|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]()
I post this in window 10 but did not get any reply because I think it was in the wrong forum so I am posting it here.
I am running windows 10 ,when I go on the internet its very slow I suspect that it have virus because it was very fast before. I ran malware byte and it found some malware and it clean it up yesterday , I ran it again today and it found more. but the PC is still slow. |
#2
|
||||
|
||||
Hello Jerry56 and Welcome to the CyberTechHelp Forums.
![]() I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* Let's check. Please do this following. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
![]() |
#3
|
|||
|
|||
![]()
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by George (administrator) on GEORGE-PC (08-12-2017 18:59:22) Running from C:\Users\George\Downloads Loaded Profiles: George (Available Profiles: George & DefaultAppPool) Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxOutlook.e xe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Farbar) C:\Users\George\Downloads\FRST64 (7).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-96959487-344117887-1461987557-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation) Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk [2017-12-04] ShortcutTarget: Monitor Ink Alerts - HP Officejet 6600 (Network).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\WKCALREM.LNK [2015-07-03] ShortcutTarget: WKCALREM.LNK -> C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => 127.0.0.1:8536 ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8536 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8536 ProxyServer: [S-1-5-21-96959487-344117887-1461987557-1001] => 127.0.0.1:8536 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55}: [NameServer] 13.59.228.155 Tcpip\..\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-13] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-13] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 33jaqmav.default-1491324543132-1512592173300 FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Pr ofiles\33jaqmav.default-1491324543132-1512592173300 [2017-12-08] FF Homepage: Mozilla\Firefox\Profiles\33jaqmav.default-1491324543132-1512592173300 -> www.excite.com/ FF Extension: (Disable Media WMF NV12 format) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Pr ofiles\33jaqmav.default-1491324543132-1512592173300\features\{130de3b5-d676-4b6e-8994-5e6781bdc9ac}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-07] [Lagacy] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2014-10-31] [Lagacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_ 187.dll [2017-12-07] () FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1 .dll [2017-01-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_ 187.dll [2017-12-07] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-31] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-31] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2017-12-08] CHR Extension: (Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-12-06] CHR Extension: (Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-12-06] CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-02-25] CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-02-25] CHR Extension: (Google Search) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-02-25] CHR Extension: (Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-12-06] CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-11-26] CHR Extension: (RealDownloader) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2014-11-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-12-04] CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-27] CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-12-04] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries) R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8924672 2016-02-05] (SecureMix LLC) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] () S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-06] (Malwarebytes) R1 MpKsl726f815f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67AC76F1-3053-4AFB-8118-7E2B22EE2B38}\MpKsl726f815f.sys [58120 2017-12-08] (Microsoft Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.) U3 idsvc; no ImagePath U5 REALPLAYERUPDATESVC; no ImagePath S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-08 18:59 - 2017-12-08 19:00 - 000014497 _____ C:\Users\George\Downloads\FRST.txt 2017-12-08 18:49 - 2017-12-08 18:49 - 002390528 _____ (Farbar) C:\Users\George\Downloads\FRST64 (7).exe 2017-12-08 15:04 - 2017-12-08 15:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2017-12-06 17:39 - 2017-12-06 17:39 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE 2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE 2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton 2017-12-05 18:39 - 2017-12-05 18:39 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-05 18:37 - 2017-12-05 18:38 - 000311256 _____ (Mozilla) C:\Users\George\Downloads\Firefox Installer.exe 2017-12-03 18:52 - 2017-12-06 15:29 - 000000000 ____D C:\Users\George\Desktop\Old Firefox Data 2017-12-03 18:05 - 2017-12-03 18:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-96959487-344117887-1461987557-1001 2017-12-03 17:18 - 2017-12-04 09:21 - 000000000 ____D C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1 2017-12-03 17:18 - 2017-12-04 09:21 - 000000000 ____D C:\WINDOWS\324566be834140dfba1ab94f865c8f83 2017-12-03 17:09 - 2017-12-03 17:09 - 000000000 ____D C:\Users\George\AppData\Local\Package Cache 2017-12-02 13:45 - 2017-12-02 13:45 - 000000000 ____D C:\WINDOWS\FlightingTemp 2017-11-15 13:41 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-11-15 13:41 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-11-15 13:41 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-11-15 13:41 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-15 13:41 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-15 13:41 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-15 13:41 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-15 13:41 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-15 13:41 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-11-15 13:41 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll 2017-11-15 13:41 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-15 13:41 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2017-11-15 13:41 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-11-15 13:41 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-11-15 13:41 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-15 13:41 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-11-15 13:41 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-15 13:41 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-11-15 13:41 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll 2017-11-15 13:41 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-11-15 13:41 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-11-15 13:41 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-11-15 13:41 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-15 13:41 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-15 13:41 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-15 13:41 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2017-11-15 13:41 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-15 13:41 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-11-15 13:41 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-15 13:41 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-15 13:41 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll 2017-11-15 13:41 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-11-15 13:41 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-11-15 13:41 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-11-15 13:41 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-11-15 13:41 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-11-15 13:41 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-11-15 13:41 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-11-15 13:41 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-11-15 13:40 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-15 13:40 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-11-15 13:40 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-15 13:40 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-15 13:40 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-11-15 13:40 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-15 13:40 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-15 13:40 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-15 13:40 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-11-15 13:40 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-15 13:40 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-15 13:40 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-15 13:40 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-11-15 13:40 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-11-15 13:40 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-15 13:40 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-15 13:40 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2017-11-15 13:40 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-15 13:40 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2017-11-15 13:40 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-15 13:40 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-11-15 13:40 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-11-15 13:40 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-11-15 13:40 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-11-15 13:40 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-11-15 13:37 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-15 13:37 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-11-15 13:37 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2017-11-15 13:37 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-15 13:37 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll 2017-11-15 13:37 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll 2017-11-15 13:37 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-11-15 13:37 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-15 13:37 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-11-15 13:37 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll 2017-11-15 13:37 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-11-15 13:36 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-15 13:36 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-15 13:36 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-15 13:36 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-11-15 13:36 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-11-15 13:36 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-15 13:36 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-15 13:36 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-11-15 13:36 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-15 13:36 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-11-15 13:36 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-15 13:36 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-15 13:36 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2017-11-15 13:36 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-11-15 13:36 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll 2017-11-15 13:36 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-15 13:36 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-15 13:36 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe 2017-11-15 13:36 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-11-15 13:36 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-15 13:36 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-11-15 13:36 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2017-11-15 13:36 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll 2017-11-15 13:36 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-11-15 13:36 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-11-15 13:36 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-15 13:36 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2017-11-15 13:36 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-11-15 13:36 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2017-11-15 13:36 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-11-15 13:36 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-11-15 13:36 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-15 13:36 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-15 13:36 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-11-15 13:36 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-11-15 13:36 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-11-15 13:36 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-15 13:36 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-15 13:36 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-15 13:36 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-11-15 13:36 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-15 13:36 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-15 13:36 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-15 13:36 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-15 13:36 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-11-15 13:36 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-11-15 13:36 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-11-15 13:36 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-11-15 13:36 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-11-15 13:36 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-11-15 13:36 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-11-15 13:36 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-11-15 13:35 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-15 13:35 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-15 13:35 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-15 13:35 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-15 13:35 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-15 13:35 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-15 13:35 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-11-15 13:35 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-15 13:35 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-15 13:35 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-15 13:35 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-11-15 13:35 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-15 13:35 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-11-15 13:35 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-11-15 13:35 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-15 13:35 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-15 13:35 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-15 13:35 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys 2017-11-15 13:35 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-15 13:35 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-15 13:35 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-15 13:35 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-15 13:35 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-15 13:35 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-15 13:35 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys 2017-11-15 13:35 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-15 13:35 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-15 13:35 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2017-11-15 13:35 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-11-15 13:35 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-15 13:35 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-11-15 13:35 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-11-15 13:35 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-15 13:35 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-15 13:35 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-11-15 13:35 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-11-15 13:35 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-15 13:35 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-15 13:35 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-11-15 13:35 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-15 13:35 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-15 13:35 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-15 13:35 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2017-11-15 13:35 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-15 13:35 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-15 13:35 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-15 13:35 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-15 13:35 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-11-15 13:35 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-11-15 13:35 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-11-15 13:35 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-11-15 13:35 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-11-15 13:35 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-11-15 13:35 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-11-15 13:35 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dl l 2017-11-15 13:34 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-15 13:34 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-15 13:34 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-15 13:34 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-15 13:34 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-15 13:34 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-15 13:34 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-15 13:34 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-15 13:34 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-15 13:34 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-15 13:34 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-15 13:34 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-15 13:34 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-11-15 13:34 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-11-15 13:34 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll 2017-11-15 13:34 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2017-11-15 13:34 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-11-15 13:34 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll 2017-11-15 13:34 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-11-15 13:34 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-12-08 18:59 - 2016-12-14 13:30 - 000000000 ____D C:\FRST 2017-12-08 18:58 - 2017-04-22 20:11 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2017-12-08 18:29 - 2016-11-19 23:03 - 000000000 ____D C:\Users\George\AppData\LocalLow\Mozilla 2017-12-08 17:49 - 2017-04-22 19:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-08 14:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-07 22:40 - 2014-11-06 15:30 - 000000000 ____D C:\Users\George\AppData\Roaming\vlc 2017-12-07 13:20 - 2015-11-15 12:49 - 000000000 ____D C:\EEK 2017-12-07 13:00 - 2017-04-22 19:56 - 001669130 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-07 12:54 - 2017-04-22 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-07 12:53 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2017-12-07 12:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-12-07 12:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-12-07 12:32 - 2014-10-31 17:05 - 000000000 ____D C:\Users\George\AppData\Local\Adobe 2017-12-06 18:13 - 2017-10-24 07:02 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-06 15:29 - 2016-11-19 17:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-06 15:08 - 2014-05-15 11:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-06 14:53 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-05 18:39 - 2014-05-15 11:17 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-12-05 18:39 - 2014-05-15 11:17 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-12-05 13:18 - 2016-09-23 11:43 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-12-04 17:51 - 2016-09-23 16:55 - 000000000 ____D C:\Users\George\AppData\Local\ESET 2017-12-04 17:50 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF 2017-12-04 17:50 - 2016-09-23 11:43 - 000012487 _____ C:\WINDOWS\ZAM.krnl.trace 2017-12-04 17:49 - 2017-10-29 20:10 - 000000000 ____D C:\ProgramData\Apple 2017-12-04 12:35 - 2015-10-10 15:00 - 005613272 ____R C:\Users\George\Documents\My Money Backup.mbf 2017-12-04 12:35 - 2015-10-10 14:54 - 005611520 _____ C:\Users\George\Documents\My Money.mny 2017-12-04 09:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-12-03 18:35 - 2015-03-28 19:26 - 000000000 ____D C:\Users\George\AppData\Local\ElevatedDiagnostics 2017-12-03 17:38 - 2014-11-07 16:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2017-12-03 17:23 - 2017-04-22 19:57 - 000000000 ____D C:\Users\George 2017-12-03 13:33 - 2014-11-07 16:37 - 000025748 _____ C:\Users\George\AppData\Roaming\wklnhst.dat 2017-11-29 12:01 - 2015-11-05 17:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-25 15:37 - 2014-10-31 17:07 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-11-21 18:17 - 2014-05-15 08:50 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-21 18:14 - 2017-10-12 11:39 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-21 18:14 - 2014-05-15 08:50 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-21 17:06 - 2010-11-20 22:27 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-11-21 08:16 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-11-20 12:12 - 2017-04-22 20:11 - 000004388 _____ C:\WINDOWS\System32\Tasks\adobe flash player updater 2017-11-17 08:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache 2017-11-16 16:09 - 2017-04-22 20:11 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-11-16 16:08 - 2014-10-31 14:42 - 000000000 ____D C:\Users\George\AppData\Roaming\Mozilla 2017-11-15 19:37 - 2015-08-12 16:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-15 19:19 - 2017-06-16 16:47 - 000388288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-11-15 07:49 - 2017-04-22 20:11 - 000003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A1d0e27c2ab926a5 2017-11-15 07:49 - 2017-04-22 20:11 - 000003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore1d0e27c2a9ac8c5 2017-11-13 16:02 - 2014-05-15 11:17 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-13 16:02 - 2014-05-15 11:17 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-11-07 16:37 - 2017-12-03 13:33 - 000025748 _____ () C:\Users\George\AppData\Roaming\wklnhst.dat 2016-05-19 17:47 - 2016-05-19 17:47 - 000000335 _____ () C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-29 08:25 ==================== End of FRST.txt ============================ |
#4
|
|||
|
|||
![]()
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by George (08-12-2017 19:00:49) Running from C:\Users\George\Downloads Windows 10 Pro Version 1703 15063.726 (X64) (2017-04-23 01:20:20) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-96959487-344117887-1461987557-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-96959487-344117887-1461987557-503 - Limited - Disabled) George (S-1-5-21-96959487-344117887-1461987557-1001 - Administrator - Enabled) => C:\Users\George Guest (S-1-5-21-96959487-344117887-1461987557-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-96959487-344117887-1461987557-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123 Free Solitaire 2011 v8.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) Dell System Detect (HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.69 - SecureMix LLC) Google Chrome (HKLM-x32\...\{D486950F-500E-358B-9CC4-16104753329E}) (Version: 62.0.3202.94 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft Encarta Encyclopedia Standard 2005 (HKLM-x32\...\{05410044-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation) Microsoft Money 2005 (HKLM-x32\...\Money2005b) (Version: 14 - Microsoft) Microsoft OneDrive (HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft Picture It! Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) Microsoft Works 2005 Setup Launcher (HKLM-x32\...\Works2005Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation) Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero PhotoShow Express (HKLM-x32\...\Nero PhotoShow Express) (Version: 3.0 - Simple Star, Inc.) OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation) Real Mahjong (HKLM-x32\...\Real Mahjong_is1) (Version: - My Real Games Ltd) RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.) Shockwave (HKLM-x32\...\Shockwave) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software) Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden Yahoo! Powered (HKLM-x32\...\{F42C1CEC-A4AC-CD6C-152C-BDECC5AC6E6C}) (Version: - ) <==== ATTENTION Yahtzee 1.1.6 (HKLM-x32\...\Yahtzee_is1) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {03964096-1F84-4276-A678-3F225C5529E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {09C6D6AE-C236-438F-BE62-79691B38FC87} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {0CAB5520-8938-4C6D-993C-98B5301CBC76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {0FD73492-33D7-4E29-AD7D-01E0010F687E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {1B711B91-5880-40CE-B239-E12A9BD206C3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2106089C-9495-4AA6-ADD4-DFC1DD117044} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {241A2939-DCD6-46CD-87EF-458D047DAE50} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2987F57C-0A3D-43B9-A09D-CC81AC8FFE71} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {423FC988-BAE9-45BA-8841-2C2B0309C5B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\WINDOWS\system32\MRT.exe [2017-11-21] (Microsoft Corporation) Task: {43BCF16C-002C-427D-95E9-872BC3114574} - System32\Tasks\adobe flash player updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-12-07] (Adobe Systems Incorporated) Task: {46A01979-9185-40DD-A3AC-665B059BD7C0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {4ADB616E-9021-452D-80BC-782CDFDB6512} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-96959487-344117887-1461987557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {4B4A9C4D-7C79-4AC6-A462-FF085ADB932A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {5081EE9A-2FA7-4141-ABEC-B9560B6D2835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath Task: {59E1E7FE-79D7-4522-86FB-A9C6786B654A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {620190C6-6B68-468D-9E08-DD7E89D44691} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {737FCD55-E499-4954-9B02-A9049C199928} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {754ACFDF-790D-4E86-9A7B-07167747A0C1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {783293EE-0C39-4E6B-8598-F7BC10374762} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {7949D64F-DF57-40AC-A58D-C0AFFC89F83E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7B207F80-B0A3-4118-A3C4-AB949FA8A5B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {946C4FE5-8A7B-4890-B08F-B788754E4DDF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] () Task: {9F19199F-0DF1-4A1C-B68E-BA05B9AA8E25} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A1141410-D905-49BE-8644-CA93A34AD1F5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A814B961-F531-4BAC-BC00-2C96F1980852} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A97319BF-E4BE-43E7-8A70-F3758A9F73A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ABD81568-9119-421E-B019-55593CC63799} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ADCF4245-D193-4A1E-8963-9B6BE1F66FF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {AEF64111-230F-4896-A16E-A7722A327B43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CA4BEDDF-2101-4BB9-96D9-4EE7741EA3B9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-96959487-344117887-1461987557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {CBBEFEC4-5D80-4403-9309-3BD731A71152} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D22D80DA-0108-4FC5-B51B-65C14B6A8341} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D508E296-78F4-402F-90F4-A1300FBED793} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e27c2ab 926a5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {D56DABB4-E60F-432E-BA0E-A4E73D5839A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {D6BDCA4E-BFB7-4BD8-837F-CD961B380125} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D9AA4A49-A52A-4607-9980-6FD9B7449462} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {DA330154-244D-42A9-B5F1-CC774B4E13AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E1278B51-489A-4E80-A301-F670589AB544} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e27c2 a9ac8c5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {FB22E064-0756-4A2C-9D77-A09A5CAC941B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {FD8CEBC3-DDA7-4F7D-8756-72CCD27CDA38} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {FE694BDA-30FF-40C2-8B98-D22F5A52034A} - System32\Tasks\S-1-5-21-96959487-344117887-1461987557-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-11-30 07:49 - 2017-11-30 07:50 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe 2017-11-30 07:49 - 2017-11-30 07:50 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-11-30 07:49 - 2017-11-30 07:50 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkyWrap.dll 2017-11-30 07:49 - 2017-11-30 07:50 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\skypert.dll 2017-11-01 06:51 - 2017-11-01 06:52 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.A pplications.Telemetry.Windows.dll 2017-12-06 14:52 - 2017-12-06 14:53 - 001231528 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Office.UI.X aml.Word.dll 2017-09-26 06:48 - 2017-09-26 06:49 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.U I.Xaml.dll 2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll 2017-08-30 06:51 - 2017-08-30 06:51 - 000016896 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe 2017-08-30 06:51 - 2017-08-30 06:51 - 017584128 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.dll 2017-11-20 07:52 - 2017-11-20 07:52 - 005224328 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.17 11.2.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dl l 2016-03-03 12:05 - 2016-03-03 12:05 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-11-13 16:02 - 2017-11-10 04:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swift shader\libglesv2.dll 2017-11-13 16:02 - 2017-11-10 04:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swift shader\libegl.dll 2017-02-14 08:42 - 2017-02-14 08:42 - 000326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll 2017-03-28 14:32 - 2017-03-28 14:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll 2016-02-05 02:32 - 2016-02-05 02:32 - 000246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-04-22 20:51 - 000002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-96959487-344117887-1461987557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Microsoft\Windows\Th emes\img8.jpg DNS Servers: 13.59.228.155 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 6600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk.Startup MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^wkcalrem.LNK => C:\Windows\pss\WKCALREM.LNK.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN41H8R67S05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe MSCONFIG\startupreg: PhotoShow Deluxe Media Manager => C:\PROGRA~2\Nero\data\Xtras\mssysmgr.exe MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot HKLM\...\StartupApproved\Run32: => "SoundMAXPnP" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Officejet 6600 (Network).lnk" HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\Run: => "WeatherBuddy" ==================== FirewallRules (Whitelisted) =============== ============================ |
#5
|
|||
|
|||
![]()
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{29E0D32C-AC47-41A9-B665-AABE2A793499}] => (Allow) LPort=7000 FirewallRules: [{7478DCCA-40A3-40C0-9A91-9BC19131572C}] => (Allow) LPort=7000 FirewallRules: [{2737ED92-144C-496B-8CD5-BC62A210CC35}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe FirewallRules: [{366B0106-C2D8-41CC-822B-7C3474EAE158}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe FirewallRules: [{D7A4681F-8736-4604-AF76-F8DCF7199909}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe FirewallRules: [{48AA5C83-0075-4DA8-A752-33E6486FB37F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe FirewallRules: [{106A13F0-7204-4D5A-9D4F-739971AE3C63}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe FirewallRules: [{06156F4E-A02F-417D-82DB-EB435EAB1000}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{6C2F1F10-A6B8-4C64-B68F-7B2D22FF1BF6}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe FirewallRules: [{6CF286E4-6739-4401-B755-8EE131FFD317}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe FirewallRules: [{179F3EAF-DB29-4807-B22F-CE03CFA3A38A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{15D7B749-BEEE-400B-8FFB-8D7A8C470EAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{BFBCC560-6005-49F3-BD7D-631ACF9062A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 21-11-2017 18:13:17 Windows Update 29-11-2017 08:27:45 Scheduled Checkpoint 03-12-2017 17:38:12 Removed WeatherBuddy 04-12-2017 17:46:50 Removed Apple Application Support (32-bit) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/08/2017 11:58:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: George-PC) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/08/2017 02:05:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02 Exception code: 0xe0434352 Fault offset: 0x000ecbb2 Faulting process id: 0x1778 Faulting application start time: 0x01d36ff2e4a019e9 Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9135bb91-0bd0-48cd-9a95-721883b62e5f Faulting package full name: Faulting package-relative application ID: Error: (12/08/2017 02:05:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: esu.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef) at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean) at Garmin.Omt.Service.Shared.Overrides..cctor() Exception Info: System.TypeInitializationException at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl () at Garmin.Omt.Express.SelfUpdater.Program.RealMain() at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[]) Error: (12/07/2017 10:33:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: George-PC) Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMu sic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/07/2017 01:44:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02 Exception code: 0xe0434352 Fault offset: 0x000ecbb2 Faulting process id: 0x2fc8 Faulting application start time: 0x01d36f26d921bbd1 Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 7a0ce2bd-52d7-44ee-995a-f102e5ca3bd7 Faulting package full name: Faulting package-relative application ID: Error: (12/07/2017 01:44:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: esu.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef) at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean) at Garmin.Omt.Service.Shared.Overrides..cctor() Exception Info: System.TypeInitializationException at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl () at Garmin.Omt.Express.SelfUpdater.Program.RealMain() at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[]) Error: (12/06/2017 04:58:15 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/06/2017 03:14:30 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/06/2017 07:50:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02 Exception code: 0xe0434352 Fault offset: 0x000ecbb2 Faulting process id: 0x1c7c Faulting application start time: 0x01d36e90bf9d4ac2 Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: b80be28f-4330-4ec3-99f5-ae2d93f9f9af Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 07:50:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: esu.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef) at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean) at Garmin.Omt.Service.Shared.Overrides..cctor() Exception Info: System.TypeInitializationException at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl () at Garmin.Omt.Express.SelfUpdater.Program.RealMain() at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[]) System errors: ============= Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/08/2017 03:06:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.259.87.0). CodeIntegrity: =================================== Date: 2017-12-08 15:03:56.690 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Wind ows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-08 15:03:56.688 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Wind ows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-19 12:35:39.110 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements. Date: 2017-06-17 14:39:10.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements. Date: 2017-06-16 18:08:41.414 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements. Date: 2017-06-16 18:06:46.312 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements. Date: 2017-06-16 18:04:22.452 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements. Date: 2017-06-16 17:41:21.831 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2017-06-16 17:19:22.723 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2017-06-15 20:24:00.756 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 42% Total physical RAM: 3956.61 MB Available physical RAM: 2270.78 MB Total Virtual: 5183.41 MB Available Virtual: 3042.76 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:924.11 GB) (Free:874.2 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7ECBF10) Partition 1: (Active) - (Size=7.4 GB) - (Type=27) Partition 2: (Not Active) - (Size=924.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ================ |
#6
|
||||
|
||||
Hi Jerry56,
Quote:
================================================== ====== These softwares are running at system startup. Unnecessary. You can stop them. Microsoft Office HP Officejet 6600 Adobe software HP Software Update NeroFilterCheck PhotoShow Deluxe Media Manager SDTray TkBellExe GarminExpressTrayApp WeatherBuddy ================================================== ====== Quote:
================================================== ======= Quote:
http://www.systemlookup.com/search.p...h=gwdrv.sys&s= Please stop the GlassWire service. How to remove all GlassWire folders and data https://forum.glasswire.com/t/how-to...-and-data/4135 ================================================== ========= Quote:
Please check, if you had any remote session to help you to recover from any issues on the machine.If you dont remember any remote session history, let me know. ================================================== ========= Do you use Zemane antimalware software ? ================================================ Please do this following; You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job) Programs to remove Java 8 Update 111 Yahoo! Powered
Download RogueKiller: https://www.bleepingcomputer.com/download/roguekiller/ Select the version that applies to the system. Save to the Desktop. After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.) Press: SCAN When done, a report opens on the drive: RKreport.txt Please provide the RKreport.txt (Mode: Scan) in your reply. |
#7
|
|||
|
|||
![]()
I did not set 1)Proxy Server (Default) 127.0.01:8536
2)Proxy Enable (5-15-19) proxy is enable PC would not go on the internet and it was set to automatic detect proxy in order to connect to the internet. I don't understand how to remove Glasswire service. Don't recognize the file C:users\George\app data\local\LMIR0002.Tmp_r.bak I don't know of any remote session to recover any issue. Didn't used Zemare antimalware. RogueKiller V12.11.27.0 (x64) [Dec 4 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.15063) 64 bits version Started in : Normal mode User : George [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 12/09/2017 23:44:08 (Duration : 00:42:06) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 20 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R TOP -> Found [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-96959487-344117887-1461987557-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-96959487-344117887-1461987557-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155 ([X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [PUM.HomePage][Firefox:Config] 33jaqmav.default-1491324543132-1512592173300 : user_pref("browser.startup.homepage", "www.excite.com/"); -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.excite.com/] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++ --- User --- [MBR] 1f16ac5d697fc88c265b119efac8e1f4 [BSP] 9c1804c83343e16ead17c5a8b8d4b0fd : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7574 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 15513600 | Size: 946293 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK |
#8
|
||||
|
||||
PC would not go on the internet and it was set to automatic detect proxy in order to connect to the internet.
So, you are not using a proxy. Is it correct ? If you do not use , I will remove it. --------------------------------------------- Please tell us about all the actions you've done Did you uninstall completely with RevoUninstaller, the Yahoo! Powered and Java softwares? |
#9
|
|||
|
|||
![]()
I deleted Yahoo! Powered and Java softwares?
But I didn't delete anything from RogueKiller. The Proxy setting I am using now is 127.0.01 port 8536 Last edited by Jerry56; December 10th, 2017 at 06:52 PM. |
#10
|
||||
|
||||
Okay. Thanks Jerry56,
Please do this following. Step 1: FRST Script: Please download this attached Fixlist.txt (8.7 KB, 0 views) downloads and Save it to the Desktop, and name it: fixlist.txt
and fixlist.txt are in the same location or the fix will not work. Step 2: RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 Link 2
Last edited by olgun52; December 10th, 2017 at 10:32 PM. |
#11
|
|||
|
|||
![]()
I still don't understand how to stop Glasswire service.
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017 Ran by George (10-12-2017 18:17:20) Run:2 Running from C:\Users\George\Desktop Loaded Profiles: George (Available Profiles: George & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION U3 idsvc; no ImagePath U5 REALPLAYERUPDATESVC; no ImagePath C:\Users\George\AppData\Roaming\wklnhst.dat Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] 2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace C:\Program Files (x86)\Zemana AntiMalware C:\WINDOWS\ZAM.krnl.trace 2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE 2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE 2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155 Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1 Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83 Hosts: EmptyTemp: Rkill 2.9.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2017 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/10/2017 06:32:06 PM in x64 mode. Windows Version: Windows 10 Pro Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\George\Desktop\FRST64.exe (PID: 8904) [UP-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 12/10/2017 06:33:40 PM Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s) Malwarebyte didn't find anything. **** Now window Defender will not turn on Last edited by Jerry56; December 11th, 2017 at 02:42 AM. |
#12
|
||||
|
||||
Fixlist operation is not successful. Minus. You should do it again. Please repeat
|
#13
|
|||
|
|||
![]()
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by George (11-12-2017 15:20:07) Run:4 Running from C:\Users\George\Desktop Loaded Profiles: George (Available Profiles: George & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION U3 idsvc; no ImagePath U5 REALPLAYERUPDATESVC; no ImagePath C:\Users\George\AppData\Roaming\wklnhst.dat Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] 2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace C:\Program Files (x86)\Zemana AntiMalware C:\WINDOWS\ZAM.krnl.trace 2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE 2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE 2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155 Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1 Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83 Hosts: EmptyTemp: |
#14
|
||||
|
||||
Fail again
Fixlist and FRST software should be on your desktop. Then press the Fix button once. A fixlog file will be created on the desktop. |
#15
|
|||
|
|||
![]()
I DON"T KNOW WHAT I AM DOING WRONG BECAUSE BOTH ARE ON THE DESKTOP
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017 Ran by George (11-12-2017 16:47:39) Run:5 Running from C:\Users\George\Desktop Loaded Profiles: George (Available Profiles: George & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151] AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION U3 idsvc; no ImagePath U5 REALPLAYERUPDATESVC; no ImagePath C:\Users\George\AppData\Roaming\wklnhst.dat Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] 2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace C:\Program Files (x86)\Zemana AntiMalware C:\WINDOWS\ZAM.krnl.trace 2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE 2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE 2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155 Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1 Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83 Hosts: EmptyTemp: |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Suspect Virus | Jerry56 | Malware Removal | 1 | October 1st, 2019 10:28 AM |
Suspect Virus | Jerry56 | Malware Removal | 82 | June 11th, 2012 01:08 AM |
IE slow. Suspect spyware/virus | zombyfellow | Malware Removal | 1 | December 27th, 2008 09:13 PM |
suspect a virus in my comp - please help! | vimal_dec15 | Malware Removal | 3 | August 20th, 2007 11:13 AM |
I Need Help With My Ie. I Suspect Its A Virus | techhelp4me | Malware Removal | 1 | December 21st, 2006 06:42 AM |
All times are GMT +1. The time now is 10:23 PM.