Slow Pc suspect Virus

Jerry56 · #1 December 8th, 2017, 06:34 PM

I post this in window 10 but did not get any reply because I think it was in the wrong forum so I am posting it here.

I am running windows 10 ,when I go on the internet its very slow I suspect that it have virus because it was very fast before.
I ran malware byte and it found some malware and it clean it up yesterday , I ran it again today and it found more. but the PC is still slow.

olgun52 · #2 December 8th, 2017, 11:13 PM

Hello Jerry56 and Welcome to the CyberTechHelp Forums.

.
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

Please do this following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Have a nice day.

Jerry56 · #3 December 9th, 2017, 01:10 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by George (administrator) on GEORGE-PC (08-12-2017 18:59:22)
Running from C:\Users\George\Downloads
Loaded Profiles: George (Available Profiles: George & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxOutlook.e xe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\George\Downloads\FRST64 (7).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-96959487-344117887-1461987557-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk [2017-12-04]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6600 (Network).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\WKCALREM.LNK [2015-07-03]
ShortcutTarget: WKCALREM.LNK -> C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8536
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8536
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8536
ProxyServer: [S-1-5-21-96959487-344117887-1461987557-1001] => 127.0.0.1:8536
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55}: [NameServer] 13.59.228.155
Tcpip\..\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-13] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 33jaqmav.default-1491324543132-1512592173300
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Pr ofiles\33jaqmav.default-1491324543132-1512592173300 [2017-12-08]
FF Homepage: Mozilla\Firefox\Profiles\33jaqmav.default-1491324543132-1512592173300 -> www.excite.com/
FF Extension: (Disable Media WMF NV12 format) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Pr ofiles\33jaqmav.default-1491324543132-1512592173300\features\{130de3b5-d676-4b6e-8994-5e6781bdc9ac}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-07] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2014-10-31] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_ 187.dll [2017-12-07] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1 .dll [2017-01-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_ 187.dll [2017-12-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-31] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2017-12-08]
CHR Extension: (Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-12-06]
CHR Extension: (Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-12-06]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-02-25]
CHR Extension: (Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-11-26]
CHR Extension: (RealDownloader) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2014-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-12-04]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-12-04]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8924672 2016-02-05] (SecureMix LLC)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-06] (Malwarebytes)
R1 MpKsl726f815f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67AC76F1-3053-4AFB-8118-7E2B22EE2B38}\MpKsl726f815f.sys [58120 2017-12-08] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-08 18:59 - 2017-12-08 19:00 - 000014497 _____ C:\Users\George\Downloads\FRST.txt
2017-12-08 18:49 - 2017-12-08 18:49 - 002390528 _____ (Farbar) C:\Users\George\Downloads\FRST64 (7).exe
2017-12-08 15:04 - 2017-12-08 15:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-06 17:39 - 2017-12-06 17:39 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE
2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE
2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton
2017-12-05 18:39 - 2017-12-05 18:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-05 18:37 - 2017-12-05 18:38 - 000311256 _____ (Mozilla) C:\Users\George\Downloads\Firefox Installer.exe
2017-12-03 18:52 - 2017-12-06 15:29 - 000000000 ____D C:\Users\George\Desktop\Old Firefox Data
2017-12-03 18:05 - 2017-12-03 18:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-96959487-344117887-1461987557-1001
2017-12-03 17:18 - 2017-12-04 09:21 - 000000000 ____D C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1
2017-12-03 17:18 - 2017-12-04 09:21 - 000000000 ____D C:\WINDOWS\324566be834140dfba1ab94f865c8f83
2017-12-03 17:09 - 2017-12-03 17:09 - 000000000 ____D C:\Users\George\AppData\Local\Package Cache
2017-12-02 13:45 - 2017-12-02 13:45 - 000000000 ____D C:\WINDOWS\FlightingTemp
2017-11-15 13:41 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 13:41 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 13:41 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 13:41 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 13:41 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 13:41 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 13:41 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 13:41 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 13:41 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 13:41 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 13:41 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 13:41 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 13:41 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 13:41 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 13:41 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 13:41 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 13:41 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 13:41 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 13:41 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 13:41 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 13:41 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 13:41 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 13:41 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 13:41 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 13:41 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 13:41 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 13:41 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 13:41 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 13:41 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 13:41 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 13:41 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-11-15 13:41 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 13:41 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 13:41 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 13:41 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 13:41 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 13:41 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 13:41 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 13:41 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 13:40 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 13:40 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 13:40 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 13:40 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 13:40 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 13:40 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 13:40 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 13:40 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 13:40 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 13:40 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 13:40 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 13:40 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 13:40 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 13:40 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 13:40 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 13:40 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 13:40 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 13:40 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 13:40 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 13:40 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 13:40 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 13:40 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 13:40 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 13:40 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 13:40 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 13:37 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 13:37 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 13:37 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 13:37 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 13:37 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 13:37 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 13:37 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 13:37 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 13:37 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 13:37 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-11-15 13:37 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 13:36 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 13:36 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 13:36 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 13:36 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 13:36 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 13:36 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 13:36 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 13:36 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 13:36 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 13:36 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 13:36 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 13:36 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 13:36 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 13:36 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 13:36 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 13:36 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 13:36 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 13:36 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 13:36 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 13:36 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 13:36 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 13:36 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 13:36 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 13:36 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 13:36 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 13:36 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 13:36 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 13:36 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 13:36 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 13:36 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 13:36 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 13:36 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 13:36 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 13:36 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 13:36 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 13:36 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 13:36 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 13:36 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 13:36 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 13:36 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 13:36 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 13:36 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 13:36 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 13:36 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 13:36 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 13:36 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 13:36 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 13:36 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 13:36 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 13:36 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 13:36 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 13:36 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 13:35 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 13:35 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 13:35 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 13:35 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 13:35 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 13:35 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 13:35 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 13:35 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 13:35 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 13:35 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 13:35 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 13:35 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 13:35 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 13:35 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 13:35 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 13:35 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 13:35 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 13:35 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 13:35 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 13:35 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 13:35 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 13:35 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 13:35 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 13:35 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 13:35 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 13:35 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 13:35 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 13:35 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 13:35 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 13:35 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 13:35 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 13:35 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 13:35 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 13:35 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 13:35 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 13:35 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 13:35 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 13:35 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 13:35 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 13:35 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 13:35 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 13:35 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 13:35 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 13:35 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 13:35 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 13:35 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 13:35 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 13:35 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 13:35 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 13:35 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 13:35 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 13:35 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 13:35 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 13:35 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 13:35 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dl l
2017-11-15 13:34 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 13:34 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 13:34 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 13:34 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 13:34 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 13:34 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 13:34 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 13:34 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 13:34 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 13:34 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 13:34 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 13:34 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 13:34 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 13:34 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 13:34 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-11-15 13:34 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 13:34 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 13:34 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-11-15 13:34 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 13:34 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-08 18:59 - 2016-12-14 13:30 - 000000000 ____D C:\FRST
2017-12-08 18:58 - 2017-04-22 20:11 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2017-12-08 18:29 - 2016-11-19 23:03 - 000000000 ____D C:\Users\George\AppData\LocalLow\Mozilla
2017-12-08 17:49 - 2017-04-22 19:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-08 14:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-07 22:40 - 2014-11-06 15:30 - 000000000 ____D C:\Users\George\AppData\Roaming\vlc
2017-12-07 13:20 - 2015-11-15 12:49 - 000000000 ____D C:\EEK
2017-12-07 13:00 - 2017-04-22 19:56 - 001669130 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-07 12:54 - 2017-04-22 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-07 12:53 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-07 12:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-07 12:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-07 12:32 - 2014-10-31 17:05 - 000000000 ____D C:\Users\George\AppData\Local\Adobe
2017-12-06 18:13 - 2017-10-24 07:02 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-06 15:29 - 2016-11-19 17:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-06 15:08 - 2014-05-15 11:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-06 14:53 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-05 18:39 - 2014-05-15 11:17 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-05 18:39 - 2014-05-15 11:17 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-05 13:18 - 2016-09-23 11:43 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-04 17:51 - 2016-09-23 16:55 - 000000000 ____D C:\Users\George\AppData\Local\ESET
2017-12-04 17:50 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-04 17:50 - 2016-09-23 11:43 - 000012487 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-04 17:49 - 2017-10-29 20:10 - 000000000 ____D C:\ProgramData\Apple
2017-12-04 12:35 - 2015-10-10 15:00 - 005613272 ____R C:\Users\George\Documents\My Money Backup.mbf
2017-12-04 12:35 - 2015-10-10 14:54 - 005611520 _____ C:\Users\George\Documents\My Money.mny
2017-12-04 09:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-03 18:35 - 2015-03-28 19:26 - 000000000 ____D C:\Users\George\AppData\Local\ElevatedDiagnostics
2017-12-03 17:38 - 2014-11-07 16:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-12-03 17:23 - 2017-04-22 19:57 - 000000000 ____D C:\Users\George
2017-12-03 13:33 - 2014-11-07 16:37 - 000025748 _____ C:\Users\George\AppData\Roaming\wklnhst.dat
2017-11-29 12:01 - 2015-11-05 17:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-25 15:37 - 2014-10-31 17:07 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-21 18:17 - 2014-05-15 08:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 18:14 - 2017-10-12 11:39 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 18:14 - 2014-05-15 08:50 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 17:06 - 2010-11-20 22:27 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-21 08:16 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-20 12:12 - 2017-04-22 20:11 - 000004388 _____ C:\WINDOWS\System32\Tasks\adobe flash player updater
2017-11-17 08:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 16:09 - 2017-04-22 20:11 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 16:08 - 2014-10-31 14:42 - 000000000 ____D C:\Users\George\AppData\Roaming\Mozilla
2017-11-15 19:37 - 2015-08-12 16:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 19:19 - 2017-06-16 16:47 - 000388288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 19:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 07:49 - 2017-04-22 20:11 - 000003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A1d0e27c2ab926a5
2017-11-15 07:49 - 2017-04-22 20:11 - 000003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore1d0e27c2a9ac8c5
2017-11-13 16:02 - 2014-05-15 11:17 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 16:02 - 2014-05-15 11:17 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-11-07 16:37 - 2017-12-03 13:33 - 000025748 _____ () C:\Users\George\AppData\Roaming\wklnhst.dat
2016-05-19 17:47 - 2016-05-19 17:47 - 000000335 _____ () C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-29 08:25

==================== End of FRST.txt ============================

Jerry56 · #4 December 9th, 2017, 01:17 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by George (08-12-2017 19:00:49)
Running from C:\Users\George\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-04-23 01:20:20)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-96959487-344117887-1461987557-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-96959487-344117887-1461987557-503 - Limited - Disabled)
George (S-1-5-21-96959487-344117887-1461987557-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-96959487-344117887-1461987557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-96959487-344117887-1461987557-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123 Free Solitaire 2011 v8.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Dell System Detect (HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.69 - SecureMix LLC)
Google Chrome (HKLM-x32\...\{D486950F-500E-358B-9CC4-16104753329E}) (Version: 62.0.3202.94 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Encarta Encyclopedia Standard 2005 (HKLM-x32\...\{05410044-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Money 2005 (HKLM-x32\...\Money2005b) (Version: 14 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM-x32\...\Works2005Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero PhotoShow Express (HKLM-x32\...\Nero PhotoShow Express) (Version: 3.0 - Simple Star, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Real Mahjong (HKLM-x32\...\Real Mahjong_is1) (Version: - My Real Games Ltd)
RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Yahoo! Powered (HKLM-x32\...\{F42C1CEC-A4AC-CD6C-152C-BDECC5AC6E6C}) (Version: - ) <==== ATTENTION
Yahtzee 1.1.6 (HKLM-x32\...\Yahtzee_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {03964096-1F84-4276-A678-3F225C5529E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09C6D6AE-C236-438F-BE62-79691B38FC87} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0CAB5520-8938-4C6D-993C-98B5301CBC76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {0FD73492-33D7-4E29-AD7D-01E0010F687E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1B711B91-5880-40CE-B239-E12A9BD206C3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2106089C-9495-4AA6-ADD4-DFC1DD117044} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {241A2939-DCD6-46CD-87EF-458D047DAE50} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2987F57C-0A3D-43B9-A09D-CC81AC8FFE71} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {423FC988-BAE9-45BA-8841-2C2B0309C5B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\WINDOWS\system32\MRT.exe [2017-11-21] (Microsoft Corporation)
Task: {43BCF16C-002C-427D-95E9-872BC3114574} - System32\Tasks\adobe flash player updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-12-07] (Adobe Systems Incorporated)
Task: {46A01979-9185-40DD-A3AC-665B059BD7C0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4ADB616E-9021-452D-80BC-782CDFDB6512} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-96959487-344117887-1461987557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4B4A9C4D-7C79-4AC6-A462-FF085ADB932A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5081EE9A-2FA7-4141-ABEC-B9560B6D2835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath
Task: {59E1E7FE-79D7-4522-86FB-A9C6786B654A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {620190C6-6B68-468D-9E08-DD7E89D44691} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {737FCD55-E499-4954-9B02-A9049C199928} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {754ACFDF-790D-4E86-9A7B-07167747A0C1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {783293EE-0C39-4E6B-8598-F7BC10374762} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7949D64F-DF57-40AC-A58D-C0AFFC89F83E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7B207F80-B0A3-4118-A3C4-AB949FA8A5B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {946C4FE5-8A7B-4890-B08F-B788754E4DDF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {9F19199F-0DF1-4A1C-B68E-BA05B9AA8E25} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1141410-D905-49BE-8644-CA93A34AD1F5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A814B961-F531-4BAC-BC00-2C96F1980852} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A97319BF-E4BE-43E7-8A70-F3758A9F73A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ABD81568-9119-421E-B019-55593CC63799} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ADCF4245-D193-4A1E-8963-9B6BE1F66FF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {AEF64111-230F-4896-A16E-A7722A327B43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CA4BEDDF-2101-4BB9-96D9-4EE7741EA3B9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-96959487-344117887-1461987557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CBBEFEC4-5D80-4403-9309-3BD731A71152} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D22D80DA-0108-4FC5-B51B-65C14B6A8341} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D508E296-78F4-402F-90F4-A1300FBED793} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e27c2ab 926a5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D56DABB4-E60F-432E-BA0E-A4E73D5839A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {D6BDCA4E-BFB7-4BD8-837F-CD961B380125} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9AA4A49-A52A-4607-9980-6FD9B7449462} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DA330154-244D-42A9-B5F1-CC774B4E13AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E1278B51-489A-4E80-A301-F670589AB544} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e27c2 a9ac8c5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath
Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB22E064-0756-4A2C-9D77-A09A5CAC941B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FD8CEBC3-DDA7-4F7D-8756-72CCD27CDA38} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE694BDA-30FF-40C2-8B98-D22F5A52034A} - System32\Tasks\S-1-5-21-96959487-344117887-1461987557-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Windows\ Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 07:49 - 2017-11-30 07:50 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 07:49 - 2017-11-30 07:50 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 07:49 - 2017-11-30 07:50 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 07:49 - 2017-11-30 07:50 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x6 4__kzf8qxf38zg5c\skypert.dll
2017-11-01 06:51 - 2017-11-01 06:52 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.A pplications.Telemetry.Windows.dll
2017-12-06 14:52 - 2017-12-06 14:53 - 001231528 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Office.UI.X aml.Word.dll
2017-09-26 06:48 - 2017-09-26 06:49 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.U I.Xaml.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-08-30 06:51 - 2017-08-30 06:51 - 000016896 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
2017-08-30 06:51 - 2017-08-30 06:51 - 017584128 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.dll
2017-11-20 07:52 - 2017-11-20 07:52 - 005224328 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.17 11.2.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dl l
2016-03-03 12:05 - 2016-03-03 12:05 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.21.2212. 0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-11-13 16:02 - 2017-11-10 04:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swift shader\libglesv2.dll
2017-11-13 16:02 - 2017-11-10 04:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swift shader\libegl.dll
2017-02-14 08:42 - 2017-02-14 08:42 - 000326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 14:32 - 2017-03-28 14:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-02-05 02:32 - 2016-02-05 02:32 - 000246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-04-22 20:51 - 000002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-96959487-344117887-1461987557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Microsoft\Windows\Th emes\img8.jpg
DNS Servers: 13.59.228.155
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 6600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^wkcalrem.LNK => C:\Windows\pss\WKCALREM.LNK.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN41H8R67S05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: PhotoShow Deluxe Media Manager => C:\PROGRA~2\Nero\data\Xtras\mssysmgr.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Officejet 6600 (Network).lnk"
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\Run: => "WeatherBuddy"

==================== FirewallRules (Whitelisted) ===============

============================

Jerry56 · #5 December 9th, 2017, 01:18 AM

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{29E0D32C-AC47-41A9-B665-AABE2A793499}] => (Allow) LPort=7000
FirewallRules: [{7478DCCA-40A3-40C0-9A91-9BC19131572C}] => (Allow) LPort=7000
FirewallRules: [{2737ED92-144C-496B-8CD5-BC62A210CC35}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{366B0106-C2D8-41CC-822B-7C3474EAE158}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{D7A4681F-8736-4604-AF76-F8DCF7199909}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{48AA5C83-0075-4DA8-A752-33E6486FB37F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{106A13F0-7204-4D5A-9D4F-739971AE3C63}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{06156F4E-A02F-417D-82DB-EB435EAB1000}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6C2F1F10-A6B8-4C64-B68F-7B2D22FF1BF6}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6CF286E4-6739-4401-B755-8EE131FFD317}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{179F3EAF-DB29-4807-B22F-CE03CFA3A38A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{15D7B749-BEEE-400B-8FFB-8D7A8C470EAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BFBCC560-6005-49F3-BD7D-631ACF9062A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

21-11-2017 18:13:17 Windows Update
29-11-2017 08:27:45 Scheduled Checkpoint
03-12-2017 17:38:12 Removed WeatherBuddy
04-12-2017 17:46:50 Removed Apple Application Support (32-bit)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2017 11:58:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: George-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2017 02:05:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x1778
Faulting application start time: 0x01d36ff2e4a019e9
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9135bb91-0bd0-48cd-9a95-721883b62e5f
Faulting package full name:
Faulting package-relative application ID:

Error: (12/08/2017 02:05:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl ()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[])

Error: (12/07/2017 10:33:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: George-PC)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMu sic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2017 01:44:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x2fc8
Faulting application start time: 0x01d36f26d921bbd1
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7a0ce2bd-52d7-44ee-995a-f102e5ca3bd7
Faulting package full name:
Faulting package-relative application ID:

Error: (12/07/2017 01:44:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl ()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[])

Error: (12/06/2017 04:58:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/06/2017 03:14:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/06/2017 07:50:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x1c7c
Faulting application start time: 0x01d36e90bf9d4ac2
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b80be28f-4330-4ec3-99f5-ae2d93f9f9af
Faulting package full name:
Faulting package-relative application ID:

Error: (12/06/2017 07:50:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBui lder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacen terOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacent erOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl ()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System .String[])

System errors:
=============
Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 06:29:07 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 06:01:02 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 05:56:45 PM) (Source: DCOM) (EventID: 10016) (User: George-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user George-PC\George SID (S-1-5-21-96959487-344117887-1461987557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2017 03:06:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.259.87.0).

CodeIntegrity:
===================================
Date: 2017-12-08 15:03:56.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Wind ows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-08 15:03:56.688
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Wind ows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-19 12:35:39.110
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements.

Date: 2017-06-17 14:39:10.249
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements.

Date: 2017-06-16 18:08:41.414
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements.

Date: 2017-06-16 18:06:46.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements.

Date: 2017-06-16 18:04:22.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll that did not meet the Store signing level requirements.

Date: 2017-06-16 17:41:21.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2017-06-16 17:19:22.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2017-06-15 20:24:00.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 42%
Total physical RAM: 3956.61 MB
Available physical RAM: 2270.78 MB
Total Virtual: 5183.41 MB
Available Virtual: 3042.76 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:924.11 GB) (Free:874.2 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7ECBF10)
Partition 1: (Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=924.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ================

olgun52 · #6 December 10th, 2017, 12:52 AM

Hi Jerry56,

Quote:

HKU\S-1-5-21-96959487-344117887-1461987557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Microsoft\Windows\Th emes\img8.jpg
DNS Servers: 13.59.228.155

Did you set , the desktop wallpaper from Amazon.com.?
================================================== ======

These softwares are running at system startup. Unnecessary. You can stop them.
Microsoft Office
HP Officejet 6600
Adobe software
HP Software Update
NeroFilterCheck
PhotoShow Deluxe Media Manager
SDTray
TkBellExe
GarminExpressTrayApp
WeatherBuddy
================================================== ======

Quote:

ProxyServer: [.DEFAULT] => 127.0.0.1:8536
ProxyEnable: [S-1-5-19] => Proxy is enabled.

Did you set these proxy settings? Do you have info?
================================================== =======

Quote:

R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)

gwdrv.sys ===>> GlassWire Firewall
http://www.systemlookup.com/search.p...h=gwdrv.sys&s=
Please stop the GlassWire service.
How to remove all GlassWire folders and data
https://forum.glasswire.com/t/how-to...-and-data/4135

================================================== =========

Quote:

C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat

Do you recognize this file.
Please check, if you had any remote session to help you to recover from any issues on the machine.If you dont remember any remote session history, let me know.
================================================== =========

Do you use Zemane antimalware software ?

================================================

Please do this following;

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 8 Update 111
Yahoo! Powered

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish

================================================== ===============================

Download RogueKiller:
https://www.bleepingcomputer.com/download/roguekiller/

Select the version that applies to the system.
Save to the Desktop.

After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator

At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the drive: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Jerry56 · #7 December 10th, 2017, 06:57 AM

I did not set 1)Proxy Server (Default) 127.0.01:8536
2)Proxy Enable (5-15-19) proxy is enable
PC would not go on the internet and it was set to automatic detect proxy in order to connect to the internet.

I don't understand how to remove Glasswire service.

Don't recognize the file C:users\George\app data\local\LMIR0002.Tmp_r.bak

I don't know of any remote session to recover any issue.

Didn't used Zemare antimalware.

RogueKiller V12.11.27.0 (x64) [Dec 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : George [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/09/2017 23:44:08 (Duration : 00:42:06)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R TOP -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-96959487-344117887-1461987557-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-96959487-344117887-1461987557-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings | ProxyServer : 127.0.0.1:8536 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155 ([X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] 33jaqmav.default-1491324543132-1512592173300 : user_pref("browser.startup.homepage", "www.excite.com/"); -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.excite.com/] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++
--- User ---
[MBR] 1f16ac5d697fc88c265b119efac8e1f4
[BSP] 9c1804c83343e16ead17c5a8b8d4b0fd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7574 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 15513600 | Size: 946293 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

olgun52 · #8 December 10th, 2017, 11:50 AM

PC would not go on the internet and it was set to automatic detect proxy in order to connect to the internet.

So, you are not using a proxy. Is it correct ? If you do not use , I will remove it.
---------------------------------------------
Please tell us about all the actions you've done
Did you uninstall completely with RevoUninstaller, the Yahoo! Powered and Java softwares?

Jerry56 · #9 December 10th, 2017, 06:42 PM

I deleted Yahoo! Powered and Java softwares?
But I didn't delete anything from RogueKiller.

The Proxy setting I am using now is 127.0.01 port 8536

olgun52 · #10 December 10th, 2017, 10:21 PM

Okay. Thanks Jerry56,

Please do this following.

Step 1:
FRST Script:
Please download this attached Fixlist.txt (8.7 KB, 0 views) downloads and Save it to the Desktop, and name it: fixlist.txt

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

Step 2:

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.
Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

Next >>

Please download Malwarebytes to your desktop.
Double-click mb3-setup-3.3.1.2183 and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Have a nice day.

Jerry56 · #11 December 11th, 2017, 12:51 AM

I still don't understand how to stop Glasswire service.

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017
Ran by George (10-12-2017 18:17:20) Run:2
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: George & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath
Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath
Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
C:\Users\George\AppData\Roaming\wklnhst.dat
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\Program Files (x86)\Zemana AntiMalware
C:\WINDOWS\ZAM.krnl.trace
2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE
2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE
2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton
C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155
Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1
Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83
Hosts:
EmptyTemp:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/10/2017 06:32:06 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\George\Desktop\FRST64.exe (PID: 8904) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/10/2017 06:33:40 PM
Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s)

Malwarebyte didn't find anything.

**** Now window Defender will not turn on

olgun52 · #12 December 11th, 2017, 07:20 PM

Fixlist operation is not successful. Minus. You should do it again. Please repeat

Jerry56 · #13 December 11th, 2017, 09:26 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by George (11-12-2017 15:20:07) Run:4
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: George & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath
Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath
Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
C:\Users\George\AppData\Roaming\wklnhst.dat
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\Program Files (x86)\Zemana AntiMalware
C:\WINDOWS\ZAM.krnl.trace
2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE
2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE
2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton
C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155
Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1
Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83
Hosts:
EmptyTemp:

olgun52 · #14 December 11th, 2017, 09:38 PM

Fail again
Fixlist and FRST software should be on your desktop. Then press the Fix button once.
A fixlog file will be created on the desktop.

Jerry56 · #15 December 11th, 2017, 10:54 PM

I DON"T KNOW WHAT I AM DOING WRONG BECAUSE BOTH ARE ON THE DESKTOP

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by George (11-12-2017 16:47:39) Run:5
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: George & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {001D1603-F63D-4C0E-A4D1-2331D413E7B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1AEE62A8-2C09-4AFE-B9B2-23B662F03AB7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {57326387-8463-4A61-AD94-8B690347D29C} - no filepath
Task: {7E014C73-86BC-4FB6-B220-3961A90D4FA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {86F94901-89B7-4468-92F5-B91382A79F6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8B3BBF4B-5B4F-4A14-A406-FE21B19CAE6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {D1F955D9-2FB9-4CF6-B9EC-2C6E4BF5CBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D696583D-E3EE-4537-B65B-527585312B22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DCF9BE4E-8AE1-405C-BCDF-79338F6D5278} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E80101E9-01AA-4977-AA7C-9867AB1685A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F467F04C-BC1C-4917-BD9B-BEFCF21AF3A6} - no filepath
Task: {F54FEF74-355C-4DA6-A467-63176BFC524D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F83CCFB8-FFFD-46E3-AACE-C9F856A629FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\sts.exedentifier:$DATA [26]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96959487-344117887-1461987557-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) <==== ATTENTION
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
C:\Users\George\AppData\Roaming\wklnhst.dat
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-23] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2017-12-08 18:59 - 2017-04-24 07:36 - 000176903 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\Program Files (x86)\Zemana AntiMalware
C:\WINDOWS\ZAM.krnl.trace
2017-12-06 15:08 - 2017-12-06 15:08 - 000000000 ____D C:\NPE
2017-12-06 15:06 - 2017-12-06 15:17 - 000000000 ____D C:\Users\George\AppData\Local\NPE
2017-12-06 15:06 - 2017-12-06 15:06 - 000000000 ____D C:\ProgramData\Norton
C:\Users\George\AppData\Local\LMIR0002.tmp_r.bat
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{6d5cde59-8142-42be-b2ce-5a001dbeff55} | NameServer : 13.59.228.155
Folder: C:\WINDOWS\f6a641ac642b4dc69c694d1ff32f30c1
Folder: C:\WINDOWS\324566be834140dfba1ab94f865c8f83
Hosts:
EmptyTemp:

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Suspect Virus	Jerry56	Malware Removal	1	October 1st, 2019 10:28 AM
Suspect Virus	Jerry56	Malware Removal	82	June 11th, 2012 01:08 AM
IE slow. Suspect spyware/virus	zombyfellow	Malware Removal	1	December 27th, 2008 09:13 PM
suspect a virus in my comp - please help!	vimal_dec15	Malware Removal	3	August 20th, 2007 11:13 AM
I Need Help With My Ie. I Suspect Its A Virus	techhelp4me	Malware Removal	1	December 21st, 2006 06:42 AM