Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old December 29th, 2017, 10:20 PM
mfhjr mfhjr is offline
Senior Member
 
Join Date: Oct 2004
Posts: 124
Laptop running very slow and very high CPU usage

My laptop seems to running slower with each passing day. When I start each day I now get a message at startup "This copy of Windows is not genuine" I get pass the message by hitting the ignore button and continue with startup. My CPU usage never seems to drop below 65% and Physical Memory is usually around 70%. I hope it is OK that I followed the lead of a few other posts and started with Downloading Farbar. I will of course follow your recommendations.

One other concern and not sure if it would pertain to this topic of not but I was wondering if it would be worthwhile to move up to Windows 10 at this time.

Thank you for any help and advise.
Reply With Quote
  #2  
Old December 29th, 2017, 11:06 PM
mfhjr mfhjr is offline
Senior Member
 
Join Date: Oct 2004
Posts: 124
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Tamara (administrator) on TAMARA-PC (29-12-2017 15:03:34)
Running from C:\Users\Tamara\Downloads
Loaded Profiles: Tamara (Available Profiles: Tamara)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\System32\hale.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\MSOFFICE.EXE
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Google Inc.) C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2017-07-23] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2170943235-3455674163-4249660097-1000\...\Run: [Google Update] => C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2017-10-20]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk [2017-10-20]
ShortcutTarget: Microsoft Office Shortcut Bar.lnk -> C:\Program Files (x86)\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2017-10-20]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5D819689-1E6F-474E-84E3-E000CAA3DD3B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{629F4BE7-AF20-4831-A5D5-85D8898A2FE2}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2170943235-3455674163-4249660097-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2170943235-3455674163-4249660097-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://olmkhmghgccllllkcdaeolfofdmleank/first.html"
CHR Profile: C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default [2017-12-29]
CHR Extension: (Slides) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-07-23]
CHR Extension: (YouTube) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-07-23]
CHR Extension: (Sheets) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-09-14]
CHR Extension: (My Quick Internet Links) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmkhmghgccllllkcdaeolfofd mleank [2017-07-23]
CHR Extension: (Gmail) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2014-11-25] ()
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2017-07-23] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-29] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslf3c80a2a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5522753E-1E1D-461B-9370-F517093CA3F5}\MpKslf3c80a2a.sys [58120 2017-12-29] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5088000 2016-09-06] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-29 15:03 - 2017-12-29 15:03 - 000011399 _____ C:\Users\Tamara\Downloads\FRST.txt
2017-12-29 14:05 - 2017-12-29 15:03 - 000000000 ____D C:\FRST
2017-12-29 14:04 - 2017-12-29 14:04 - 002391552 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe
2017-12-28 14:07 - 2017-12-28 14:07 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-28 14:06 - 2017-12-29 13:41 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-28 14:06 - 2017-12-29 09:12 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-28 14:06 - 2017-12-29 09:12 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-28 14:06 - 2017-12-29 09:12 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-28 14:06 - 2017-12-28 14:06 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-28 14:06 - 2017-12-28 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-28 14:06 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-28 14:05 - 2017-12-28 14:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-28 14:05 - 2017-12-28 14:05 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-28 14:04 - 2017-12-28 14:05 - 083316440 _____ (Malwarebytes ) C:\Users\Tamara\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-28 13:54 - 2017-12-28 13:54 - 000566128 _____ (Malwarebytes) C:\Users\Tamara\Downloads\mbam-clean-2.3.0.1001.exe
2017-12-18 10:23 - 2015-10-05 11:09 - 000006864 _____ C:\Windows\system32\Drivers\PBL.sys
2017-12-18 10:23 - 2015-10-05 11:09 - 000004681 _____ C:\Windows\system32\Drivers\PBR.sys
2017-12-18 10:22 - 2017-12-18 10:23 - 000000000 ____D C:\Users\Public\D-Link
2017-12-18 10:22 - 2017-12-18 10:22 - 000002021 _____ C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2017-12-18 10:22 - 2017-12-18 10:22 - 000000000 ____D C:\Windows\pcidevice
2017-12-18 10:22 - 2017-12-18 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2017-12-18 10:22 - 2017-12-18 10:22 - 000000000 ____D C:\Program Files (x86)\D-Link
2017-12-18 10:22 - 2016-09-06 11:49 - 005088000 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2017-12-18 10:22 - 2015-10-05 11:09 - 000006864 _____ C:\Windows\PBL.sys
2017-12-18 10:22 - 2015-10-05 11:09 - 000004681 _____ C:\Windows\PBR.sys
2017-12-15 18:28 - 2017-12-28 11:48 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-12-15 18:28 - 2017-12-15 18:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-15 18:28 - 2017-12-15 18:28 - 000000000 ____D C:\Users\Tamara\Documents\My Widgets
2017-12-15 18:10 - 2017-12-15 18:10 - 000291232 _____ C:\Windows\Minidump\121517-38516-01.dmp
2017-12-14 08:17 - 2017-12-28 12:48 - 000000000 ____D C:\Users\Tamara\AppData\Roaming\hpqLog
2017-12-14 08:17 - 2017-12-14 08:17 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2017-12-14 08:17 - 2017-12-14 08:17 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2017-12-13 07:12 - 2017-11-16 21:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 07:12 - 2017-11-14 18:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 07:12 - 2017-11-14 17:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-13 07:12 - 2017-11-13 20:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 07:12 - 2017-11-13 20:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 07:12 - 2017-11-13 20:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 07:12 - 2017-11-13 20:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 07:12 - 2017-11-13 20:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 07:12 - 2017-11-13 20:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 07:12 - 2017-11-13 20:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 07:12 - 2017-11-13 20:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 07:12 - 2017-11-13 20:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 07:12 - 2017-11-13 20:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 07:12 - 2017-11-13 20:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 07:12 - 2017-11-13 20:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 07:12 - 2017-11-13 20:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 07:12 - 2017-11-13 20:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 07:12 - 2017-11-13 20:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 07:12 - 2017-11-13 20:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 07:12 - 2017-11-13 20:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 07:12 - 2017-11-13 20:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 07:12 - 2017-11-13 20:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 07:12 - 2017-11-13 20:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 07:12 - 2017-11-13 20:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 07:12 - 2017-11-13 20:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 07:12 - 2017-11-13 20:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 07:12 - 2017-11-13 20:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 07:12 - 2017-11-13 20:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 07:12 - 2017-11-13 19:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 07:12 - 2017-11-13 19:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 07:12 - 2017-11-13 19:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 07:12 - 2017-11-13 19:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 07:12 - 2017-11-13 19:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 07:12 - 2017-11-13 19:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 07:12 - 2017-11-13 19:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 07:12 - 2017-11-13 19:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 07:12 - 2017-11-13 19:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 07:12 - 2017-11-13 19:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 07:12 - 2017-11-13 18:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 07:12 - 2017-11-13 18:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-13 07:12 - 2017-11-13 18:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-13 07:12 - 2017-11-13 18:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-13 07:12 - 2017-11-13 18:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 07:12 - 2017-11-13 17:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 07:12 - 2017-11-13 17:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-13 07:12 - 2017-11-07 13:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-13 07:12 - 2017-11-07 13:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-13 07:12 - 2017-11-07 13:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-13 07:12 - 2017-11-07 13:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-13 07:12 - 2017-11-07 13:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 07:12 - 2017-11-07 13:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-13 07:12 - 2017-11-07 13:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-13 07:12 - 2017-11-07 13:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-13 07:12 - 2017-11-07 13:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 07:12 - 2017-11-07 13:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 07:12 - 2017-11-07 13:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-13 07:12 - 2017-11-07 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-13 07:12 - 2017-11-07 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-13 07:12 - 2017-11-07 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-13 07:12 - 2017-11-07 13:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 07:12 - 2017-11-07 13:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-13 07:12 - 2017-11-07 13:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-13 07:12 - 2017-11-07 13:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-13 07:12 - 2017-11-07 13:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-13 07:12 - 2017-11-07 13:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-13 07:12 - 2017-11-07 13:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-13 07:12 - 2017-11-07 13:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 07:12 - 2017-11-07 13:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 07:12 - 2017-11-07 12:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-13 07:12 - 2017-11-07 09:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 07:12 - 2017-11-07 09:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 07:12 - 2017-11-04 08:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 07:12 - 2017-11-04 08:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 07:12 - 2017-11-04 08:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 07:12 - 2017-11-04 08:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 07:12 - 2017-11-02 09:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 07:12 - 2017-11-02 09:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 07:12 - 2017-11-02 09:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 07:12 - 2017-11-02 09:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 07:12 - 2017-11-02 08:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 07:12 - 2017-11-02 08:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 07:12 - 2017-11-02 08:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 07:12 - 2017-11-02 07:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 07:12 - 2017-10-16 16:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 07:12 - 2017-10-16 15:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 07:12 - 2017-10-11 17:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-09 09:48 - 2017-12-09 09:48 - 000000000 ___RD C:\Users\Tamara\Mirror
2017-12-09 09:46 - 2017-12-15 18:16 - 000000000 ____D C:\Users\Tamara\AppData\Roaming\Toolkit
2017-12-09 09:46 - 2017-12-09 09:46 - 000000933 _____ C:\Users\Tamara\Desktop\Toolkit.lnk
2017-12-09 09:46 - 2017-12-09 09:46 - 000000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk
2017-12-09 09:46 - 2017-12-09 09:46 - 000000000 ____D C:\Users\Tamara\AppData\Local\Seagate_Technology_L LC
2017-12-09 09:46 - 2017-12-09 09:46 - 000000000 ____D C:\Program Files (x86)\Toolkit
2017-12-09 09:45 - 2017-12-09 09:45 - 004526504 _____ (Seagate) C:\Users\Tamara\Downloads\SeagateToolkit.exe
2017-12-08 06:56 - 2015-07-16 12:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-12-08 06:56 - 2015-07-16 12:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-12-08 06:56 - 2015-07-16 12:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-12-08 06:56 - 2015-07-16 12:11 - 007077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-12-08 06:56 - 2015-07-16 12:11 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-12-08 06:56 - 2015-07-16 12:11 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-12-08 06:56 - 2015-07-11 06:15 - 000429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-12-08 06:56 - 2014-12-11 10:47 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-12-07 17:36 - 2017-03-07 07:05 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-12-07 17:36 - 2016-03-23 15:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-12-07 17:36 - 2016-03-23 15:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-12-07 17:23 - 2013-10-01 19:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-12-07 17:23 - 2013-10-01 19:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2017-12-07 17:23 - 2013-10-01 19:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2017-12-07 17:23 - 2013-10-01 18:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-12-07 17:23 - 2013-10-01 18:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-12-07 17:23 - 2013-10-01 18:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-12-07 17:23 - 2013-10-01 17:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-12-07 17:23 - 2013-10-01 17:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-12-07 17:23 - 2013-10-01 16:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-12-07 17:23 - 2013-10-01 15:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-12-07 17:21 - 2017-12-07 17:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_0100 9.Wdf
2017-12-07 17:20 - 2017-12-07 17:20 - 000000000 ____D C:\Program Files\CONEXANT
2017-12-07 17:18 - 2017-12-07 17:18 - 000000000 ____D C:\Program Files (x86)\Analog Devices
2017-12-07 17:16 - 2012-08-23 07:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-12-07 17:16 - 2012-08-23 07:08 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2017-12-07 17:16 - 2012-08-23 04:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-12-07 17:16 - 2012-08-23 03:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-12-07 17:09 - 2017-12-07 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-12-07 17:07 - 2017-12-07 17:07 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-12-07 17:07 - 2017-12-07 17:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-12-07 17:06 - 2017-12-28 12:49 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-12-07 17:06 - 2017-12-18 10:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-07 17:06 - 2009-04-29 07:48 - 000018432 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\HpqKbFiltr.sys
2017-12-07 17:06 - 2009-04-20 08:40 - 000011264 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\CPQBttn64.sys
2017-12-07 17:06 - 2006-11-02 06:04 - 001919968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01005.dl l
2017-12-07 17:05 - 2017-12-14 08:17 - 000000000 ____D C:\Windows\QLB
2017-12-07 16:56 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-12-07 16:56 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-12-07 16:56 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-12-07 16:56 - 2015-12-16 11:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-12-07 16:56 - 2015-12-16 11:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-12-07 16:56 - 2015-12-16 11:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-12-07 12:40 - 2017-12-07 12:41 - 000291176 _____ C:\Windows\Minidump\120717-75785-01.dmp
2017-11-30 06:50 - 2017-11-30 06:51 - 126851947 _____ C:\Users\Tamara\Downloads\IMG_6214.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-29 14:09 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-12-29 13:35 - 2009-07-13 21:45 - 000016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-29 13:35 - 2009-07-13 21:45 - 000016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-29 09:11 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-15 18:10 - 2017-09-26 20:27 - 000000000 ____D C:\Windows\Minidump
2017-12-14 08:00 - 2009-07-13 21:45 - 000281376 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-14 07:57 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-14 07:57 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 07:47 - 2017-08-31 07:41 - 000000000 ____D C:\Windows\system32\MRT
2017-12-14 07:44 - 2017-10-12 07:10 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-14 07:43 - 2017-08-31 07:40 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 18:11 - 2017-07-23 17:48 - 000002359 _____ C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Google Chrome.lnk
2017-12-13 18:11 - 2017-07-23 17:48 - 000002351 _____ C:\Users\Tamara\Desktop\Google Chrome.lnk
2017-12-09 09:48 - 2017-07-23 10:56 - 000000000 ____D C:\Users\Tamara
2017-12-09 09:46 - 2017-07-23 11:08 - 000062384 _____ C:\Users\Tamara\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-07 20:39 - 2017-07-23 11:11 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-07 20:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-07 17:11 - 2017-07-23 11:06 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-07 16:49 - 2009-07-13 22:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-02 12:20 - 2017-10-14 11:44 - 000002176 _____ C:\Users\Tamara\Documents\Oldinfo.TXT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-23 11:41

==================== End of FRST.txt ============================
Reply With Quote
  #3  
Old December 29th, 2017, 11:10 PM
mfhjr mfhjr is offline
Senior Member
 
Join Date: Oct 2004
Posts: 124
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Tamara (29-12-2017 15:04:11)
Running from C:\Users\Tamara\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-07-23 17:56:19)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-2170943235-3455674163-4249660097-500 - Administrator - Disabled)
Guest (S-1-5-21-2170943235-3455674163-4249660097-501 - Limited - Disabled)
Tamara (S-1-5-21-2170943235-3455674163-4249660097-1000 - Administrator - Enabled) => C:\Users\Tamara

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - Canon Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{5F1C0C6E-0E47-4D60-8971-6EF9FC439B8B}) (Version: 1 - D-Link)
Google Chrome (HKU\S-1-5-21-2170943235-3455674163-4249660097-1000\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.4 - Intel)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379 y) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.0.35.2 - Seagate)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2170943235-3455674163-4249660097-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2170943235-3455674163-4249660097-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2170943235-3455674163-4249660097-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tamara\AppData\Local\Google\Update\1.3.33 .7\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2014-11-25] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {74834FAE-88D2-4512-96DD-6FD14A97BCF7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {77EDA5CA-BF45-487B-821D-1A447B1A09EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2170943235-3455674163-4249660097-1000UA => C:\Users\Tamara\AppData\Local\Google\Update\Google Update.exe [2017-07-23] (Google Inc.)
Task: {90273229-ABB4-4250-A449-8FD10F801098} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2170943235-3455674163-4249660097-1000Core => C:\Users\Tamara\AppData\Local\Google\Update\Google Update.exe [2017-07-23] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-23 11:07 - 2014-11-25 16:15 - 002693448 _____ () C:\Windows\system32\nvwmi64.exe
2017-07-23 11:07 - 2016-01-29 03:49 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-28 14:06 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-28 14:06 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-23 11:07 - 2014-11-25 16:15 - 000710288 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2017-07-23 11:08 - 2017-07-23 11:08 - 002169856 ___SH () C:\Windows\System32\hale.exe
1997-07-10 23:00 - 1997-07-10 23:00 - 000051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2017-12-13 18:11 - 2017-12-05 21:24 - 004063064 _____ () C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\63.0.3239.84\libglesv2.dll
2017-12-13 18:11 - 2017-12-05 21:24 - 000099672 _____ () C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\63.0.3239.84\libegl.dll
1997-07-10 23:00 - 1997-07-10 23:00 - 003782416 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2170943235-3455674163-4249660097-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CC3DCF79-ECC2-498D-9EE4-E48E42A08650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5DCA6EC6-3502-4FF5-A0DC-FEE1713D5362}] => (Allow) LPort=2869
FirewallRules: [{A3153072-D2F1-4784-A261-F2C4EFFEEAFF}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{63435FC2-51DE-4BE3-9067-F40F95EB665A}C:\users\tamara\appdata\local\google\ chrome\application\chrome.exe] => (Allow) C:\users\tamara\appdata\local\google\chrome\applic ation\chrome.exe
FirewallRules: [UDP Query User{7AC353D4-60E2-4343-8364-E2037B824BA3}C:\users\tamara\appdata\local\google\ chrome\application\chrome.exe] => (Allow) C:\users\tamara\appdata\local\google\chrome\applic ation\chrome.exe
FirewallRules: [TCP Query User{65A7EA3D-9043-4588-B262-3816D0F7EAA1}C:\users\tamara\appdata\local\google\ chrome\application\chrome.exe] => (Block) C:\users\tamara\appdata\local\google\chrome\applic ation\chrome.exe
FirewallRules: [UDP Query User{F10A4324-E4BC-4366-8FB8-7F37F7C670C8}C:\users\tamara\appdata\local\google\ chrome\application\chrome.exe] => (Block) C:\users\tamara\appdata\local\google\chrome\applic ation\chrome.exe

==================== Restore Points =========================

18-12-2017 10:22:17 Installed D-Link DWA-171 Wireless AC Dual Band Adapter
20-12-2017 18:48:41 Windows Update
24-12-2017 20:58:29 Windows Update
28-12-2017 10:25:51 Windows Update
28-12-2017 12:49:36 HP Quick Launch Buttons

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2017 09:13:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 02:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 12:54:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 12:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_InstallShield, version: 16.0.0.400, time stamp: 0x4ab84bb7
Faulting module name: ISSetup.dll, version: 16.0.0.400, time stamp: 0x4ab84b70
Exception code: 0xc0000005
Fault offset: 0x000a7a6f
Faulting process id: 0x1604
Faulting application start time: 0x01d38014e2adcc4d
Faulting application path: C:\Users\Tamara\AppData\Local\Temp\{D6D2B058-7B93-43FC-8956-B8694B069BEC}\setup.exe
Faulting module path: C:\Users\Tamara\AppData\Local\Temp\{D6D2B058-7B93-43FC-8956-B8694B069BEC}\ISSetup.dll
Report Id: 22a3c328-ec08-11e7-9a96-001b387a387a

Error: (12/28/2017 11:18:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 63.0.3239.84 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad0

Start Time: 01d3760bc5b74a8d

Termination Time: 42757

Application Path: C:\Users\Tamara\AppData\Local\Google\Chrome\Applic ation\chrome.exe

Report Id: 4fc97331-ebfb-11e7-9a96-001b387a387a

Error: (12/24/2017 08:46:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/17/2017 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/15/2017 06:14:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/14/2017 08:01:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2017 07:19:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (12/29/2017 09:11:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (12/29/2017 08:44:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/29/2017 08:44:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/29/2017 08:43:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/29/2017 08:43:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/29/2017 08:42:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/29/2017 08:42:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/29/2017 08:42:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/29/2017 08:04:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/29/2017 08:04:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-12-07 15:13:54.187
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-07 15:13:54.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-07 12:40:39.335
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-07 12:40:39.288
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-17 06:38:06.512
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-17 06:38:06.449
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-16 08:58:31.622
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-16 08:58:31.529
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-14 09:56:12.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-14 09:56:12.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\C PQBttn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 4095.3 MB
Available physical RAM: 1747.29 MB
Total Virtual: 8188.79 MB
Available Virtual: 5568.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:21.94 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #4  
Old December 30th, 2017, 08:16 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello mfhjr and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Is your operating system original? Have you installed a new , operating system? Please tell me if it's original Windows system or pirated...

--------

Please do this following.


Download RogueKiller:
https://www.bleepingcomputer.com/download/roguekiller/

Select the version that applies to the system.
Save to the Desktop.

After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator

At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the drive: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
-------------------------------------------------------------

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Happy New Year to you and your family
Best regards
Reply With Quote
  #5  
Old January 4th, 2018, 12:32 AM
mfhjr mfhjr is offline
Senior Member
 
Join Date: Oct 2004
Posts: 124
Hello olgun52, thank you for the help.

When I first tried to run RougeKiller the process came up with some errors bur did not generate a log. I know that I asked the process to delete 3 or 4 errors or problems. I reran the setup from the beginning and this time it did produce a log but with no errors. I will attach both logs you have asked for. As far as the Windows Install, I know that the laptop had the original install from a few years back but the system crashed and someone rebuilt the install and I thought they re-installed the original but I guess not.

Once again thank you for the assist.

RogueKiller V12.11.31.0 (x64) [Jan 2 2018] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tamara [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/03/2018 15:17:36 (Duration : 00:25:56)

Processes : 0

Registry : 0

Tasks : 0

Files : 0

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST980825AS +++++
--- User ---
[MBR] 07d838d53d05bb786ae5f3f24f2dde33
[BSP] 6cc8b66dcb99ee5a5e444df68528afb2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Ricoh SD Disk Device +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )

ESET LOG:

C:\Users\Tamara\Downloads\Proggies\ICQPlus.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Tamara\Downloads\Proggies\setup_vlc.exe a variant of Win32/InstallCore.AF potentially unwanted application
C:\Users\Tamara\Downloads\Proggies\winrar3 b3\patch\Patcher.exe a variant of Win32/Tool.TPE.A potentially unsafe application
Reply With Quote
  #6  
Old January 4th, 2018, 12:36 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi mfhjr,

Quote:
As far as the Windows Install, I know that the laptop had the original install from a few years back but the system crashed and someone rebuilt the install and I thought they re-installed the original but I guess not.
Yes,I guess not the original.
===========================
Do not run MalwareBytes software in real time with other antivirus softwares. MalwareBytes is a software with antivirus feature.
--------------------------------------------------------------------
Uninstall: Yahoo.
-------------------------------------------

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb...w.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings
https://support.google.com/chrome/answer/3296214?hl=en

================================================== =============================


Please be sure to run our tools with administrator rights.

Next, downloadComboFix Save to the Desktop
  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.

Have a nice day.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Slow startup, slower browser, high memory/cpu usage, etc... miller1661 Malware Removal 1 July 24th, 2011 11:40 PM
Computer running very Slow - High Memory Usage wempower Malware Removal 8 November 8th, 2010 05:04 AM
laptop slows down with high CPU usage mihir4u_143 Malware Removal 11 September 6th, 2007 04:34 AM
(High CPU Usage when nothings running) Please Help. I've waited so long. tim_miles Windows XP 1 December 19th, 2006 03:39 PM
Slow startup, slow response, high CPU usage... Cheetah Malware Removal 1 September 8th, 2006 03:22 AM


All times are GMT +1. The time now is 05:48 PM.