck them:

  • Include empty locations
  • Hide Microsoft entries
  • Hide Windows entries


Verify that the following is checked, if it is unchecked, check it:

  • Verify code signatures


Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.


Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply

 

Thank you.

 

Link to post
Share on other sites

Attached is the autoruns report.  

The instructions you gave for checking/unchecking the properties wasn't accurate.  There was no compatibility tab, etc.  Hopefully the report was ran correctly, I tried to find all the specs to check/uncheck.

BTW, I work tomorrow and will not be available to check this forum until 5:00 p.m. CST.

Thank you!

LAPTOP 200106.zip

Link to post
Share on other sites

Hi.   I did get the zip file.   Unfortunately, I am not able to use the output.   Need for you to re-run the Autoruns.

Once open and scanning has finished, click File > Save and save the file. Zip it up and attach to your post.

.

On other factors on this machine,  there are a few things I would suggest to be done.

 

On the Adobe Acrobat Reader DC,  start it and then do using the menu > Help/Check for Updates
There are 4  old versions of Java installed on this system.  They all should be uninstalled so that they cannot be exploited.
Please uninstall  
Java 8 Update 121
Java 8 Update 161 
Java 8 Update 172 
Java 8 Update 201

For a how-to uninstall   on   Windows 10 , see this how-to:
https://www.cnet.com/how-to/how-to-uninstall-an-app-or-program-in-windows-10/


.
This system does not have a lot of Free space on the C drive.  My suggestion is to use the Microsoft Windows built in disk cleanup app called CLEANMGR

Disk cleanup in Windows 10

The main goal here is to free up disk space

 

  • To delete temporary files:

 

In the search box on the taskbar, type disk cleanup, and select Disk Cleanup from the list of results.

 

Select the drive you want to clean up, and then select OK.

 

Under Files to delete, select the file types to get rid of. To get a description of the file type, select it.

Be sure you select Temporary Internet Files

Recycle Bin

Temporary files

 

  • you should  also delete/cleanup  system files:

 

In Disk Cleanup, select Clean up system files.    ( that is on the grey button on bottom left )

 

Select the file types to get rid of. To get a description of the file type, select it.

 

Select OK.

 

.

Now then, on the issue of the DLL exception messages.   The theory is that this system somehow is missing the right version of a Microsoft Visual C++  DLL

What I would suggest is to download a package from Microsoft  and then to install it.

I would like for you to be sure to first SAVE  the download to the Downloads folder.

 

Go to this link at Microsoft    https://aka.ms/vs/16/release/vc_redist.x64.exe

Save the file.

Then go to the Downloads folder.   Double-click on the EXE  to begin the setup.

When done,  do a Windows Shutdown >  Restart.

Then lets see if the Windows loads up without any hiccups.

Sincerely,

 

Edited by Maurice Naggar
Link to post
Share on other sites

All instructions followed (except I haven't yet uninstalled Avast). 

When I restarted after the Microsoft update, there were three .dll errors before I could even sign in to the computer. 

Going to bed now.  I'll check after work tomorrow.  Thank you.

Link to post
Share on other sites

Hi Julie.

The DLL error messages are from "some"  auto-started application  that is set on this machine to be started along with each Windows startup.

Looking over all your reports, it is no yet clear which.   I and you are still on the hunt.

It is not a infection issue.  It does not mean that Windows itself is at risk.

 

I wanted to know whether you completed this prior suggestion

Quote

Go to this link at Microsoft    https://aka.ms/vs/16/release/vc_redist.x64.exe

Save the file.

Then go to the Downloads folder.   Double-click on the EXE  to begin the setup.

When done,  do a Windows Shutdown >  Restart.

Then lets see if the Windows loads up without any hiccups.

 

The uninstall of Avast is one other thing I suggest to also do.   One of the reasons being is that they include a add-on called PCTuneup which can cause friction.

I have a new custom cleanup that I would suggest to be done.   This one will remove the autorun of PcTuneup from Avast.

First please delete the prior FIXLIST.txt  file I had you save on the Downloads folder.

 

This custom script is for  Jammin67  only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DOWNLOADS  folder

The tool named FRST64.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Desktop.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

and when you post back, tell me how Windows is doing over-all.

.

Then, if you would, lets get a fresh readout from a different tool.

RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.

  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Fixlist.txt

Link to post
Share on other sites

Avast (3 apps) uninstalled.  After one was uninstalled, it said something about some parts need to be manually uninstalled.  

When laptop restarted, it acted like a Windows update.  Though it restarted last evening after the MS update from link you gave me, it started like normal.

Then, I've run the two scans and attached the three reports.

As for Windows, I'm still getting various dll error popups.  Otherwise, things seem to run much more efficiently.  The popups came up during the scans tonight, especially the FRST one.  (see snips attached.)

Thank you again!

dll_1 appeared right after FRST64 scan started.png

dll_2 apeared after closing dll1.png

dll_3 appeared after dll2 closed.png

dll4 appeared after dll3 closed.png

dll5 appeared after closing dll4.png

dll6 appeared after closing dll5.png

dll7 appeared after closing dll6.png

dll8 appeared after closing dll7.png

dll9 appeared after dll8.png

dllA appeared upon restart after FRST64 done.png

dllB appeared after dllA closed.png

dllC appeared after closing dllB.png

dllD.png

Fixlog.txt log.txt info.txt

Link to post
Share on other sites

Thanks for the screen grabs.   We do not need anymore of them.  They are all just about 2 DLLfiles.

The Fix run is good.   and thank you so much for the reports.

 

I would like to continue to simplify to the very barebones the automatically loaded applications.

There is a odd-looking program files listed under a Trendmicro folder

C:\Program Files\trend micro\RogerandCarolyn.exe

There is no installed TrendMicro software.

I wonder if in the past that this pc used to have TrendMicro antivirus.

.

To also help simplify,  I would like to not have the Hallmark Print planner  auto-loading at each Windows start.  That planner program can be started manually,  as needed.

 

I have a new custom cleanup that I would suggest to be done.  

First please delete the prior FIXLIST.txt  file I had you save on the Downloads folder.

 

This custom script is for  Jammin67  only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DOWNLOADS  folder

The tool named FRST64.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Desktop.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

and when you post back, tell me how Windows is doing over-all.

.

NOTE:  I would like for you to look at Windows'  Settings and see to it that Windows Defender  ( the native antivirus ) is enabled.

Click the Windows flag icon  ( start)  then click the Settings icon.

Then click on Update and Security.   then click Windows Security from the list on the left. Click on the "Open Windows Security" button.

Lets be sure that Windows Defender is enabled.

Since Avast antivirus was uninstalled,  the Windows Defender should be on.   The native Windows Defender is a excellent antivirus.

Thanks.

 

Fixlist.txt

Link to post
Share on other sites

Sorry about the delay.  Attached is the log you requested.

Windows Defender seems to be working.  Yes, all icons in the "Open Windows Security" are green.  

Still having multiple dll errors when computer starts, before sign on. 

Thank you

Fixlog.txt

Link to post
Share on other sites

Hi Julie.

Thank you for the log.  I regret the on-going DLL messages.   Alas, until  some definitive details become clear,  it appears you'll have to keep trucking along.

 

I had attempted a search for what was calling the DLL  but that did not pan out.   So I would like to have you try a alternate.

We will be using the same FRST64 that you have been using.

 

Start FRST64.
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button

SearchAll: msvcr120.dll;msvcp120.dll;msvcr120;msvcp120

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

Link to post
Share on other sites

Hi Julie.

This is intended as another way to get the right DLL files from Microsoft for the issue at hand.

It may be best to use the Edge browser for these download tasks.   The downloads are from the Microsoft Download Center.

They do take careful work to get  and setup.   Take good time when doing this.

The 1st download is for the Microsoft Visual C++  2015     ( ignore the Microsoft ad at the top.    we only just want to download)

go to this link  https://www.microsoft.com/en-us/download/details.aspx?id=52685

click the download button   and save the file to the system first.

When prompted for which one to download you need to select the one for  X86     vc_redist.x86.exe

Save the file.  Then go to where it is saved.   Then double click to start the setup.

.

Next, two more downloads to be done one at a time for the 2017 versions from Microsoft.   Save each download  & then run each to do actual setup.

32-bit
https://go.microsoft.com/fwlink/?LinkId=746571


64-bit
https://go.microsoft.com/fwlink/?LinkId=746572

 

Thanks  for your patience.

Sincerely,

Maurice

 

Link to post
Share on other sites

Yes both.  the 32-bit is for applications that are 32-bit

the 64-bit is for application that are 64 bit.

Yes, your Windows is 64 bit however, it is able to run 32 bit   as well as 64 bit application programs.

So yes, do both of those "two more"

I am really truly absolutely hoping that after all of these setups of the Visual C++ redistributables   ( which contain the DLL  s  needed)  that the bugabou DLL notices will cease.

The only real place to get them is at Microsoft.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.