Jump to content


Photo

Websites not loading on any browser


  • Please log in to reply
42 replies to this topic

#1 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 05 July 2017 - 01:39 PM

Hello! Thank you for your help!

 

My computer is using Windows Vista. And I am having trouble loading websites.

 

For example, currently I am able to load unbounce.com in Firefox normal mode, but not in the private mode.

 

(What happens is, the browser tries to go to the website, and it looks like it is trying to loading, but it never actually loads)

 

Another example, I am not able to load amazon.com. It does not load in either normal OR private mode.

 

I have also tried this in Chrome and IE, but the same problem arises.

 

ALSO -- sometimes when i try them, these websites DO load, but when I try to log in, the login pages fail to load. (it looks like they are trying to load, but they never actually do) (intermittent)

 

I can open some websites -- for example, I have no trouble opening spywareinforforum.com

 

(But when I try to download Farbar Recovery Scan Tool, it takes me to the website, but the download always fails - have tried it 10 times)

 

** By the way-  this problem is only apparent on my computer. My roomate's computer can open these websites without a problem. And my cell phone can load these websites without a problem .... we are all using the same internet in the same house)

 

ALSO - the problem is intermittent, sometimes I my browser does load certain websites, but when i try to load them again, they do NOT load. However,  Most of the times, i cannot load the pages.

 

 

Here is what I have tried:

 

1) Refreshing firefox. but the problem presists

 

2) Changing the dns to google's 8888 , 8844, but the problem presists

 

 

Again, because of this problem, I was not able to download Farbar Recovery Tool, so I am unable to post that log.

 

I have also tried to load the online scan tools websites, and none of them load for me.

 

Here are the other logs, thank you for your help!

 

 

UPDATE:

 

I have isolated the problem to be Avast! When I disable Avast, all websites load like normal.

I was also able to download FRST, so I am posting the logs now. Thanks for any additional help!

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/5/2017
Scan Time: 11:40:03 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.07.05.05
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: rick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245293
Time Elapsed: 21 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

///////////////

//////////////

//////////////

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 28th June, 2017
Running from:C:\Users\rick\Desktop (12:51:04 - 07/05/2017)
***---------------------------------------------------------***
Microsoft® Windows Vista™ Home Premium X86 Service Pack 2
UAC is Enabled
Internet Explorer 9
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Windows Defender (Disabled - Not up to Date)
Avast Antivirus (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 ActiveX (26.0.0.131)
CCleaner (5.26) ==> is out of Date
Google Chrome (49.0.2623.112) ==> is out of Date
Java (8.0.1310.11)
Malwarebytes (2.2.1.1043) ==> is out of Date
Microsoft Silverlight (5.1.50428.0)
Mozilla Firefox (52.2.1) ==> is out of Date
Spybot - Search & Destroy (2.4.40)

***----------------Analysis Complete-------------------------***

 

 

 

 

 

////////////////////

///////////////////

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2017
Ran by rick (administrator) on RICK-PC (06-07-2017 08:12:12)
Running from C:\Users\rick\Desktop
Loaded Profiles: rick (Available Profiles: rick)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [861744 2007-04-19] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2007-03-22] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-03] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe*/i*****72o
*c@cxcc¨
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [Google Update] => C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8DA2B145-41AD-46B6-B896-302199E21359}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{8DA2B145-41AD-46B6-B896-302199E21359}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\bmge7y44.default-1499261933772 [2017-07-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-28] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/O1DPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]
CHR Extension: (Google Docs) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]
CHR Extension: (Google Drive) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Facebook Pixel Helper) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2017-07-05]
CHR Extension: (Google Sheets) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-16]
CHR Extension: (Gmail) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-16] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-07-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-04-27] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-03] (AVAST Software)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR10N; C:\Windows\system32\drivers\kr10n.sys [207104 2005-09-27] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S4 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89792 2012-02-22] (McAfee, Inc.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-06 08:12 - 2017-07-06 08:12 - 00016564 _____ C:\Users\rick\Desktop\FRST.txt
2017-07-06 08:11 - 2017-07-06 08:12 - 00000000 ____D C:\FRST
2017-07-06 08:10 - 2017-07-06 08:10 - 01782272 _____ (Farbar) C:\Users\rick\Desktop\FRST.exe
2017-07-05 12:51 - 2017-07-05 12:52 - 00001068 _____ C:\Users\rick\Desktop\SALog.txt
2017-07-05 12:40 - 2017-07-05 12:40 - 00899584 _____ C:\Users\rick\Desktop\RGSA.exe
2017-07-05 12:04 - 2017-07-05 12:04 - 00001047 _____ C:\Users\rick\Desktop\Mbabm log.txt
2017-07-05 08:39 - 2017-07-05 08:39 - 00000000 ____D C:\Users\rick\Desktop\Old Firefox Data
2017-07-03 08:18 - 2017-07-03 08:15 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-29 17:15 - 2017-07-03 14:51 - 00000818 _____ C:\Users\rick\Desktop\new copy for GET CLIENTS NOW.txt
2017-06-23 17:08 - 2017-06-26 13:43 - 00002842 _____ C:\Users\rick\Desktop\summit plan.txt
2017-06-22 08:18 - 2017-06-22 08:18 - 00002109 _____ C:\Users\rick\Desktop\photo dash notes matt.txt
2017-06-22 07:36 - 2017-06-22 07:36 - 00000000 _____ C:\Windows\system32\last.dump
2017-06-21 15:06 - 2017-06-21 15:06 - 00000000 ____D C:\Users\rick\Desktop\Hashtag class
2017-06-21 15:02 - 2017-06-21 15:02 - 00000000 ____D C:\Users\rick\Desktop\Marketing Planning System
2017-06-21 15:01 - 2017-06-21 15:06 - 00000000 ____D C:\Users\rick\Desktop\Sales Multiplier Formula
2017-06-21 14:57 - 2017-06-21 15:08 - 00000000 ____D C:\Users\rick\Desktop\What to Weat Guides

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-06 08:11 - 2016-11-19 08:05 - 00000000 ____D C:\Users\rick\AppData\LocalLow\Mozilla
2017-07-06 07:52 - 2016-05-02 11:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-06 07:44 - 2015-05-18 07:13 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job
2017-07-06 07:37 - 2012-07-22 16:30 - 00027240 _____ C:\Users\rick\AppData\Roaming\nvModes.001
2017-07-06 07:35 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-06 07:35 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-06 07:35 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-05 15:59 - 2006-11-02 08:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-05 14:18 - 2014-06-21 13:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job
2017-07-05 14:12 - 2014-11-16 20:01 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job
2017-07-05 11:40 - 2014-05-18 13:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-03 08:21 - 2017-01-03 13:17 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 08:18 - 2017-01-03 13:13 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-03 08:17 - 2017-01-03 13:17 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 08:17 - 2017-01-03 13:17 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-03 08:17 - 2017-01-03 13:17 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-03 08:17 - 2017-01-03 13:17 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 08:17 - 2017-01-03 13:17 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-03 08:17 - 2017-01-03 13:17 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 08:15 - 2017-01-03 13:17 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 08:14 - 2017-03-09 09:01 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-03 08:14 - 2017-03-09 09:01 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-03 08:14 - 2017-03-09 09:01 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-03 08:14 - 2017-03-09 09:00 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-03 08:06 - 2017-05-07 09:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-03 08:06 - 2012-07-23 09:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-26 19:16 - 2014-02-12 10:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job
2017-06-23 09:32 - 2017-02-10 15:04 - 00002525 _____ C:\Users\rick\Desktop\New budget.txt
2017-06-22 16:28 - 2017-05-31 14:56 - 00005049 _____ C:\Users\rick\Desktop\summit project notes.txt
2017-06-21 15:13 - 2017-01-26 22:05 - 00000000 ____D C:\Users\rick\Desktop\HPHF
2017-06-21 15:03 - 2017-03-13 16:33 - 00000000 ____D C:\Users\rick\Desktop\Joy on Stage
2017-06-16 13:54 - 2012-04-06 15:33 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-16 13:54 - 2012-04-06 15:33 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-16 13:54 - 2007-05-30 23:23 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-13 16:23 - 2012-11-01 16:39 - 00000000 ____D C:\Users\rick\AppData\Roaming\vlc
2017-06-12 13:59 - 2016-10-26 13:24 - 00000000 ____D C:\Users\rick\Desktop\Ramit New Copy

==================== Files in the root of some directories =======

2012-07-22 16:30 - 2017-07-06 07:37 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.001
2012-07-22 12:51 - 2016-10-27 08:07 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.dat
2012-08-01 16:44 - 2014-03-18 10:26 - 0000680 _____ () C:\Users\rick\AppData\Local\d3d9caps.dat
2012-07-22 13:12 - 2014-10-19 16:18 - 0004608 _____ () C:\Users\rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-06 07:42

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2017
Ran by rick (06-07-2017 08:13:10)
Running from C:\Users\rick\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2012-04-06 21:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1683131032-1005017986-1901925349-500 - Administrator - Disabled)
Guest (S-1-5-21-1683131032-1005017986-1901925349-501 - Limited - Disabled)
rick (S-1-5-21-1683131032-1005017986-1901925349-1000 - Administrator - Enabled) => C:\Users\rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.1.4.20 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
AVerMedia USB Hybrid Capture Device 1.3.0.67 (HKLM\...\AVerMedia USB Hybrid Capture Device) (Version: 1.3.0.67 - AVerMedia TECHNOLOGIES, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
Desktop Dialer (HKLM\...\Desktop Dialer) (Version:  - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.13 - Google Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
mCore (HKLM\...\{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}) (Version: 9.09.0000 - Intel Corporation) Hidden
mHelp (HKLM\...\{8C6BB412-D3A8-4AAE-A01B-35B681789D68}) (Version: 9.09.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mMHouse (HKLM\...\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}) (Version: 9.09.0000 - Intel Corporation) Hidden
Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
mPfMgr (HKLM\...\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}) (Version: 9.09.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Shared C Run-time for x86 (HKLM\...\{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}) (Version: 10.0.0 - McAfee) Hidden
Skype™ 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.2.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (HKLM\...\{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.00.21 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
TOSHIBA Music (HKLM\...\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}) (Version: 1.00.1 - Toshiba America Information Systems)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.24 - TOSHIBA Corporation)
Utility Common Driver (HKLM\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 0.0.50.7C - TOSHIBA) Hidden
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1524\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.8\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers02: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2007-06-06] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CC73FD-943B-4E54-A754-8311B608DECA} - System32\Tasks\SafeZone scheduled Autoupdate 1483467585 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {20BF0B3E-9892-487A-BC5D-2FE8F245A016} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {238DD3DA-4F56-4A47-9E89-2C84BD9FD8AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {4CFF698E-9F27-4E17-891D-B72521BF6AB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0e3188a7063ba => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8FB5EA54-6DF5-4607-A4C2-563FF1800959} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {A829C3C5-DDF0-416A-AFC8-6749AFA1179F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {A9D5175D-C555-4B58-BC0C-999AD84E1EDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AF34370F-3687-491D-9B1F-F7208878037C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {BAA5AE82-4661-4511-AF02-1F07F2D24EDB} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab8b98c9d97e => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {D31E04A3-B015-419E-87B7-9C07A9CE3DEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D6273ED8-0C55-4743-8F16-1A687FBA3DB7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {DDFF6666-3866-4D99-A3AB-71D8C3394B83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DE33373C-6169-4F6F-80A3-AE341461C4D4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {EE27A12A-34AC-4854-BD93-80DE74E951F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d0417f569c24b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EE9D17B7-0363-4D00-8A0E-CD27AC4E05C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-03 08:15 - 2017-07-03 08:15 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-03 08:15 - 2017-07-03 08:15 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-03 08:15 - 2017-07-03 08:15 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-05 15:21 - 2017-07-05 15:21 - 05785496 _____ () C:\Program Files\AVAST Software\Avast\defs\17070500\algo.dll
2017-07-03 08:15 - 2017-07-03 08:15 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2006-10-17 19:13 - 2006-10-17 19:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-03-06 18:40 - 2007-03-06 18:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2007-05-30 23:06 - 2007-01-25 19:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2017-01-20 17:20 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-20 17:20 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-20 17:20 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-04-06 16:30 - 2007-05-17 18:03 - 04813312 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2007-05-30 23:06 - 2007-01-25 19:50 - 00063096 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2006-11-06 19:14 - 2006-11-06 19:14 - 00034352 _____ () C:\Program Files\Toshiba\Utilities\KeNotify.exe
2006-11-09 20:27 - 2006-11-09 20:27 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2007-05-30 22:03 - 2006-10-10 13:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2006-11-08 20:08 - 2006-11-08 20:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2007-05-30 21:50 - 2007-04-23 12:38 - 00009216 _____ () C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
2006-10-07 13:57 - 2006-10-07 13:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 20:55 - 2006-12-01 20:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2017-07-03 08:16 - 2017-07-03 08:16 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-01-03 13:16 - 2017-01-03 13:16 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-03 08:14 - 2017-07-03 08:14 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-03 08:14 - 2017-07-03 08:21 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2012-07-25 10:22 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{E6B074BD-6FF1-4D1D-924D-06BA35F59D1F}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{4EB269D1-0CAB-4738-B68E-790AE63FFDB1}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{0D179B71-F2EB-4B8D-A228-3672EA5A0234}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [{8439B5C7-A61E-42DB-99A7-5D4A99152B77}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [TCP Query User{BC5A3B6D-A9CF-4882-982D-3A248890DA99}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => (Block) C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe
FirewallRules: [UDP Query User{E41AF2EC-6BD4-4221-8E3D-373A89275B4B}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => (Block) C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe
FirewallRules: [{4D530EA7-4F72-4327-A434-D4E99FEAEB35}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C93F338D-4849-406F-A167-5E1D5571C5C7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6B11853-2647-447E-8562-D888925B5952}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{184B1040-C438-4272-A266-113972544D5E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9E59C28B-20A2-4A80-A223-3F5310D84D4F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C9820844-A8A7-438E-B262-639A7B2BBF76}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6A26DD79-D3FF-4F94-9F08-3832F245E8A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2D07D487-22F4-4D22-AABC-069A964DDAA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B232314-DBC7-4244-BF28-FA4BB7A62DF7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-06-2016 16:45:55 Windows Update
25-06-2016 15:31:30 Scheduled Checkpoint
26-06-2016 08:21:59 Scheduled Checkpoint
27-06-2016 09:41:43 Scheduled Checkpoint
27-06-2016 23:18:02 Scheduled Checkpoint
28-06-2016 20:59:45 Scheduled Checkpoint
07-07-2016 09:38:26 Scheduled Checkpoint
06-09-2016 18:45:08 Windows Update
16-01-2017 16:13:37 JRT Pre-Junkware Removal
17-01-2017 10:16:51 Restore Point Created by FRST
17-01-2017 10:32:30 Installed Sophos Virus Removal Tool.
18-01-2017 21:19:42 Installed Sophos Virus Removal Tool.
20-01-2017 16:20:11 Removed Java 7 Update 65
20-01-2017 16:22:47 Removed JavaFX 2.1.1
25-01-2017 09:31:40 Removed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2017 07:37:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 03:49:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 03:22:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 12:57:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 10:38:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 09:09:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2017 08:07:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2017 09:31:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/04/2017 08:50:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/03/2017 08:08:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/06/2017 07:37:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/06/2017 07:37:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/06/2017 07:37:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/05/2017 03:49:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/05/2017 03:21:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/05/2017 12:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/05/2017 10:31:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description

Edited by TimmU, 06 July 2017 - 08:20 AM.


#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 07 July 2017 - 06:13 AM

Hello TimmU and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.


I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.


Before we begin I would like to give you some recommendations:

Microsoft's support for Vista has ended in April 2017. That means your computer has become more vulnerable to infections after that date as it will never be updated to fix identified vulnerabilities and your system is susceptible to security vulnerabilities.

You may also want to know that Google cuts off Chrome updates on Windows Vista. Please read this article here.

If you want to keep using Chrome I suggest you start thinking about changing to a newer and modern Operating System to ensure that you continue to receive the latest Chrome versions and features as an outdated version is a security risk.


Now let's start.

You have Spybot - Search & Destroy installed. I strongly suggest you remove it as it can conflict with your other antivirus and anti-malware programs.

 

I have isolated the problem to be Avast! When I disable Avast, all websites load like normal.

Disabling your antivirus while navigating on the Internet is not a safe practice. Please turn on your Avast Antivirus. We will check what is causing the problem.


Please proceed with the following instructions in the order listed.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL =
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-16]
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.8\psuser.dll => No File
ContextMenuHandlers02: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:

End

Save the file as fixlist.txt in to the same folder as FRST
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Double-click on the icon to run the tool. Note: On Windows Vista, 7, 8 and 10 right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


Next,

Please download AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

 

You are running an old version of Malwarebytes.

Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3.

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step.

If you have lost the activation license key information it can be located here

Download Malwarebytes version 3 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Then select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on.
  • Go back to DashBoard and select the blue Scan Now tab.
  • When the scan completes deal with any found entries.
  • Select Export Summary and then Text File (*.txt). Give a name to the log and save it;
  • Please copy and paste the entire content of that log in your next reply.

 

In your next reply please post the contents of:
fixlog.txt;
JRT.txt;
AdwCleaner clean log;
MBAM clean log.

Let me know how is the computer running at this point. Are you able to load web pages out of the Private mode?

 

Android 8888


Edited by Android 8888, 07 July 2017 - 06:15 AM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 07 July 2017 - 12:05 PM

Thanks Android 8888,

 

I did everything except run the Mbam scan at the end. Here is why:

 

When I ran the newly installed Mbam, it showed that I had downloaded the trial for the Premium version with real time protection. And since I know that having two real-time protectors is not good (I already have Avast), I tried to remove Mbam using the mbam-clean you provided. I ran mbabm-clean twice as instructed, but i still see Malwarebytes on my desktop. And when I boot the computer up a little Malwarebytes window that says something like "unable to access" pops up.

 

By the way,

 

I still cannot load some websites while Avast is on. Neither on normal OR private mode.

 

If you can, please send me a link where I can download a free version of Mbabm (without a premium trial), and please let me know how I can completely uninstall the current version i have.

 

Here are my logs. Thank you !!

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2017
Ran by rick (07-07-2017 09:30:50) Run:1
Running from C:\Users\rick\Desktop
Loaded Profiles: rick (Available Profiles: rick)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL =
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-16]
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.8\psuser.dll => No File
ContextMenuHandlers02: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A9E3ACF-88BA-46F8-B51C-E58131799460} => key removed successfully.
HKLM\Software\Classes\CLSID\{5A9E3ACF-88BA-46F8-B51C-E58131799460} => key not found.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml => moved successfully
C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SD Format => key removed successfully.
HKLM\Software\Classes\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9423788 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 16065945 B
Firefox => 89397668 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 0 B
NetworkService => 0 B
rick => 16127689 B

RecycleBin => 0 B
EmptyTemp: => 132.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:32:25 ====

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows Vista ™ Home Premium x86
Ran by rick (Administrator) on Fri 07/07/2017 at 10:02:49.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 17

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T66CD90 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V52J2KY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C827256F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM00Z9JI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2TLM3NF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UB1MWEWL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTQW2135 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXM4FBGA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T66CD90 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V52J2KY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C827256F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM00Z9JI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2TLM3NF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UB1MWEWL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTQW2135 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXM4FBGA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/07/2017 at 10:06:38.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

PLEASE NOTE, I HAVE ATTACHED TWO VERSIONS OF AdCleaner log. The first one came up with no problems. And the second one I ran the clean anyway because the instructions told me so. That's why I am attaching both versions in case this is helpful...

 

 

# AdwCleaner v6.047 - Logfile created 07/07/2017 at 10:28:16
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.2 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : rick - RICK-PC
# Running from : C:\Users\rick\Desktop\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1017 Bytes] - [07/07/2017 10:28:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1090 Bytes] ##########
 

 

 

 

 

//////////////

/////////////

//////////////

 

 

 

# AdwCleaner v6.047 - Logfile created 07/07/2017 at 10:31:02
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.2 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : rick - RICK-PC
# Running from : C:\Users\rick\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [777 Bytes] - [07/07/2017 10:31:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [1169 Bytes] - [07/07/2017 10:28:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [922 Bytes] ##########
 



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 09 July 2017 - 07:28 AM

Hello TimmU.

Thank you for providing me those logs.

 

I did everything except run the Mbam scan at the end. Here is why:

When I ran the newly installed Mbam, it showed that I had downloaded the trial for the Premium version with real time protection. And since I know that having two real-time protectors is not good

This is no completelly correct. You can run more than one security program with real-time protection at the same time IF they are not of the same type. Since Malwarebytes is designed to run alongside a normal antivirus program you shouldn’t have to worry about this most of the time - especially if you’re just using the free version. So you can run it alongside your Avast Free Antivirus without interfering.

 

In my computer I am running Malwarebytes alongside Avast Free Antivirus and I've never had a problem with both real-time protections.

 

However if you start noticing problems when running both at the same time you can always add exclusions in each of them to maximize its performance. But that won’t be completely necessary most of the time.

Please read more information about it here and here.

 

If you can, please send me a link where I can download a free version of Mbabm (without a premium trial), and please let me know how I can completely uninstall the current version i have.

The free version of Malwarebytes is designed with a Premium trial version so the user can test it up to 14 days.

However and if you wish it is always possible to disable its real-time protection:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Under 'Real-Time Protection' please disable:
  • Web Protection
  • Exploit Protection
  • Malware Protection
  • Ransomware Protection
  • Close Malwarebytes.


Now I strongly advise you to keep Malwarebytes and run a scan on your system, then provide me the produced log for my review.

 

I still cannot load some websites while Avast is on. Neither on normal OR private mode.

Please provide me the links of the web sites that you can not access.


Next,

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


In your next reply please post the ESET log (if it produced one), the Malwarebytes log and let me know how is the computer's behavior.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 10 July 2017 - 08:39 AM

Thanks Android 8888!

 

Here are the steps I took.

 

First, I uninstalled and reinstalled MBAM.

 

Then, I set the scan settings like you told me in your previous reply, and updated, and ran the scan.

 

When, I ran the scan, it first tried to update, but this first step was taking a really long time (I waited 40 minutes for this step to finish, and I figured it was not actually updating, so I turned the scan off) - So I was not able to get a scan report

 

Then, I downloaded and ran ESET. The last few steps of the instructions you provided were different then what I saw on screen. BUT I WAS able to get a list of what it found. Here is the result I was able to pull up from the scan:

 

C:\Users\rick\AppData\LocalLow\Sun\Java\jre1.7.0_09\java_sp.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting
 

(I did not press the "Clean" button because it was not in the instructions you gave me)

 

Should I run ESET again, and press "Clean" on the above finding?

 

Next...

 

I tried to run MBAB again this morning after turning on my computer, and I noticed that the "Web Protection" was off. (Which I thought was a little strange because I did not turn it off myself)

 

... Anyway, I ran the scan, and it looks like the scan made the computer crash because a blue screen with a lot of words came up on the screen, and then the computer restarted.

 

This is the reason i was again not able to get you a MBAM scan log.

 

After the computer restarted, I am able to see that "Web Protection" is on again.

 

Please let me know what you would like me to do next.

 

Thanks!

 

P.S. Like I said before, the websites-not-loading is intermittent. Currently, in normal mode, the computer is able to load everything but it has real problems loading youtube videos (takes a really long time, and the videos are quite pixelated). In private mode, it does have more problems loading pretty much any websites (it either takes a really long time, or it just looks like it's loading but doesn't actually load). Really any websites, but mostly I visit,  gmail.com, unbounce.com, youtube.com, reddit.com



#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 11 July 2017 - 08:31 AM

Hello TimmU.
 

Should I run ESET again, and press "Clean" on the above finding?

No. ESET already deleted the item.


Okay, let's proceed step by step as follow:

Clear the cache, cookies and history of all your Browsers.
https://kb.wisc.edu/...ternet Explorer
https://kb.wisc.edu/...Mozilla Firefox
https://support.goog...n]Google Chrome


Reset the Browsers settings to default.
https://support.micr...ternet Explorer
https://support.mozi...Mozilla Firefox
https://support.goog...n]Google Chrome



Next,

You need to remove and reinstall Malwarebytes again using the latest version of the Malwarebytes removal tool (mb-clean.exe).

Please read carefully the instructions below and proceed when ready.

First, delete the 'MBAM-clean.exe' that you previously downloaded to your computer's Desktop.

Now download the latest version mb-clean from here and save it to your computer's Desktop.

Double-click the mb-clean to run the program.
Click Yes when prompted and wait.
If you are prompted to reboot, click Yes. << This is very important! If you are not prompted, please skip to the last bullet point.

After the computer has rebooted, please click Yes when prompted to reinstall Malwarebytes 3.0.
A progress bar will appear. Installation of Malwarebytes 3.0 will start shortly after.
When the installation completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Then select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on.
  • Go back to DashBoard and select the blue Scan Now tab.
  • When the scan completes deal with any found entries.
  • Select Export Summary and then Text File (*.txt). Give a name to the log and save it;
  • Please copy and paste the entire content of that log in your next reply.

 

 

Please post the contents of Malwarebytes clean log and let me know how are the webpages loading now.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 11 July 2017 - 12:36 PM

Thanks Android 8888!

 

I have cleared cache, cookies and history of all my browsers. And I have reset browser settings, as directed.

 

I have also uninstalled and reinstalled MBAM as directed, and I ran the scan, but with the same problem...

 

As I ran the scan, something happens and the computer forces a reboot, after reboot, the computer says it was unable to shut down successfully.

 

(This is why I am unable to provide the MBAM log, because the computer shuts down while running the scan)

 

As of right now, the computer is still unable to load the websites while Avast is on. This time it has problems in both normal and private mode.

 

Please let me know what steps you would like me to take next.

 

Thank you Android 8888!



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 12 July 2017 - 08:06 AM

Hello TimmU.

Okay, please download, install and run a scan with RogueKiller and post the contents of its log for my review.

Note: DO NOT fix anything. Just run the scan and post the contents of the log.

Download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your computer's Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 12 July 2017 - 02:45 PM

Hi Android 8888!

 

I've gone to the website you linked, and grabbed the download I found.

 

The download name is RogueKiller_setup_ref3

 

(I did notice you said to right click on setup.exe, is that the same as the thing I downloaded? Or am I downloading the wrong thing?)

 

The reason I ask is because when I run RogueKiller_setup_ref3 as administrator, it does not do anything at all.

 

Even if I just double click, instead of running as asministrator, it does not do anything at all.

 

I have deleted the installer, and downloaded it again, and the same thing: nothing happens.

 

This is why I cannot provide results.

 

If I'm downloading the wrong thing, if you could, please provide more specific instructions of what to click on to download the setup.exe

 

Thanks!

 

By the way, I'm not sure if this is relevant, but I looked at the properties of RogueKiller_setup_ref3 and under compatibility, I see that it says Windows XP (Service Pack 2)... and I am using Vista. 

 

Thank you Android 8888!


Edited by TimmU, 12 July 2017 - 02:46 PM.


#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 12 July 2017 - 03:24 PM

Hello TimmU.

 

By the way, I'm not sure if this is relevant, but I looked at the properties of RogueKiller_setup_ref3 and under compatibility, I see that it says Windows XP (Service Pack 2)... and I am using Vista.

RogueKiller will run in all versions of Windows. I added the direct link so you can download the tool.

 

 

Delete the file that you downloaded (RogueKiller_setup_ref3).

 

 

Now download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your computer's Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Choose the installation language and click OK.
  • Check-mark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply and let me know if you had any problems with the instructions above.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 12 July 2017 - 04:22 PM

Thank you Android888.

 

I have downloaded the setup file. And again, when I try to run it, absolutely nothing happens.

 

Please let me know what step to take next. Thank you!

 

By the way, if this is relevant, in order to download all of these files you provide to me, I must always turn off Avast. Otherwise, the download fails.



#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 13 July 2017 - 02:39 PM

Hello TimmU.
 

By the way, if this is relevant, in order to download all of these files you provide to me, I must always turn off Avast. Otherwise, the download fails.

These tools and their sources are totally safe. However due to its heuristic scan Avast can detect some of them as a false positive. If Avast is behaving that way you can always add exclusions to Avast for those files so that it will not scan them when you are trying to run them.

 

Let's add an exclusion to the file 'setup.exe' so you can install RogueKiller and run a scan.

Open the Avast user interface, and go to Settings > General.
Scroll down and click Exclusions to expand this section.
Select 'File paths' tab.
Click the Browse button and tick the folder where the file setup.exe is located, should be the Desktop folder.
Click OK to confirm.
Close the Avast user interface.

Now read the instructions in my previous post to install RogueKiller, run a scan and post the log.

NOTE: DO NOT fix anything. Just run the scan and post the contents of the log for my review.

Please post the contents of RKLog.txt for my review.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 13 July 2017 - 03:45 PM

Thanks Android 8888

 

I have added the exclusion (I was unable to tick from the browse button, but I found the path C:\Users\rick\Desktop in the properties of setup.exe and added that path to exclude).

 

I have also deleted the old setup.exe, downloaded it again. and tried to run it but again nothing happens.

 

I should also add that even if I disable Avast shields and then try to run setup.exe, still nothing happens.

 

Please let me know what you'd like me to try next. Thanks Android 8888!



#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 13 July 2017 - 06:53 PM

Hello TimmU.

Okay, forget RogueKiller for now and try the following tool:

Please download Malwarebytes Anti-Rootkit BETA and save it to your computer's Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;

 

Please copy and paste the contents of that log in your next reply.

 

NOTE: If you cannot run MBAR in Normal Mode, restart the computer in Safe Mode with Networking and try to run it again.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#15 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 13 July 2017 - 11:33 PM

Thanks Android 8888,

 

I was able to run the scan this time. Here is the log you requested. (Please let me know my next move... thanks!)

 

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
  main:    v2017.07.14.01
  rootkit: v2017.05.27.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
rick :: RICK-PC [administrator]

7/13/2017 10:53:20 PM
mbar-log-2017-07-13 (22-53-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 245071
Time elapsed: 23 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 14 July 2017 - 11:45 AM

Hello.
 
Okay, the MBAR log seems good. No threats were found.
 
Now please run the following tool.
 
Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 

Please post the contents of the log in your next reply and note any errors encountered.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#17 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 14 July 2017 - 06:07 PM

Thanks Android 8888,

 

I have downloaded the tool. And I have clicked to run as administrator. However, nothing happens.

 

Please let me know what you'd like me to do next. Thanks again



#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 15 July 2017 - 09:20 AM

Hello TimmU.

Thank you for the information.

I suspect that there may be something wrong with your Avast installation. I have Avast Free Antivirus installed on my computer and that problem does not happen on my computer. I can run all the tools and navigate on the Internet without problems.

Okay, you need to completely uninstall Avast by using its Uninstall Utility. Then restart the computer and download and reinstall a new copy of Avast Free Antivirus.

Please read the instructions in this link to download the Avast Uninstall Utility (avastclear.exe) in order to completely remove Avast from your computer.

After the removal is complete, restart the computer.

Now please download and install a new copy of Avast Free Antivirus from here.

When the installation is complete, please restart the computer.

Test all your browsers to see if you can open the websites in which you were having the issues.

Please let me know how you get on.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#19 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 16 July 2017 - 10:38 AM

Thanks Android 8888!

 

I have used the utility to uninstall Avast. and then I used the link you provided to install Avast.

 

Then, I have tried again to go to online and again, the websites are not loading.

 

And again, the websites do load when I disable avast shields

 

Any other suggestions?

 

I'm thinking maybe it's just time to simply upgrade my computer to the newest windows. What do you think?

 

....This is so strange that we are not finding the problem

 

Thanks for your help Android 8888!

 

 

 

P.S. I now have Avast SafeZone 1 Browser ..... I would like to uninstall this because I did not request it. Can you tell me how please?


Edited by TimmU, 16 July 2017 - 10:40 AM.


#20 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 16 July 2017 - 01:03 PM

Hello TimmU.
 

I'm thinking maybe it's just time to simply upgrade my computer to the newest windows. What do you think?

This is a good option and I strongly advise you to do that. As I already stated, Windows Vista support has ended in April 11, 2017.
However I do not think this is the cause of this issue.

 

Let's try to uninstall Avast using the Free Portable version of Revo Uninstaller. It will also remove Avast Safe Browser.

Please download the free portable version of Revo Uninstaller and save it to your computer Desktop;
Double-click the file 'RevoUninstaller_Portable.zip' to extract the files. This will create a folder on the Desktop with the name RevoUninstaller_Portable;
Open that folder and right-click on the file RevoUPort and select Run as administrator to run the tool;
Click Yes to accept the User Account Control security warning that may appear. It will open a new window;
Click Yes to accept the Licence Agreement;
Inside Revo select Avast Free Antivirus and click Uninstall. Follow the instructions to complete the removal process;
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers of Avast;
Click on Delete and then click Next. NOTE: You may have to repeat this to delete all the leftovers (Registry items, files and folders);
Click on the Finish button;
Close Revo Uninstaller;

Please restart the computer.

Now go to this link and try to reinstall Avast Free Antivirus.
 

NOTE: Make sure you select the custom installation so you can uncheck the checkbox of Avast Safe Browser, otherwise it will be installed again.

 

Please let me know how you get on this time.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#21 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 16 July 2017 - 10:08 PM

Hi Android 8888, and thank you.

 

I have used RevoUPort to uninstall Avast.

 

(However I must admit that I forgot to use the "Advanced" scan setting, and I left it at "Moderate" ... I still went through the steps to remove all of the remnants of Avast.

 

I installed Avast again, but the problem persists. Websites not loading intermittently.

 

Here Is what I am thinking. I only go to about 5 websites on this computer. And never to anything else. Do you think that I should just set the websites I use as exclusions in Avast?

 

Or is there anything else you recommend?

 

Thank you!



#22 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 17 July 2017 - 06:45 PM

Hello TimmU.
 

Here Is what I am thinking. I only go to about 5 websites on this computer. And never to anything else. Do you think that I should just set the websites I use as exclusions in Avast?

For now please proceed that way with those websites and then see if you can load them.

Please keep me posted.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#23 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 18 July 2017 - 09:17 AM

Thanks Android 8888,

 

It looks like the exclusions work for normal mode, but the websites are still not loading in private mode.

 

Please let me know if there is anything else you'd like me to try. Thanks so much



#24 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 19 July 2017 - 09:13 AM

Hello TiimmU.

Please try the following two procedures and see if any of them resolves the problem.

1. Change the DNS Server settings to Automatic and let me know if you can load any websites.
2. Reboot the computer in Safe Mode with Networking and let me know if you can load any websites.


Now, restart the computer in Normal Mode and proceed as follow:

Please download MiniToolBox, save it to your computer Desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next,

Please download Farbar Service Scanner by Farbar to your computer Desktop and double-click the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center / Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the contents of the log to your reply.

 

In your next reply please post the entire contents of Result.txt and FSS.txt and let me know if you were able to load any websites when performed the two procedures described in the beginning of this post.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#25 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 20 July 2017 - 09:07 AM

Thanks Android 8888,

 

I went through the steps of "change the dns setting to automatic" (and it was already set to automatic), I pressed ok to save anyway. I was able to load websites, but not on private mode.

 

I ran the computer in safe mode with networking, and all sites loaded fine, even in private mode. But I it looks like Avast did not turn on, and the problems only arise if Avast is on.

 

By the way, something I forgot to tell you in my last post ---- I tried to run a scan with MBAM several times, and both times it crashed my computer. It had to restart on it's own.

 

Here are the results of the scans. Thank you. (I did not find results.txt. but I did find MTB.txt)

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by rick (administrator) on 20-07-2017 at 08:54:06
Running from "C:\Users\rick\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: Satellite X205 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: localhost:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : rick-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
   Physical Address. . . . . . . . . : 00-13-E8-ED-78-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:36df:6f50:4428:9e09:2ed1:8ff(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:36df:6f50:686e:6804:f32e:a92f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4428:9e09:2ed1:8ff%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 20, 2017 8:19:23 AM
   Lease Expires . . . . . . . . . . : Friday, July 21, 2017 8:19:23 AM
   Default Gateway . . . . . . . . . : fe80::de7f:a4ff:fe9b:ea99%9
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1B-38-AB-64-21
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{2834E2BC-F460-4B8E-A197-F60CF653B3D4}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38f1:3cf0:3f57:febc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38f1:3cf0:3f57:febc%10(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{8DA2B145-41AD-46B6-B896-302199E21359}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gateway.pace.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gateway.pace.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : isatap.attlocal.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com
Addresses:  2607:f8b0:4000:803::200e
      216.58.194.46



Pinging google.com [2607:f8b0:4000:803::200e] from 2602:306:36df:6f50:686e:6804:f32e:a92f with 32 bytes of data:

Reply from 2607:f8b0:4000:803::200e: time=47ms

Reply from 2607:f8b0:4000:803::200e: time=25ms



Ping statistics for 2607:f8b0:4000:803::200e:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 25ms, Maximum = 47ms, Average = 36ms

Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      98.138.253.109
      206.190.36.45
      98.139.180.149



Pinging yahoo.com [2001:4998:c:a06::2:4008] from 2602:306:36df:6f50:686e:6804:f32e:a92f with 32 bytes of data:

Reply from 2001:4998:c:a06::2:4008: time=75ms

Reply from 2001:4998:c:a06::2:4008: time=76ms



Ping statistics for 2001:4998:c:a06::2:4008:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 75ms, Maximum = 76ms, Average = 75ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 13 e8 ed 78 23 ...... Intel® Wireless WiFi Link 4965AGN
  8 ...00 1b 38 ab 64 21 ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{2834E2BC-F460-4B8E-A197-F60CF653B3D4}
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 18 ...00 00 00 00 00 00 00 e0  isatap.{8DA2B145-41AD-46B6-B896-302199E21359}
 19 ...00 00 00 00 00 00 00 e0  isatap.gateway.pace.com
 20 ...00 00 00 00 00 00 00 e0  isatap.gateway.pace.com
 22 ...00 00 00 00 00 00 00 e0  isatap.attlocal.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.67    276
     192.168.1.67  255.255.255.255         On-link      192.168.1.67    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.67    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.67    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.67    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    276 ::/0                     fe80::de7f:a4ff:fe9b:ea99
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:4137:9e76:38f1:3cf0:3f57:febc/128
                                    On-link
  9     36 2602:306:36df:6f50::/60  fe80::de7f:a4ff:fe9b:ea99
  9     28 2602:306:36df:6f50::/64  On-link
  9    276 2602:306:36df:6f50:4428:9e09:2ed1:8ff/128
                                    On-link
  9    276 2602:306:36df:6f50:686e:6804:f32e:a92f/128
                                    On-link
  9    276 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::38f1:3cf0:3f57:febc/128
                                    On-link
  9    276 fe80::4428:9e09:2ed1:8ff/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
  9    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/20/2017 08:34:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2017 08:02:46 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/20/2017 06:07:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2017 06:49:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2017 08:04:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2017 01:56:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2017 01:37:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2017 11:49:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2017 07:20:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2017 09:51:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/20/2017 08:19:38 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/20/2017 08:03:07 AM) (Source: Service Control Manager) (User: )
Description: aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
spldr
Wanarpv6

Error: (07/20/2017 08:03:07 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068 = The dependency service or group failed to start.


Error: (07/20/2017 08:02:56 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/20/2017 08:02:55 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/20/2017 08:02:53 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/20/2017 08:02:46 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/20/2017 08:02:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll21

Error: (07/20/2017 08:02:37 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/20/2017 06:05:57 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



Microsoft Office Sessions:
=========================
Error: (07/20/2017 08:34:57 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/20/2017 08:02:46 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/20/2017 06:07:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/19/2017 06:49:59 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/18/2017 08:04:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/17/2017 01:56:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/17/2017 01:37:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/17/2017 11:49:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/17/2017 07:20:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL

Error: (07/16/2017 09:51:21 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll


CodeIntegrity Errors:
===================================
  Date: 2017-07-17 13:58:49.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:48.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:48.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:47.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:44.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:43.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:42.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:58:41.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:38:16.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:38:16.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824166751}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.1.4.20 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
AVerMedia USB Hybrid Capture Device 1.3.0.67 (HKLM\...\AVerMedia USB Hybrid Capture Device) (Version: 1.3.0.67 - AVerMedia TECHNOLOGIES, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
Desktop Dialer (HKLM\...\Desktop Dialer) (Version:  - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.13 - Google Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.131.11 - Oracle Corporation) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
mCore (HKLM\...\{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}) (Version: 9.09.0000 - Intel Corporation) Hidden
mHelp (HKLM\...\{8C6BB412-D3A8-4AAE-A01B-35B681789D68}) (Version: 9.09.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mMHouse (HKLM\...\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}) (Version: 9.09.0000 - Intel Corporation) Hidden
Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
mPfMgr (HKLM\...\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}) (Version: 9.09.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Shared C Run-time for x86 (HKLM\...\{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}) (Version: 10.0.0 - McAfee) Hidden
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.2.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (HKLM\...\{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.00.21 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
TOSHIBA Music (HKLM\...\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}) (Version: 1.00.1 - Toshiba America Information Systems)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.24 - TOSHIBA Corporation)
Utility Common Driver (HKLM\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 0.0.50.7C - TOSHIBA) Hidden
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0001
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0002
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0003
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2045.69 MB
Available physical RAM: 1118.36 MB
Total Virtual: 4332.62 MB
Available Virtual: 2773.72 MB

========================= Partitions: =====================================

1 Drive c: (SQ004441V05) (Fixed) (Total:110.32 GB) (Free:52.58 GB) NTFS

========================= Users: ========================================

User accounts for \\RICK-PC

Administrator            Guest                    rick                     

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini071017-01.dmp
C:\Windows\Minidump\Mini071117-01.dmp
C:\Windows\Minidump\Mini071717-01.dmp
C:\Windows\Minidump\Mini071717-02.dmp

**** End of log ****
 

 

 

 

 

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by rick (administrator) on 20-07-2017 at 09:01:14
Running from "C:\Users\rick\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

Thank you!

 

P.S. Am I free to delete all the the tools and reports you asked me to download and run? They are crowding my desktop.


Edited by TimmU, 20 July 2017 - 09:10 AM.


#26 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 22 July 2017 - 01:47 PM

Hello TimmU.
 

P.S. Am I free to delete all the the tools and reports you asked me to download and run? They are crowding my desktop.

I'll give you instructions to run a tool that will remove those tools completely.

But before I would like you to read this link and see if it can help you.

 

Please keep me posted.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#27 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 24 July 2017 - 07:08 AM

Hi Android 8888,

 

Thank you. I've checked those settings and did not have "Always use private settings for history".

 

I am still getting the same problem. Mostly in private browsing. And only when Avast shields are on. If I turn Avast shields off, everything works fine. 

 

Thanks.

 

EDIT::::

 

I dont know if this is related... but I wanted to let you know that I got that blue screen telling me that the computer had to shut down. This time, I was not running MBAB, but I had a couple of Firefox tabs open, and a text document. If it helps, here is what the screen said....

 

 

A problem has been detected and windows has been shut down to prevent damage to your computer.

 

If this is the fist time you've seen this stop error screen, restart your computer. if this screen appears again, follow these steps:

 

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

 

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe mode to remove or disable components, resat your computer, press F* to select Advanced Startup options, and then select safe mode.

 

Technical Information:

 

*** STOP: 0x0000008E (0xC0000005, 0x82E6A6F5, 0x803EC743, 0x00000000)

 

Collecting data for crash dump...

Initializing disk for crash dump...
Beginning dump of physical memory.

Dumping physical memory to disk: 100

Physical memory dump complete.

Contact your system admin or technical support group for further assistance.

 

 

AND THEN, WHEN I RESTARTED THE COMPUTER, IT SHOWED THIS LITTLE WINDOW....

 

 

Windows has recovered from an unexpected shutdown

 

Windows can check online for a solution to the problem.  [i did not "check for solution", instead I hit "cancel]

 

View problem details...

 

Problem signature:

Problem Event name: Blue Screen

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

 

Additional information  about the problem:

DCCode: 1000008e

BCP1: C00000005

BCP2: 82E6A6F5

BCP3: 803EC734

BCP4: 00000000

OS Version: 6_0_6002

Service Pack: 2_0

Product: 768_1

 

Files that help describe the problem:

C:\Windows\Minidump\Mini072417-01.dmp

C:\Users\rick\AppData\Local\temp\WER-67142-0.sysdata.xml

C:\Users\rick\AppData\Local\temp\WERF517.tmp.version.txt


Edited by TimmU, 24 July 2017 - 12:27 PM.


#28 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 24 July 2017 - 04:44 PM

Hello TimmU.

I suspect that your Firefox browser may be corrupted.

Let's completely uninstall Mozilla Firefox using the Revo Uninstaller.

First you need to save your Bookmarks.
Open Firefox;
Click the Bookmarks menu, and then click Show All Bookmarks;
Click on Import and Backup;
Select 'Backup', a new window will open;
Save the backup file bookmarks-year-month-day to your Desktop or in a place where you can easily remember.


Next,

Please download and install the free version of Revo Uninstaller
Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Select Mozilla Firefox and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.

Please download the latest version of Mozilla Firefox from here and reinstall it on your system.

 

Then restore your Bookmarks from backup to Mozilla Firefox:
https://support.mozi...up-or-move-them

Try to navigate in Firefox several times and check if the problem remains.

Please keep me posted.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#29 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 25 July 2017 - 08:22 AM

Thanks Android,

 

I have clicked the Revo Uninstaller link, and clicked the green free download link. I downloaded revosetup, but when I try to either run normally or as administrator, nothing happens.

 

Nothing opens. I try to run it but nothing happens.  

 

Please let me know what you suggest next. Thank you!



#30 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 26 July 2017 - 05:35 AM

Hello TimmU.

 

Revo Uninstaller is totally safe. Please disable the Avast shields so you can install Revo Uninstaller.

Then follow the instructions in my previous post to uninstall Mozilla Firefox using Revo Uninstaller.

 

Please let me know how you get on.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#31 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 26 July 2017 - 07:53 AM

Hello Android 8888,

 

Thank you. I have tried to run Revo Uninstaller with Avast shields disabled, but when I try to run it, still nothing happens.

 

Please let me know any other suggestions. Thank you!



#32 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 28 July 2017 - 07:58 AM

Hello.

Try to add an exclusion for Revo in Avast.
http://www.avasthelp...ns-and-shields/


Now try to run Revo again and follow the instructions from my post #28 to completely uninstall Firefox.


If that does not work, please keep all Avast shields disabled, then download and run Revo Uninstaller Free Portable version from here and try to uninstall Mozilla Firefox.

 

Please keep me posted.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#33 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 29 July 2017 - 10:25 AM

Hello Android 8888!

 

I was about to do your instructions, but before I did, I tested my browser in both normal and private mode ... with Avast shields ON, and everything worked perfectly!

 

All websites are loading :)

 

Do you still want me to do your instructions? Or do you want me to do something different? Please let me know.

 

Thank you Android 8888!

 

P.S. To be clear, did not do anything to try to fix this problem. I looks like it got fixed all by itself.

 

EDIT: .... I just tried to run an MBAM scan, and it crashed my computer again. So I still have that problem, if you would be so kind to help me with that. Thank you.


Edited by TimmU, 29 July 2017 - 10:37 AM.


#34 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 31 July 2017 - 06:30 PM

Hello TimmU.
 

I was about to do your instructions, but before I did, I tested my browser in both normal and private mode ... with Avast shields ON, and everything worked perfectly!

These are great news! From what I understand you are now able to run the programs and the only problem is that the system crashes while Malwarebytes is running.


Okay, please proceed with the following:


Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;

  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator;
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on TinyUpload and post the download link for it in your reply;

Next,

  • Double-click the file RevoUninstaller_Portable.zip to extract the files. It will create a folder on the Desktop with the name RevoUninstaller_Portable;
  • Open the folder on the Desktop with the name RevoUninstaller_Portable and right-click on the file RevoUPort and select Run as administrator to run the tool;
  • Click Yes to accept the User Account Control security warning that may appear. It will open a new window;
  • Click Yes to accept the Licence Agreement;
  • Inside Revo select Malwarebytes and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Delete and then click Next. NOTE: You may have to repeat this to delete all the leftovers (Registry items, files and folders);
  • Click on the Finish button;
  • Close Revo Uninstaller and restart the computer.

Please do not reinstall Malwarebytes yet.


Please post the download link for the cbs.txt log in your next reply and let me know how is the computer running.


Edited by Rocket Grannie, 01 August 2017 - 06:02 PM.
Fixed broken tinyupload link

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#35 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 01 August 2017 - 09:51 AM

Thanks Android 888!

 

I ran the scan, but strangely my computer is unable to open tinyupload website. Even if Avast shields are turned off. I tried in both Firefox and Chrome. The website does not open, so I cannot upload the file.  

 

It says something like "the website cannot be reached".

 

I can still load other websites however.

 

I have uninstalled MBAM.

 

Other than the fact that my browsers will not open tinyupload, the computer seams to be running fine.

 

The tinyupload link was broken. It has now been fixed. Please upload the requested file.


Edited by Rocket Grannie, 01 August 2017 - 06:04 PM.


#36 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 02 August 2017 - 08:59 AM

Hello!

 

I have tried tinyupload again, but when I upload the file...

 

- the original windows says this: "Maksymalny rozmiar ładowanego pliku został osišgnięty"

 

- and the window that pops up says: File being uploaded ... at the bottom corner a little message flashes "waiting for tinyupload"

 

I have waited for about 7 mintues, and nothing else happens.

 

Should I try with Avast shields off?

 

Should I just be patient and wait for longer?

 

I'm not sure what to do. Please let me know.

 

Thank you!



#37 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 03 August 2017 - 04:35 AM

Hello TimmU.

 

Okay, please try to attach the file cbs.txt in your next reply.

 

If the log is too long, most likely you won't be able to attach it. If that is the case open the cbs.txt file and try to copy and paste its entire contents in your reply.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#38 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 04 August 2017 - 01:09 PM

Thanks Android 888 - I have tried attaching the csb file, but it crashes my tab. The same thing happens when I try to copy and paste.

 

Thank you.



#39 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 05 August 2017 - 05:04 PM

Hello TimmU.

 

Please download Tweaking.com - Windows Repair from here

  • Right-click on tweaking.com_windows_repair_aio_setup.exe.
  • Accept any security warning that may appear and follow the rest of the instructions to install the tool.
  • After the installation is complete, please open Windows Repair.
  • Execute the instructions on Step 1: (Important)
  • Click Next (the right arrow) and when in Step 2: (Optional), click on Open Pre-Scan and the Start Scan. Skip Step 3: (Important) and Step 4: (Optional) for now.
  • On Backup Tools tab, under Registry backup (Recommended) click on Backup. When you have completed this click on the right arrow.
  • Under the 'Repairs - Main' tab click on Open Repairs.
  • Uncheck the All repair button then select just the item(s) listed below
01 - Repair Registry Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
10 - Remove Policies Set By Infections
11 - Repair Start Menu Icons Removed by Infections
12 - Repair Icons
17 - Repair Windows Updates
21 - Repair MSI (Windows Installer)
26 - Restore Important Windows Services
27 - Set Windows Service to Default Startup
  • Click the Start Repairs button and let the process run to completion. Copy any error messages into Notepad and save it on your Desktop. Note: (Reboot the computer if asked to do so).
  • Please copy and paste the entire contents of this log file on your next reply for my review.

Restart the computer normally.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#40 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 07 August 2017 - 09:41 PM

Thanks Android 8888,

 

Step 1 asks me to "do a proper reset first" and it says that it is not the same as shutting down the computer. How do I do this?

 

Also, it highly recommends to run in Safe Mode with Networking. Should I do this?

 

Thanks Android 8888!



#41 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,022 posts

Posted 09 August 2017 - 07:33 AM

Hello TiimmU.

A proper power reset means draining all the electricity out of the system.
This will properly reset the hardware and also clear volatile memory, it also helps since Windows will be restarted after, clearing out any memory leaks, not enough system resources or other problems that might get in the way of the repairs.

To perform a proper power reset:

  • Shut down and power off the computer.
  • Once the computer is powered off, unplug the power cord. If it is a laptop also remove the battery. It is important that any way for the system to keep getting power is unplugged or unhooked.
  • With the power cord unplugged and the battery removed (if you have one), hit the power button a few times as if you are trying to turn on the computer. When you do this and the computer tries to turn on, all the electricity is drained out of the system.
  • Plug the power cord back in and reinsert the battery (if you have one).

Now, turn the computer on in Safe Mode with Networking and proceed with the rest of the instructions in my previous post.

Let me know how you get on.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#42 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 190 posts

Posted 16 August 2017 - 06:31 PM

Hi Android 8888,

 

After doing a proper reset, and then start in Safe Mode with Networking, I search for tweaking.com_windows_repair_aio_setup.exe on my desktop, but it is not there.

 

Very strange.

 

I have tried it several times. I thought that maybe it was in a part of desktop that I could not see. So i moved the icon to one of the very first ones, and still I do not see it on my desktop.

 

I do see it in normal mode, but when I start in Safe Mode with Networking, I no longer see the file. 

 

Any further assistance / instruction is appreciated.

 

Thank you!



#43 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 24 August 2017 - 10:35 AM


Hi,

Because of family medical situation... Android 8888 is not available at the moment.

I have been asked to take over until his return.

What I would like you to do is remove Malwatebytes using the Unstaller progtam

You will find the information on this page.
https://support.malw...m/docs/DOC-1112

I do not suggest you reinstall the application just yet.

Test you system and let me know what issues are still pending.

===

One more thing.
See if you can open your Taks Manager.

Hold the CTRL+ALT+DEL keys and open it.

Is it available?

Exit.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!