Jump to content

SuicideSolution

Members
  • Content Count

    103
  • Joined

  • Last visited

About SuicideSolution

  • Rank
    Member

Contact Methods

  • Website URL
    http://

Profile Information

  • Location
    Suffolk, England

Previous Fields

  • Teams:
    Nothing Selected

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi The speed has improved vastly! I am now using Firefox and IE was so slow and laggy ... FF is far better! I have also updated Java now with the latest version I had removed malwarebytes myself prior to knowing about your removal tool as I found it was running on start up and was on a 14 day trial ... Regardless, I have now run DelFix as follows: # DelFix v1.010 - Logfile created 10/08/2019 at 16:26:24 # Updated 26/04/2015 by Xplode # Username : Loz Laptop - JANUS # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis ########## - EOF - ########## I cannot thank you enough for all your help ... at last I now have Windows 10 Thank you Thank you Thank you Thank you
  2. Rgarding the above .... I have managed to get rid of this I simply right clicked on the taskbar and then selected toolbars and removed the check tick next to the 'help Line' entry .... now it isnt on my tooldbar or as an option following the aforementioned clicking ... result! :)
  3. HI The computer itself seems to be a little quicker once loaded up but can lag a little on some applications - i.e Internet Explorer etc The 'help line' number is still present in the taskbar and it would be somewhat reassuring if I could get rid of this … Im guessing its something in the HKLU or HKLM settings … I don't want to mess around in there with the little knowledge that I have! Both scans completed as follows: Malwarebytes: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 09/08/2019 Scan Time: 23:40 Log File: a2639932-baf6-11e9-b365-e8113208725e.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11940 Licence: Trial -System Information- OS: Windows 10 (Build 17134.885) CPU: x64 File System: NTFS User: JANUS\Allens -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 336047 Threats Detected: 68 Threats Quarantined: 68 Time Elapsed: 45 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 8 Adware.NeoBar, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\ADNPR\ANTIMALWARE\key, Quarantined, [1344], [469679],1.0.11940 PUP.Optional.PCVARK, HKLM\SOFTWARE\QWR2YW5jZWRwY2NhcmUubmV0, Quarantined, [470], [547455],1.0.11940 PUP.Optional.PCVARK, HKLM\SOFTWARE\QWR2YW5jZWRwY2NhcmUuY29t, Quarantined, [470], [547455],1.0.11940 PUP.Optional.PCVARK, HKLM\SOFTWARE\UG93ZXIgU3BlZWR1cCAyMDE4, Quarantined, [470], [554980],1.0.11940 PUP.Optional.PCVARK, HKLM\SOFTWARE\ZHJpdmVyZGV0YWlscy5jb20=, Quarantined, [470], [706567],1.0.11940 Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\ADNPR\ANTIMALWARE\key, Quarantined, [1344], [469673],1.0.11940 PUP.Optional.PCVARK, HKLM\SOFTWARE\Power Speedup 2018 For JANUS, Quarantined, [470], [556375],1.0.11940 PUP.Optional.PCVARK, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Power Speedup 2018 for JANUS, Quarantined, [470], [556376],1.0.11940 Registry Value: 2 PUP.Optional.PCVARK, HKLM\SOFTWARE\Power Speedup 2018 For JANUS|AFFIRED, Quarantined, [470], [556375],1.0.11940 PUP.Optional.PCVARK, HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Power Speedup 2018 for JANUS|TELNO, Quarantined, [470], [556376],1.0.11940 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers, Quarantined, [470], [556369],1.0.11940 PUP.Optional.PCVARK, C:\PROGRAMDATA\Power Speedup 2018 for JANUS, Quarantined, [470], [556369],1.0.11940 PUP.Optional.DesktopTool, C:\USERS\PUBLIC\DOCUMENTS\BAIDU\COMMON\I18N\IPCSUPDATECACHE\DesktopToolMini_globalUK, Quarantined, [2754], [182058],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\smico, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\USERS\ALLENS\APPDATA\ROAMING\Power Speedup 2018 For JANUS, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x64, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x86, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\PROGRAM FILES\Power Speedup 2018 for JANUS, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Power Speedup 2018 for JANUS, Quarantined, [470], [556370],1.0.11940 File: 49 PUP.Optional.PCVARK, C:\PROGRAMDATA\Power Speedup 2018 for JANUS\mdb.db, Quarantined, [470], [556369],1.0.11940 PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers\d_t_u.exe, Quarantined, [470], [556369],1.0.11940 PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\offers\tnpcsetup.exe, Quarantined, [470], [556369],1.0.11940 PUP.Optional.PCVARK, C:\ProgramData\Power Speedup 2018 for JANUS\pcspstartrepair_en.mp3, Quarantined, [470], [556369],1.0.11940 PUP.Optional.PCVARK, C:\USERS\ALLENS\APPDATA\ROAMING\Power Speedup 2018 For JANUS\Errorlog.txt, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\exlist.bin, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\notifier.xml, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\param.ini, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\pplan.xml, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\res.xml, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\update.xml, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\Users\Allens\AppData\Roaming\Power Speedup 2018 For JANUS\u_d_u_2.xml, Quarantined, [470], [556368],1.0.11940 PUP.Optional.PCVARK, C:\PROGRAM FILES\Power Speedup 2018 for JANUS\unins000.dat, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x64\SQLite.Interop.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\x86\SQLite.Interop.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Microsoft.Win32.TaskScheduler.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\application.ico, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\danish_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Dutch_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\english_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\finish_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\French_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\german_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\gmtrs.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\HtmlRenderer.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\HtmlRenderer.WinForms.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Interop.IWshRuntimeLibrary.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Interop.SHDocVw.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\italian_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\japanese_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\langs.db, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\NAudio.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\Newtonsoft.Json.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\norwegian_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\PaddleCheckoutSDK.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\portuguese_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\ptcr.exe.config, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\russian_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\spanish_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\swedish_iss.ini, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\System.Data.SQLite.DLL, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\TAFactory.IconPack.dll, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\unins000.exe, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\Program Files\Power Speedup 2018 for JANUS\unins000.msg, Quarantined, [470], [556371],1.0.11940 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Speedup 2018 for JANUS\Uninstall Power Speedup 2018.lnk, Quarantined, [470], [556370],1.0.11940 PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHUL.EXE, Quarantined, [686], [512674],1.0.11940 PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHREPORT.EXE, Quarantined, [686], [512674],1.0.11940 PUP.Optional.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\CRASHREPORT64.EXE, Quarantined, [686], [512674],1.0.11940 Adware.TopTools, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\89A88766C275F6DC.VIR\UPDATE\TOOLS_UPDATE.EXE, Quarantined, [7577], [495713],1.0.11940 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) EEK: Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us] OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition) Forensics log Date Component Action Details 10/08/2019 01:55:49 Scanner Scan finished Scanned 19431 objects and found nothing. 10/08/2019 01:40:56 User JANUS\Allens Scan started Malware Scan 10/08/2019 01:40:36 User JANUS\Allens Setting modified "Detect PUPs" has been changed to "Enabled". 10/08/2019 01:40:15 User Update Finished successfully, all files are up-to-date (1 min. 24 sec.). 10/08/2019 01:38:51 Core Notification "Recommended Reading:Why are so many US public entities being hit by ransomware?". The EEK scan didn't find anything to quarantine which I am taking as great news
  4. …. I meant to add … I seem to have a rogue number imbedded on my tool bar … please see the attached image ... It reads 'Help Line 0-189-271-0657' I am assuming this is part if the malicious intrusion?
  5. Hi No need to apologise, I appreciate how busy you people are and the help you give so I am grateful no matter : As requested …. results are: FarBar: Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02 Ran by Allens (08-08-2019 11:21:13) Run:1 Running from C:\Users\Allens\Desktop\Loz Loaded Profiles: Allens (Available Profiles: Allens & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2E7A6375-3434-4402-A397-1C2A0301A53C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {437FED8E-CAA8-44F3-ADAE-070D1F078316} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {555829E4-754A-4413-AC3E-ADE060569F72} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Windows\TEMP\IHU702F.tmp.exe <==== ATTENTION Task: {6C038E6D-2718-470B-9363-32CDB647A923} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6F8D65AF-3331-45D0-91AB-DBABBF632734} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {8FB127B6-7275-4218-8D4A-4508FA44C48A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {ADE13313-A60A-4B5F-A345-B91573BD7C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F3CA1DD2-0137-4298-AAF2-CEF68B6A280F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F8AC07CB-1880-443C-8922-9F8D5A9DCC97} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {FB6F8AA7-2667-4B52-A1E8-26BC375010AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) CHR StartupUrls: Default -> "hxxp://uk.hao123.com/?tn=sdkw_inner_hp_01_hao123_uk&guid=c37951540e15f9b004a4ff517b9bcf9c" CHR NewTab: Default -> Not-active:"chrome-extension://icbhbegbnafpiiaomogcddhhjpijpikp/newtabpage.html", Not-active:"chrome-extension://agijeemohccmknhbgdjokbeekmijlbee/newtab/quicktab.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://nfkdkikledkdblnfjgmoclfacngdgbgf/newtabproduct.html", Not-active:"chrome-extension://dnflpnhpbffehddplcdlohealbgbbamk/product.html" CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC CHR DefaultSearchKeyword: Default -> askweb CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default [2019-08-03] U3 idsvc; no ImagePath ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ShortcutWithArgument: C:\Users\Allens\Desktop\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf EmptyTemp: C:\Windows\Temp\*.* ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E7A6375-3434-4402-A397-1C2A0301A53C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E7A6375-3434-4402-A397-1C2A0301A53C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{437FED8E-CAA8-44F3-ADAE-070D1F078316}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{437FED8E-CAA8-44F3-ADAE-070D1F078316}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{555829E4-754A-4413-AC3E-ADE060569F72}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{555829E4-754A-4413-AC3E-ADE060569F72}" => removed successfully C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C038E6D-2718-470B-9363-32CDB647A923}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C038E6D-2718-470B-9363-32CDB647A923}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F8D65AF-3331-45D0-91AB-DBABBF632734}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F8D65AF-3331-45D0-91AB-DBABBF632734}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FB127B6-7275-4218-8D4A-4508FA44C48A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FB127B6-7275-4218-8D4A-4508FA44C48A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADE13313-A60A-4B5F-A345-B91573BD7C7F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE13313-A60A-4B5F-A345-B91573BD7C7F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3CA1DD2-0137-4298-AAF2-CEF68B6A280F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3CA1DD2-0137-4298-AAF2-CEF68B6A280F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AC07CB-1880-443C-8922-9F8D5A9DCC97}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AC07CB-1880-443C-8922-9F8D5A9DCC97}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB6F8AA7-2667-4B52-A1E8-26BC375010AE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB6F8AA7-2667-4B52-A1E8-26BC375010AE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully HKLM\Software\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully "HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => not found "HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc." => not found "C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll" => not found "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc." => not found "C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll" => not found "Chrome StartupUrls" => removed successfully "Chrome NewTab" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully "Chrome DefaultSuggestURL" => not found "C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default" folder move: Could not move "C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default" => Scheduled to move on reboot. HKLM\System\CurrentControlSet\Services\idsvc => removed successfully idsvc => service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found C:\Users\Allens\Desktop\Google Search.lnk => Shortcut argument removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully C:\Windows\Temp\APPX.0pueyls8mtmow3wzn0av0h95e.tmp => moved successfully C:\Windows\Temp\APPX.6kx4nw1anr3entefmwgcks2yg.tmp => moved successfully C:\Windows\Temp\APPX.6vqbp2_x53lt2yn8f9czxp38g.tmp => moved successfully C:\Windows\Temp\APPX.7xk7win4mrxirfnaaq2pudwqc.tmp => moved successfully C:\Windows\Temp\APPX.8qqeiqhz0qec6xzmc2r268seb.tmp => moved successfully C:\Windows\Temp\APPX.945vr7qrumkif3p55mqofqr0g.tmp => moved successfully C:\Windows\Temp\APPX.b2vnakr2t6sjkccjzl_n48uhb.tmp => moved successfully C:\Windows\Temp\APPX.dc4oezs6nrh9p74oo5_niksif.tmp => moved successfully C:\Windows\Temp\APPX.fcuqdiad4lq149orcqhoes52d.tmp => moved successfully C:\Windows\Temp\APPX.fyf38dulp4czyfmxzec_7fv1c.tmp => moved successfully C:\Windows\Temp\APPX.iicyhjdet2llh70bi503j0qpd.tmp => moved successfully C:\Windows\Temp\APPX.kfnp_c70tw78r8knocb1veb8f.tmp => moved successfully C:\Windows\Temp\APPX.m8bpyns6x7l8fqj_ltsrawh6f.tmp => moved successfully C:\Windows\Temp\APPX.nug2zmglo90f10pj22oansxdb.tmp => moved successfully C:\Windows\Temp\APPX.pnmlz72n4w7_8gieml9ooz_1.tmp => moved successfully C:\Windows\Temp\APPX.tptjh7zr8nttbk5dznopli43h.tmp => moved successfully C:\Windows\Temp\APPX.u00lwp63iu_g7u2ullrqmns4b.tmp => moved successfully C:\Windows\Temp\APPX.u1lw_1lhd86svbwba19tysn7b.tmp => moved successfully C:\Windows\Temp\APPX.ulcvy8070vtaz_4_05bjj9bsc.tmp => moved successfully C:\Windows\Temp\APPX.vm11k6g_4v66xlszmooyl76cg.tmp => moved successfully C:\Windows\Temp\APPX.yeu8vf88gwz6b2io1zvt81msh.tmp => moved successfully C:\Windows\Temp\ArmUI.ini => moved successfully C:\Windows\Temp\battery-report.html => moved successfully C:\Windows\Temp\battery-report.xml => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\HighPerformancePlan.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\MSI42ae7.LOG => moved successfully C:\Windows\Temp\MSI694a0.LOG => moved successfully C:\Windows\Temp\MSI7228c.LOG => moved successfully C:\Windows\Temp\MSI8d162.LOG => moved successfully C:\Windows\Temp\MSI8d163.LOG => moved successfully C:\Windows\Temp\MSI90dc2.LOG => moved successfully C:\Windows\Temp\MSI90dc3.LOG => moved successfully C:\Windows\Temp\MSIbcfc8.LOG => moved successfully C:\Windows\Temp\PowerPlan.log => moved successfully C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully C:\Windows\Temp\TS_842B.tmp => moved successfully C:\Windows\Temp\TS_CD9B.tmp => moved successfully C:\Windows\Temp\UDD7529.tmp => moved successfully C:\Windows\Temp\UsoStoreFile.xml => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 168935962 B Java, Flash, Steam htmlcache => 524 B Windows/system/drivers => 65493218 B Edge => 19171897 B Chrome => 185832578 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 23330 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 49182 B LocalService => 0 B NetworkService => 203532 B NetworkService => 0 B Allens => 138732712 B DefaultAppPool => 39714 B RecycleBin => 0 B EmptyTemp: => 561.7 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-08-2019 11:43:41) C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default => Is moved successfully ==== End of Fixlog 11:43:41 ==== AdwCleaner :: # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-07.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-08-2019 # Duration: 00:00:23 # OS: Windows 10 Home # Cleaned: 135 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Driver Updater Deleted C:\Program Files\WebDiscoverBrowser Deleted C:\ProgramData\AVG_UPDATE_0116AV Deleted C:\ProgramData\AVG_UPDATE_0814TB Deleted C:\ProgramData\AVG_UPDATE_1215AV Deleted C:\ProgramData\App-verifier Deleted C:\ProgramData\AppVerifier Deleted C:\ProgramData\Ask Deleted C:\ProgramData\ByteFence Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Deleted C:\ProgramData\driverdetails.com Deleted C:\ProgramData\pctonics.com Deleted C:\Users\Allens\AppData\LocalLow\AVG Secure Search Deleted C:\Users\Allens\AppData\Local\Systweak Deleted C:\Users\Allens\AppData\Local\WebDiscoverBrowser Deleted C:\Users\Allens\AppData\Local\apn Deleted C:\Users\Allens\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence Deleted C:\Users\Allens\AppData\Roaming\efo Deleted C:\Users\Allens\AppData\Roaming\pctonics.com Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\Public\Documents\Guid Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser ***** [ Files ] ***** Deleted C:\Users\Allens\Desktop\Google Search.lnk Deleted C:\Windows\Reimage.ini Deleted C:\Windows\System32\drivers\swdumon.sys Deleted C:\appverifier.txt ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverAgent Plus Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F Deleted HKCU\Software\WebDiscoverBrowser Deleted HKCU\Software\YahooPartnerToolbar Deleted HKCU\Software\csastats Deleted HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon Deleted HKLM\Software\AVG Secure Search Deleted HKLM\Software\AppVerifier Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Deleted HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Classes\Search.BrowserWndAPI Deleted HKLM\Software\Classes\Search.PugiObj Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced PC Care_logon Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Deleted HKLM\Software\WebDiscoverBrowser Deleted HKLM\Software\Wow6432Node\Reimage Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser Deleted HKLM\Software\Wow6432Node\\Classes\AppID\ScriptHelper.EXE Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Deleted HKLM\Software\cGN0b25pY3MuY29t Deleted HKLM\Software\ddtdu-pr Deleted HKLM\Software\dtc-pr Deleted HKLM\Software\pcv-var Deleted HKLM\Software\pcv-vars Deleted HKLM\Software\scd-pr Deleted HKLM\Software\vSnapshotEncodeTools Deleted HKLM\Software\wtc-pr Deleted HKU\.DEFAULT\Software\AVG Secure Search Deleted HKU\.DEFAULT\Software\Advancedpccare.com Deleted HKU\.DEFAULT\Software\ByteFence Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\.DEFAULT\Software\WebDiscoverBrowser Deleted HKU\S-1-5-18\Software\AVG Secure Search Deleted HKU\S-1-5-18\Software\Advancedpccare.com Deleted HKU\S-1-5-18\Software\ByteFence Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-18\Software\WebDiscoverBrowser ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPMediaSmart Deleted Preinstalled.SamsungBatteryLifeExtender Deleted Preinstalled.SamsungEasyBatteryManager Deleted Preinstalled.SamsungEasyDisplayManager Deleted Preinstalled.SamsungSupportCenter1.0 Deleted Preinstalled.SamsungUpdatePlus ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [11217 octets] - [08/08/2019 11:59:41] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## And finally … Rogue Killer: RogueKiller Anti-Malware V13.4.1.0 (x64) [Aug 8 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17134) 64 bits Started in : Normal mode User : Allens [Administrator] Started from : C:\Users\Allens\Desktop\RogueKiller_portable64.exe Signatures : 20190807_111511, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/08/08 16:57:51 (Duration : 04:09:22) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Slimware (Potentially Malicious)] SWDUMon -- %SystemRoot%\system32\DRIVERS\SWDUMon.sys -> Stopped [PUP.Auslogics (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Auslogics -- -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\eSupport.com -- -> Deleted [PUP.Auslogics (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Auslogics -- -> Deleted [PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- [%SystemRoot%\system32\DRIVERS\SWDUMon.sys] -> Deleted [PUP.SysTweak (Potentially Malicious)] Advanced Identity Protector -- %_Allens_appdata%\Advanced Identity Protector -> Deleted [Adw.TopTools (Malicious)] Tools -- %programfiles(x86)%\Tools -> Deleted Many thanks Loz
  6. Hello again Juliet and again thank you for the assistance in resolving this FRST.txt details: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 4-08-2019 Ran by Allens (administrator) on JANUS (SAMSUNG ELECTRONICS CO., LTD. RV410/RV510/S3510/E3510) (04-08-2019 17:59:08) Running from C:\Users\Allens\Desktop Loaded Profiles: Allens (Available Profiles: Allens & DefaultAppPool) Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Eyeo GmbH -> Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.881_none_eada7c8e1d8131a8\TiWorker.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics CO., LTD. -> Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316848 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-08-03] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2014-07-17] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{c35ca2f1-3a8a-49e3-9f5d-cae4448a6b8c}] -> C:\WINDOWS\SYSTEM32\unlock64.dll [2019-07-05] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A64F01F-F98D-44CD-B825-20A0A77C65A4} - System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles(x86)%\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe" -> /s Task: {0A64F01F-F98D-44CD-B825-20A0A77C65A4} - System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360 [719360 2010-02-10]] (Samsung Electronics Co., Ltd.) [File not signed] Task: {10A5C249-28A7-4612-8E38-9E3FB5B53C9C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1371A3CB-C82B-4AF7-901D-2D9B47AE2DD8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {140C840B-5621-4993-B039-B49B7E1B04F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {14565BB2-4D48-4D94-8AB6-B3C5F2182BC9} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3987888 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {1E977CC7-98F1-4ADB-B027-E22466E68ABE} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe Task: {27AC3DF3-B330-4054-B0FE-A8AF180FD727} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {2A1D7A44-201E-4A9D-BE8B-9FA13E4FA3AA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2E7A6375-3434-4402-A397-1C2A0301A53C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {33CB0FE4-08DA-4CFD-BC4E-756435AEBF3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3562ED90-4D10-4061-93D4-DFCFFB88264D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2314008 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {366D72DD-A426-4E2C-AB87-AF5C1D4361D2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {39BB7A78-6098-40BB-BCCC-45FD913D1882} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe Task: {39CB2F8D-7BE5-4267-9A81-F212BEA72B89} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1752680 2010-07-30] (Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed] Task: {42CD5DB3-813F-4A06-B627-D569C66611B3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {42D7247A-52F6-47FF-A529-F8AAD98D50EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {437FED8E-CAA8-44F3-ADAE-070D1F078316} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {467AB06B-8B3A-4281-A41C-811F99402204} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4FDC1B0D-893C-4EDA-8B39-4F80AF0E9D79} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {51BDDEB9-176E-4BD2-AB83-946722546A4F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {52392F6A-ED77-4132-83DB-4D664792B6E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {547AF9CA-7BCB-493B-A4F4-B27EAA948E78} - System32\Tasks\{BE55B3D4-8675-4D9A-B8D3-A76E681BE672} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?LastError=1601 Task: {555829E4-754A-4413-AC3E-ADE060569F72} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Windows\TEMP\IHU702F.tmp.exe <==== ATTENTION Task: {5635187F-24D4-4B05-A7F4-122D0ED75113} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {5799702C-09AC-4550-B44F-E9C012303284} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-04] (Adobe Inc. -> Adobe) Task: {5ADE2454-1416-4628-94AB-F878EA120291} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5D9BAA4C-2850-4716-8874-ADD963617A83} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-09] (Microsoft Corporation -> Microsoft Corporation) Task: {5EDE9C97-26E2-43A7-AE28-492C575E00B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {61DEFD2E-3862-4EB1-98EC-0A2B0143F044} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6879E4BF-AB28-4AF1-859A-629302F83473} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {6C038E6D-2718-470B-9363-32CDB647A923} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6D309302-F5CB-4FD8-9A71-7B145317B25C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {6F8D65AF-3331-45D0-91AB-DBABBF632734} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {71B40479-F7BC-48A1-AFBB-5DD6D2DE2F4A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {72186717-B323-4073-A342-DF3266AF3A15} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {738E94BD-0144-4F54-B6BF-5C18AFA2A66F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {7890B45C-E089-4D33-A9CA-57C821021D0C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7FE4A016-DA9C-4BBB-B065-9AE76AE710FC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {840E70C2-2A48-495A-87ED-334A1655A803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {8D1E0BCA-5697-49A6-9202-BA01E0BDC331} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-08-04] (Adobe Inc. -> Adobe) Task: {8FB127B6-7275-4218-8D4A-4508FA44C48A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {981B5BF0-3FE7-4C02-ADE3-1609CC0C57C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9C41C3A9-9982-4F4A-80CA-9EC7C90851C7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A9562599-DD25-4AA1-B63E-E1F47A97BE21} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A96AF2E3-AE49-47F8-BAF3-6209B2406A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AA812FB4-6A02-4F02-AECD-EA41D375232A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ADE13313-A60A-4B5F-A345-B91573BD7C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {AE54AEFE-49DA-415F-8BA7-90538DD230F7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-08-03] (AVAST Software s.r.o. -> AVAST Software) Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B5B10FDE-30FA-49D9-A979-0BEB5B02EEC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B791ABA2-6CDB-4CE8-BB67-0C9B2EA6CEAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BAC05A22-B1A1-4BB1-8550-046225CFFB9B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {BE8DFC00-C33B-49F5-9726-16FF253ABC97} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {CC154A1E-331B-4B3E-B020-F77B67567BAC} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {CF39884D-08A2-40AC-AC9B-C772846AC71C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation) Task: {CFA80596-9FDB-4F1A-AB58-5289E267092E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {CFE6987B-A424-4F30-9669-FA8695FF5F43} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2783312 2011-12-20] (Samsung Electronics CO., LTD. -> Samsung Electronics) Task: {D63F0560-1F2F-49D2-A570-299864EF7C12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {D916F866-1C8D-4566-9133-5B83BC1AD4D1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {E1586E22-C3E2-4EB3-BF7C-24EB4869DD3D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E6000662-EB05-43E7-A949-A7190C9778E6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [862064 2010-08-09] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) Task: {E7DDE8F1-7F37-4ACB-85B3-B200FDEC6B82} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F2E5BD08-2E57-4031-A21F-593591B6CBBB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F3CA1DD2-0137-4298-AAF2-CEF68B6A280F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F5F4CEEF-FE06-439F-9981-AFE47515AC71} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [6644736 2010-08-12] (Samsung Electronics. Co. Ltd.) [File not signed] Task: {F8AC07CB-1880-443C-8922-9F8D5A9DCC97} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {F97AB2E9-80DA-49D3-9AD8-63CC116B3522} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [362352 2010-07-20] (Samsung Electronics CO., LTD. -> SAMSUNG Electronics co., LTD.) Task: {FB6F8AA7-2667-4B52-A1E8-26BC375010AE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {FDE934F5-8FB9-4BC0-BD0A-94C0D0EAC6A3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{c321dc98-fca0-4b7a-a132-4bd99f967b6b}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] () [File not signed] BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxp://uk.hao123.com/?tn=sdkw_inner_hp_01_hao123_uk&guid=c37951540e15f9b004a4ff517b9bcf9c" CHR NewTab: Default -> Not-active:"chrome-extension://icbhbegbnafpiiaomogcddhhjpijpikp/newtabpage.html", Not-active:"chrome-extension://agijeemohccmknhbgdjokbeekmijlbee/newtab/quicktab.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://nfkdkikledkdblnfjgmoclfacngdgbgf/newtabproduct.html", Not-active:"chrome-extension://dnflpnhpbffehddplcdlohealbgbbamk/product.html" CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC CHR DefaultSearchKeyword: Default -> askweb CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default [2019-08-03] CHR Extension: (Slides) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Docs) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (IBM Security Rapport) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-08-03] CHR Extension: (YouTube) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-03] CHR Extension: (Google Search) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (PDFConverterHQ) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk [2019-07-04] CHR Extension: (Adobe Acrobat) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-13] CHR Extension: (Ask Web Search) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eocnnoackodjagdbaoddhjbkpjabimed [2019-08-03] CHR Extension: (Sheets) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23] CHR Extension: (Maps & Directions by MapsGalaxy) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\icbhbegbnafpiiaomogcddhhjpijpikp [2019-07-04] CHR Extension: (MapsGalaxy) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkdkikledkdblnfjgmoclfacngdgbgf [2019-07-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-10] CHR Extension: (Chrome Media Router) - C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-14] CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-07-05] CHR Profile: C:\Users\Allens\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-05] CHR HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [415032 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6845400 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) S3 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110048 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) S4 LMIRescueUA_2944869; C:\Program Files (x86)\LogMeIn Rescue Unattended\LMIR0DB6B001.tmp\unattended_srv.exe [5557776 2019-07-05] (LogMeIn, Inc. -> LogMeIn, Inc.) S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation -> Microsoft Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5274560 2019-04-15] (IBM -> IBM Corp.) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-03] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-03] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [209304 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [263784 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [206624 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61736 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [168944 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1030832 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [477336 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [225864 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [387952 2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [503000 2019-04-15] (IBM -> IBM Corp.) R1 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-06-13] (IBM -> IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [727000 2019-04-15] (IBM -> IBM Corp.) R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [463408 2019-04-15] (IBM -> IBM Corp.) R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [610648 2019-04-15] (IBM -> IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [766616 2019-04-15] (IBM -> IBM Corp.) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-23] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider) R1 SABI; C:\Windows\system32\Drivers\SABI.sys [13824 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS) S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2016-12-25] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-03] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-03] (Microsoft Windows -> Microsoft Corporation) R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2018-04-12] (Microsoft Windows -> Marvell) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 17:59 - 2019-08-04 18:05 - 000039678 _____ C:\Users\Allens\Desktop\FRST.txt 2019-08-04 17:58 - 2019-08-04 17:59 - 000000000 ____D C:\FRST 2019-08-04 17:56 - 2019-08-04 17:56 - 002096640 _____ (Farbar) C:\Users\Allens\Desktop\FRST64.exe 2019-08-04 17:51 - 2019-08-04 17:51 - 000000000 ___HD C:\OneDriveTemp 2019-08-04 17:26 - 2019-08-04 17:26 - 000000000 ____D C:\Users\Allens\AppData\Roaming\AVG 2019-08-04 17:25 - 2019-08-04 17:25 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk 2019-08-04 17:25 - 2019-08-04 17:25 - 000002063 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk 2019-08-04 17:22 - 2019-08-04 17:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG 2019-08-04 17:21 - 2019-08-04 17:21 - 000003992 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2019-08-04 17:20 - 2019-08-04 17:21 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2019-08-04 17:20 - 2019-08-04 17:21 - 000387952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2019-08-04 17:20 - 2019-08-04 17:21 - 000168944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000477336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000363440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2019-08-04 17:20 - 2019-08-04 17:20 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000225864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000209304 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000015280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys 2019-08-04 17:20 - 2019-08-04 17:20 - 000000000 ____D C:\Program Files\Common Files\AVG 2019-08-04 17:19 - 2019-08-04 17:19 - 000000000 ____D C:\Program Files\AVG 2019-08-03 19:12 - 2019-08-03 19:28 - 000000000 ____D C:\Users\Allens\Desktop\Loz 2019-08-03 17:24 - 2019-07-04 10:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-08-03 17:24 - 2019-07-04 10:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-03 17:24 - 2019-07-04 10:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-03 17:24 - 2019-07-04 10:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-08-03 17:24 - 2019-07-04 10:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-03 17:24 - 2019-07-04 09:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-08-03 17:24 - 2019-07-04 05:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-08-03 17:24 - 2019-07-04 05:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-08-03 17:24 - 2019-07-04 05:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-08-03 17:24 - 2019-07-04 05:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-03 17:24 - 2019-07-04 05:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-08-03 17:24 - 2019-07-04 05:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-08-03 17:24 - 2019-07-04 05:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-08-03 17:24 - 2019-07-04 05:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-08-03 17:24 - 2019-07-04 05:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-03 17:24 - 2019-07-04 05:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-03 17:24 - 2019-07-04 05:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-03 17:24 - 2019-07-04 05:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-03 17:24 - 2019-07-04 05:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-08-03 17:24 - 2019-07-04 05:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-08-03 17:24 - 2019-07-04 05:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-08-03 17:24 - 2019-07-04 05:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-08-03 17:24 - 2019-07-04 05:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-08-03 17:24 - 2019-07-04 05:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-08-03 17:24 - 2019-07-04 05:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-08-03 17:24 - 2019-07-04 05:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-03 17:24 - 2019-07-04 05:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-08-03 17:24 - 2019-07-04 05:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-03 17:24 - 2019-07-04 05:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-03 17:24 - 2019-07-04 05:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-03 17:24 - 2019-07-04 05:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-08-03 17:24 - 2019-07-04 05:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-08-03 17:24 - 2019-07-04 05:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-08-03 17:24 - 2019-07-04 05:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-03 17:24 - 2019-07-04 05:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-03 17:24 - 2019-07-04 05:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-08-03 17:24 - 2019-07-04 05:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-03 17:24 - 2019-07-04 05:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2019-08-03 17:24 - 2019-07-04 05:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-08-03 17:24 - 2019-07-04 05:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-08-03 17:24 - 2019-07-04 05:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-03 17:24 - 2019-07-04 05:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-08-03 17:24 - 2019-07-04 05:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-03 17:24 - 2019-07-04 05:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-08-03 17:24 - 2019-07-04 05:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-03 17:24 - 2019-07-04 05:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-03 17:24 - 2019-07-04 05:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-03 17:24 - 2019-07-04 05:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-08-03 17:24 - 2019-07-04 05:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-08-03 17:24 - 2019-07-04 05:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-08-03 17:24 - 2019-07-04 05:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-08-03 17:24 - 2019-07-04 04:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-08-03 17:24 - 2019-06-13 12:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-08-03 17:24 - 2019-06-13 12:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2019-08-03 17:24 - 2019-06-13 12:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-08-03 17:24 - 2019-06-13 12:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-08-03 17:24 - 2019-06-13 12:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2019-08-03 17:24 - 2019-06-13 12:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-08-03 17:24 - 2019-06-13 12:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-08-03 17:24 - 2019-06-13 12:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-08-03 17:24 - 2019-06-13 12:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-08-03 17:24 - 2019-06-13 12:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2019-08-03 17:24 - 2019-06-13 12:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-08-03 17:24 - 2019-06-13 12:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2019-08-03 17:24 - 2019-06-13 12:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2019-08-03 17:24 - 2019-06-13 12:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-08-03 17:24 - 2019-06-13 08:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-08-03 17:24 - 2019-06-13 08:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-08-03 17:24 - 2019-06-13 08:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-08-03 17:24 - 2019-06-13 07:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2019-08-03 17:24 - 2019-06-13 07:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-03 17:24 - 2019-06-13 07:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-08-03 17:24 - 2019-06-13 07:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-08-03 17:24 - 2019-06-13 07:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-03 17:24 - 2019-06-13 07:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-08-03 17:24 - 2019-06-13 07:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2019-08-03 17:24 - 2019-06-13 07:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-08-03 17:24 - 2019-06-13 07:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-03 17:24 - 2019-06-13 07:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-08-03 17:24 - 2019-06-13 07:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-08-03 17:24 - 2019-06-13 07:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-08-03 17:24 - 2019-06-13 07:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-03 17:24 - 2019-06-13 07:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-08-03 17:24 - 2019-06-13 07:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-08-03 17:24 - 2019-06-13 07:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2019-08-03 17:24 - 2019-06-13 07:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-08-03 17:24 - 2019-06-13 07:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-08-03 17:24 - 2019-06-13 07:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2019-08-03 17:24 - 2019-06-13 07:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-03 17:24 - 2019-06-13 07:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-08-03 17:24 - 2019-06-13 07:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-03 17:24 - 2019-06-13 07:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-03 17:24 - 2019-06-13 07:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-08-03 17:24 - 2019-06-13 07:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-08-03 17:24 - 2019-06-13 07:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-08-03 17:24 - 2019-06-13 07:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-03 17:24 - 2019-06-13 07:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-03 17:24 - 2019-06-13 07:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-08-03 17:24 - 2019-06-13 07:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-03 17:24 - 2019-06-13 07:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-03 17:24 - 2019-06-13 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-08-03 17:24 - 2019-06-13 06:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-08-03 17:24 - 2019-06-13 06:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-08-03 17:24 - 2019-06-13 05:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2019-08-03 17:23 - 2019-07-04 10:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-03 17:23 - 2019-07-04 10:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-03 17:23 - 2019-07-04 10:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-08-03 17:23 - 2019-07-04 10:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-08-03 17:23 - 2019-07-04 10:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-03 17:23 - 2019-07-04 10:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-03 17:23 - 2019-07-04 09:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-08-03 17:23 - 2019-07-04 09:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-08-03 17:23 - 2019-07-04 09:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-08-03 17:23 - 2019-07-04 09:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-08-03 17:23 - 2019-07-04 09:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-08-03 17:23 - 2019-07-04 06:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-03 17:23 - 2019-07-04 05:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-03 17:23 - 2019-07-04 05:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-08-03 17:23 - 2019-07-04 05:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-03 17:23 - 2019-07-04 05:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-03 17:23 - 2019-07-04 05:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-03 17:23 - 2019-07-04 05:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-08-03 17:23 - 2019-07-04 05:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-03 17:23 - 2019-07-04 05:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-03 17:23 - 2019-07-04 05:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-03 17:23 - 2019-07-04 05:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-03 17:23 - 2019-07-04 05:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-03 17:23 - 2019-07-04 05:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-03 17:23 - 2019-07-04 05:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-08-03 17:23 - 2019-07-04 05:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2019-08-03 17:23 - 2019-07-04 05:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2019-08-03 17:23 - 2019-07-04 05:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-08-03 17:23 - 2019-07-04 05:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-08-03 17:23 - 2019-07-04 05:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-08-03 17:23 - 2019-07-04 05:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-08-03 17:23 - 2019-07-04 05:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-08-03 17:23 - 2019-07-04 05:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-08-03 17:23 - 2019-07-04 05:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-03 17:23 - 2019-07-04 05:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-08-03 17:23 - 2019-07-04 05:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-03 17:23 - 2019-07-04 05:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-03 17:23 - 2019-07-04 05:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-08-03 17:23 - 2019-07-04 05:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-08-03 17:23 - 2019-07-04 05:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-03 17:23 - 2019-07-04 05:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-03 17:23 - 2019-07-04 05:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-03 17:23 - 2019-07-04 05:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-03 17:23 - 2019-07-04 05:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-08-03 17:23 - 2019-07-04 05:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-08-03 17:23 - 2019-07-04 05:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-03 17:23 - 2019-07-04 05:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-03 17:23 - 2019-07-04 05:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-08-03 17:23 - 2019-07-04 05:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-08-03 17:23 - 2019-07-04 05:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-08-03 17:23 - 2019-07-04 05:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-08-03 17:23 - 2019-07-04 05:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-08-03 17:23 - 2019-07-04 05:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-08-03 17:23 - 2019-07-04 05:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-08-03 17:23 - 2019-07-04 05:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-08-03 17:23 - 2019-07-04 05:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-08-03 17:23 - 2019-06-21 09:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-08-03 17:23 - 2019-06-13 13:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-08-03 17:23 - 2019-06-13 13:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-08-03 17:23 - 2019-06-13 13:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-08-03 17:23 - 2019-06-13 13:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-08-03 17:23 - 2019-06-13 13:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-08-03 17:23 - 2019-06-13 12:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-08-03 17:23 - 2019-06-13 12:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-08-03 17:23 - 2019-06-13 12:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-08-03 17:23 - 2019-06-13 12:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-08-03 17:23 - 2019-06-13 12:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-08-03 17:23 - 2019-06-13 12:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-08-03 17:23 - 2019-06-13 12:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-08-03 17:23 - 2019-06-13 12:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-08-03 17:23 - 2019-06-13 12:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-08-03 17:23 - 2019-06-13 12:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-03 17:23 - 2019-06-13 12:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2019-08-03 17:23 - 2019-06-13 12:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2019-08-03 17:23 - 2019-06-13 12:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2019-08-03 17:23 - 2019-06-13 12:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-03 17:23 - 2019-06-13 12:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2019-08-03 17:23 - 2019-06-13 12:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-08-03 17:23 - 2019-06-13 12:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-08-03 17:23 - 2019-06-13 12:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-08-03 17:23 - 2019-06-13 12:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-08-03 17:23 - 2019-06-13 11:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-08-03 17:23 - 2019-06-13 11:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2019-08-03 17:23 - 2019-06-13 11:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2019-08-03 17:23 - 2019-06-13 11:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-08-03 17:23 - 2019-06-13 10:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-08-03 17:23 - 2019-06-13 10:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-08-03 17:23 - 2019-06-13 10:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2019-08-03 17:23 - 2019-06-13 10:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-08-03 17:23 - 2019-06-13 10:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2019-08-03 17:23 - 2019-06-13 10:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-08-03 17:23 - 2019-06-13 10:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-08-03 17:23 - 2019-06-13 10:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2019-08-03 17:23 - 2019-06-13 08:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2019-08-03 17:23 - 2019-06-13 08:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-08-03 17:23 - 2019-06-13 07:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2019-08-03 17:23 - 2019-06-13 07:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-08-03 17:23 - 2019-06-13 07:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-03 17:23 - 2019-06-13 07:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-08-03 17:23 - 2019-06-13 07:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-03 17:23 - 2019-06-13 07:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-08-03 17:23 - 2019-06-13 07:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-08-03 17:23 - 2019-06-13 07:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2019-08-03 17:23 - 2019-06-13 07:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-08-03 17:23 - 2019-06-13 07:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-03 17:23 - 2019-06-13 07:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-03 17:23 - 2019-06-13 07:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-08-03 17:23 - 2019-06-13 07:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-03 17:23 - 2019-06-13 07:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-03 17:23 - 2019-06-13 07:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2019-08-03 17:23 - 2019-06-13 07:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-08-03 17:23 - 2019-06-13 07:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2019-08-03 17:23 - 2019-06-13 07:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-08-03 17:23 - 2019-06-13 06:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-08-03 17:23 - 2019-06-13 06:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-08-03 17:23 - 2019-06-13 06:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-08-03 17:23 - 2019-06-13 05:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-08-03 17:23 - 2019-06-13 05:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2019-08-03 17:23 - 2019-06-13 05:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2019-08-03 17:23 - 2019-06-13 05:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2019-08-03 17:23 - 2019-06-13 05:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-08-03 17:23 - 2019-06-13 05:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-08-03 17:23 - 2019-06-13 05:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-08-03 17:23 - 2019-06-13 05:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-08-03 17:23 - 2019-06-13 05:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-08-03 17:23 - 2019-06-13 05:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2019-08-03 17:23 - 2019-06-13 05:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2019-08-03 17:23 - 2019-06-13 05:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2019-08-03 17:23 - 2019-06-13 05:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-08-03 17:23 - 2019-06-13 05:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-08-03 17:23 - 2019-06-13 05:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-08-03 17:23 - 2019-06-13 05:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-08-03 17:22 - 2019-07-04 10:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-08-03 17:22 - 2019-07-04 05:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-03 17:22 - 2019-07-04 05:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-08-03 17:22 - 2019-06-13 12:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-08-03 17:22 - 2019-06-13 12:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-08-03 17:22 - 2019-06-13 07:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-03 17:22 - 2019-06-13 06:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-08-03 17:22 - 2019-06-13 06:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-08-03 17:00 - 2019-08-03 17:00 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2019-08-03 17:00 - 2019-08-03 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2019-08-03 17:00 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2019-07-06 16:35 - 2019-07-06 16:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2019-07-06 16:14 - 2019-07-06 16:14 - 000000000 ____D C:\Users\Allens\Documents\OneNote Notebooks 2019-07-06 16:02 - 2019-07-06 16:02 - 000000000 ____D C:\Users\Allens\AppData\Roaming\Greenshot 2019-07-06 16:02 - 2019-07-06 16:02 - 000000000 ____D C:\Users\Allens\AppData\Local\Greenshot 2019-07-05 17:58 - 2019-08-04 17:17 - 000000000 ____D C:\Users\Allens\AppData\LocalLow\Adblock Plus for IE 2019-07-05 17:58 - 2019-07-05 17:58 - 000000000 ____D C:\Program Files\Adblock Plus for IE 2019-07-05 17:49 - 2019-07-05 17:49 - 000000000 ____D C:\Users\Allens\AppData\Local\TeamViewer 2019-07-05 15:38 - 2019-07-05 15:38 - 000000000 ____D C:\Users\Allens\AppData\Roaming\TeamViewer 2019-07-05 15:36 - 2019-07-05 15:36 - 000000000 ____D C:\Users\Allens\AppData\Local\LogMeIn Rescue Unattended 2019-07-05 15:36 - 2019-07-05 15:36 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Unattended 2019-07-05 15:36 - 2019-07-05 15:30 - 000145960 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\unlock64.dll 2019-07-05 15:34 - 2019-07-07 10:02 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-07-05 15:13 - 2019-07-05 15:13 - 000000000 ____D C:\Users\Allens\AppData\Roaming\ADNPR 2019-07-05 15:12 - 2019-07-05 17:27 - 000000000 ____D C:\Users\Allens\AppData\Local\Systweak 2019-07-05 15:12 - 2019-07-05 15:12 - 000000000 ____D C:\Users\Allens\AppData\Roaming\Advanced Identity Protector 2019-07-05 15:12 - 2019-07-05 15:12 - 000000000 ____D C:\ProgramData\Systweak Software 2019-07-05 14:57 - 2019-07-05 14:57 - 000000000 ____D C:\Users\Allens\AppData\Local\GoToAssist Remote Support Customer ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 18:00 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-04 17:51 - 2015-12-14 15:56 - 000000000 ___RD C:\Users\Allens\OneDrive 2019-08-04 17:44 - 2018-06-10 19:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-04 17:43 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-04 17:20 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-04 16:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-04 16:50 - 2017-12-26 14:20 - 000000000 ____D C:\Users\Allens\AppData\Local\Packages 2019-08-04 16:48 - 2018-06-10 18:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-04 16:28 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-04 16:17 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-04 16:06 - 2017-12-18 12:59 - 000000000 ____D C:\Program Files\CCleaner 2019-08-04 16:01 - 2018-06-10 19:10 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D14688B3-B5DD-44C0-B6FB-644EEADAECF6} 2019-08-04 15:57 - 2018-06-10 18:34 - 000007080 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-04 15:52 - 2018-06-10 19:10 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-08-04 15:52 - 2018-06-10 19:10 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2019-08-04 15:51 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-08-04 15:51 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-04 15:51 - 2017-12-26 18:53 - 000000000 ___RD C:\Users\Allens\3D Objects 2019-08-04 15:51 - 2015-12-14 15:44 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-04 15:48 - 2018-06-10 18:22 - 000413320 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-04 15:48 - 2017-04-14 11:54 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-08-03 19:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-03 19:34 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-08-03 19:33 - 2018-06-10 18:39 - 000000000 ____D C:\Users\Allens 2019-08-03 19:10 - 2017-04-14 11:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-08-03 19:10 - 2014-10-10 21:35 - 000012879 _____ C:\WINDOWS\wininit.ini 2019-08-03 18:26 - 2017-08-09 22:15 - 000000000 ____D C:\Program Files\rempl 2019-08-03 18:03 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-03 16:33 - 2018-02-15 19:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-08-03 16:30 - 2015-10-22 14:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-03 16:20 - 2013-01-28 13:26 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-09 20:19 - 2013-08-15 09:40 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-09 20:19 - 2012-05-28 10:53 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-09 20:18 - 2009-07-14 03:34 - 000000478 _____ C:\WINDOWS\win.ini 2019-07-09 18:02 - 2018-04-12 10:18 - 000000000 ____D C:\WINDOWS\OCR 2019-07-07 10:02 - 2018-09-14 08:23 - 000000000 ____D C:\Users\Allens\AppData\Local\AVAST Software 2019-07-07 10:02 - 2018-09-14 08:16 - 000000000 ____D C:\ProgramData\AVAST Software 2019-07-06 16:18 - 2018-10-03 22:26 - 000000000 ____D C:\Users\Allens\AppData\Local\D3DSCache 2019-07-06 15:12 - 2018-06-10 19:10 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2052373595-2782729040-2076756327-1001 2019-07-06 15:12 - 2018-06-10 18:39 - 000002405 _____ C:\Users\Allens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-05 17:40 - 2018-09-30 09:18 - 000000000 ____D C:\Program Files\WebDiscoverBrowser 2019-07-05 17:39 - 2019-02-12 12:15 - 000014793 _____ C:\WINDOWS\SysWOW64\view.txt 2019-07-05 17:39 - 2018-08-28 10:55 - 000000000 ____D C:\Users\Allens\AppData\Roaming\pctonics.com 2019-07-05 17:39 - 2018-08-28 10:55 - 000000000 ____D C:\ProgramData\pctonics.com 2019-07-05 15:14 - 2017-09-18 12:21 - 000007018 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2019-07-05 15:14 - 2013-03-07 13:44 - 000000000 ____D C:\Users\Allens\Documents\Outlook Files ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt results: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4-08-2019 Ran by Allens (04-08-2019 18:12:29) Running from C:\Users\Allens\Desktop Windows 10 Home Version 1803 17134.885 (X64) (2018-06-10 18:11:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2052373595-2782729040-2076756327-500 - Administrator - Disabled) Allens (S-1-5-21-2052373595-2782729040-2076756327-1001 - Administrator - Enabled) => C:\Users\Allens DefaultAccount (S-1-5-21-2052373595-2782729040-2076756327-503 - Limited - Disabled) Guest (S-1-5-21-2052373595-2782729040-2076756327-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2052373595-2782729040-2076756327-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2052373595-2782729040-2076756327-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Messenger“ pagalbinė priemonė (HKLM-x32\...\{7E274911-32ED-4489-9B04-4EF100D0E4D3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Essentials“ (HKLM-x32\...\{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (HKLM-x32\...\{2720009D-9566-45A7-A370-0E6DAC313F3F}) (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation) „Windows Live Messenger“ (HKLM-x32\...\{122800FE-3AAF-4974-9FBD-54B023FA756A}) (Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (HKLM-x32\...\{C877E454-FA36-409A-A00E-1240CEC61BBD}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Ask Toolbar Updater (HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.6.3098 - AVG Technologies) BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung) Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation) Brother Port Driver (HKLM-x32\...\{6768BCF7-474C-4428-9FC1-3C46969819D6}) (Version: 1.1.4.4 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{48F75879-6C29-4149-AFC4-B9F1CBA8528D}) (Version: 1.0.6.2 - Brother Industries Ltd.) Hidden BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\{E4B48349-A165-4097-8D78-AC950BD8638E}) (Version: 4.0.11308.0 - Microsoft Corporation) Hidden Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation) Complément Messenger (HKLM-x32\...\{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Complemento Messenger (HKLM-x32\...\{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation) ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DeviceDetect (HKLM-x32\...\{CEF07BDC-47F1-4477-8F3C-0E7132AF88C5}) (Version: 1.0.4.5 - Brother Industries Ltd.) Hidden Doplnok programu Messenger (HKLM-x32\...\{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{556EAB35-CD1F-4E94-83CA-D5C9FA2CDA5B}) (Version: 4.4.1 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc) Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Assistent (HKLM-x32\...\{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{082E37F5-3924-4168-A69A-1B6B1FEA587C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{3889988F-762B-4B85-AB17-71C9CC3AE445}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{6DD3B54B-F0D0-4A69-8344-F52033225A02}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{8142D25E-028A-4563-86ED-5755783C8029}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{847C879C-1467-4924-A491-1302B4C58F70}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{939C80FA-96C9-44A6-B318-8E7D8BD8481B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{96403552-88D1-429F-9C92-388B814B885E}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{B44F3823-52DD-45CA-A916-8B320778715D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{C7DAD22D-29D4-438F-B986-03B9ED582EA4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{D4F81B27-4054-4AD6-A588-265508BAA17C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{D58E381C-DE02-46A9-B9D1-A2CB807D2676}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger kísérő (HKLM-x32\...\{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Pratilac (HKLM-x32\...\{902585EB-8FA3-43A5-AD1C-5C9821A77114}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger Suradnik (HKLM-x32\...\{3FD1CB9F-807F-451B-926C-9D19C84CFC61}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger 사이트 공유 (HKLM-x32\...\{AB067785-9646-456B-91C3-E71228132A4C}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger 分享元件 (HKLM-x32\...\{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger 浏览器插件 (HKLM-x32\...\{7F061FA8-5A87-4758-876B-17EE28B358D0}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Messenger-kumppani (HKLM-x32\...\{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation) Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pomocnik Messenger (HKLM-x32\...\{BD8DA595-F501-4ABE-85A0-5C23E82472A0}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.429 - Trusteer) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Samsung AnyWeb Print (HKLM-x32\...\{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.) Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.1.17 - Samsung Electronics Co., Ltd.) SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung) ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.) Spremljevalec Messenger (HKLM-x32\...\{F14F9EE9-9B68-42B4-90F7-0924F7619281}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.429 - Trusteer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Компаньон Messenger (HKLM-x32\...\{3705D53F-BB01-4BEE-8585-289E71CAC4B4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Помощник на Messenger (HKLM-x32\...\{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden מסייע Messenger (HKLM-x32\...\{AB5977C5-11AE-4003-BA7D-261C48F2BC35}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation) بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation) 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM-x32\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) Packages: ========= Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.3.0_x64__8wekyb3d8bbwe [2018-06-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.4.0_x64__8wekyb3d8bbwe [2018-06-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1806.5.0_x64__8wekyb3d8bbwe [2018-06-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.1.0_x64__8wekyb3d8bbwe [2018-07-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.7.0_x64__8wekyb3d8bbwe [2018-07-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.8.0_x64__8wekyb3d8bbwe [2018-08-01] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad] Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation) Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad] Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-07-03] (Random Salad Games LLC) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-12-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-08-04] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Allens\Desktop\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf ==================== Loaded Modules (Whitelisted) ============== 2009-02-27 17:38 - 2009-02-27 17:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2010-11-12 06:05 - 2006-08-12 04:48 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2008-08-18 19:27 - 2008-08-18 19:27 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll 2014-11-13 19:55 - 2014-11-13 19:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2011-02-28 12:32 - 2011-02-28 12:32 - 000208896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2014-11-11 18:44 - 2014-11-11 18:44 - 004517376 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 2013-10-10 22:55 - 2013-10-10 22:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2014-10-23 15:21 - 2014-10-23 15:21 - 000289792 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe 2015-01-29 17:46 - 2015-01-29 17:46 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2014-09-09 10:38 - 2014-09-09 10:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2014-09-09 10:38 - 2014-09-09 10:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2014-09-09 10:39 - 2014-09-09 10:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLEng.dll 2015-01-29 18:01 - 2015-01-29 18:01 - 001542656 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe 2015-01-29 18:03 - 2015-01-29 18:03 - 000583168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe 2010-07-30 09:20 - 2010-07-30 09:20 - 001752680 _____ (Samsung Electronics CO., LTD. -> SAMSUNG Electronics) [File not signed] C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe 2010-11-12 06:05 - 2010-02-10 15:29 - 000719360 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe 2015-02-04 12:53 - 2009-07-14 02:40 - 000038912 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\EP0NPP01.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescueUA_2944869 => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7865 more sites. IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\...\123simsen.com -> www.123simsen.com There are 7866 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES\BROADCOM\BROADCOM 802.11 NETWORK ADAPTER\DRIVER;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;;C:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\100\TOOLS\BINN\;C:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\100\DTS\BINN\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2052373595-2782729040-2076756327-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "WebDiscoverBrowser" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9886AE5E-0023-4FCE-B692-AE96A0083D64}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) FirewallRules: [{5F61423D-406F-4D85-A0E3-AC3B1FC81B06}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) FirewallRules: [{BB3D79D9-0127-47BC-91FF-E722C8341D8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{09A80EEE-E3AD-4B39-A216-7964122E8E13}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EF58F4D8-BB16-47EB-9E37-72345BE0D2FC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D49BAE15-DD8F-4A8B-BAB1-41664C908B8D}] => (Allow) LPort=1900 FirewallRules: [{80D3BB5F-4412-4038-88F6-0EB943FCC4E9}] => (Allow) LPort=2869 FirewallRules: [{7277DCC7-03ED-429D-9677-873C9EC633AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6E5AE94E-6234-44B2-A670-57E32C8AD0B4}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) FirewallRules: [{15DBC0E2-FE59-4933-9419-E2E64CBC9EF6}] => (Allow) C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.) FirewallRules: [{DBE44718-ED98-45A9-9396-7A1E14403517}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 03-07-2019 12:49:33 Windows Update 05-07-2019 16:42:41 Service05072019 09-07-2019 20:07:38 Windows Update 03-08-2019 15:58:19 Windows Update 04-08-2019 16:27:14 Removed Jasc Paint Shop Pro 9 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2019 05:45:03 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: ) Description: '0' is an invalid number of start up parameters. This service takes two start up parameters. Error: (08/04/2019 05:35:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 117c Start Time: 01d54ae2610ee87a Termination Time: 42 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: d0149a98-e371-41b0-bac0-8bc7fe7ddea2 Faulting package full name: Faulting package-relative application ID: Error: (08/04/2019 03:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/04/2019 03:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/04/2019 03:48:22 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: ) Description: '0' is an invalid number of start up parameters. This service takes two start up parameters. Error: (08/03/2019 07:14:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HijackThis (1).exe version 2.0.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2508 Start Time: 01d54a27282e0a5c Termination Time: 86 Application Path: C:\Users\Allens\Downloads\HijackThis (1).exe Report Id: cd78d338-e8d8-47e1-a2db-af4062d6f7ff Faulting package full name: Faulting package-relative application ID: Error: (08/03/2019 04:51:05 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL SQLAgent$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (08/03/2019 04:51:03 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL MSSQL$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (08/04/2019 05:52:02 PM) (Source: DCOM) (EventID: 10000) (User: JANUS) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy!CortanaPlaces.PlaceStore. The error: "0" Happened while starting this command: "C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe" -ServerName:PlacesServer Error: (08/04/2019 05:52:02 PM) (Source: DCOM) (EventID: 10000) (User: JANUS) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy!CortanaPlaces.PlaceStore. The error: "0" Happened while starting this command: "C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe" -ServerName:PlacesServer Error: (08/04/2019 05:51:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avgbIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/04/2019 05:51:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the avgbIDSAgent service to connect. Error: (08/04/2019 05:51:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (08/04/2019 05:50:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service did not respond on starting. Error: (08/04/2019 05:49:50 PM) (Source: DCOM) (EventID: 10001) (User: JANUS) Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error: "298" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server Error: (08/04/2019 05:46:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Windows Defender: =================================== Date: 2019-08-04 16:03:49.048 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:00:29.081 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:57:41.234 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:49:56.093 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:32:51.479 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 17:17:54.277 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:03:46.681 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.299.1238.0, AS: 1.299.1238.0, NIS: 1.299.1238.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:57:38.392 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.299.1170.0, AS: 1.299.1170.0, NIS: 1.299.1170.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:32:44.486 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.299.1169.0, AS: 1.299.1169.0, NIS: 1.299.1169.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-03 16:10:50.643 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AccessibilityEscalation.A&threatid=2147728981&enterprise=0 Name: Trojan:Win32/AccessibilityEscalation.A ID: 2147728981 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\Utilman.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.297.751.0, AS: 1.297.751.0, NIS: 1.297.751.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 ==================== Memory info =========================== BIOS: Phoenix Technologies Ltd. 03UC.P026.20101027.LX 10/27/2010 Motherboard: SAMSUNG ELECTRONICS CO., LTD. RV410/RV510/S3510/E3510 Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz Percentage of memory in use: 75% Total physical RAM: 4028.61 MB Available physical RAM: 1000.22 MB Total Virtual: 11452.61 MB Available Virtual: 8150.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.65 GB) (Free:362.54 GB) NTFS \\?\Volume{eaea754d-eea6-11df-917f-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS \\?\Volume{bcf3b704-0000-0000-0000-e06f6f000000}\ () (Fixed) (Total:0.9 GB) (Free:0.47 GB) NTFS \\?\Volume{64bc484d-0ec2-11e0-b278-806e6f6e6963}\ (SAMSUNG_REC) (Fixed) (Total:19.11 GB) (Free:0.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: BCF3B704) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=445.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=926 MB) - (Type=27) Partition 4: (Not Active) - (Size=19.1 GB) - (Type=27) ==================== End of Addition.txt =========================== I also carried out your instructions re HiJackThis and removed the detailed . I then rebooted and completed a further scan so you can see the latest results (I did this prior to downloading and dealing with the Farbar stuff) HJT log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 19:57:22, on 04/08/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Allens\Desktop\Loz\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe O23 - Service: AvgWscReporter - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\wsc_proxy.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung UPD Service - Unknown owner - C:\WINDOWS\System32\SUPDSvc.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) -- End of file - 11481 bytes Many thanks Loz
  7. Hello Trusted friends ... After running XP for all my computing life I have finally inherited a Windows 10 laptop ...(I know ...its still only a laptop but hey ... it was free!) This is handy as I can now run all sorts on it and still game on my quality XP desktop rig but ... my father warned me the laptop had some serious probs ... heres what I have found so far ... HJT Log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 19:28:07, on 03/08/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Allens\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Users\Allens\Desktop\Loz\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Allens\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [BingSvc] C:\Users\Allens\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe -update plugin O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung UPD Service - Unknown owner - C:\WINDOWS\System32\SUPDSvc.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) -- End of file - 11452 bytes I also ran a good ol' SpyBot scan: Search results from Spybot - Search & Destroy 03/08/2019 19:12:19 Scan took 00:00:00. 0 items found. --- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) --- 2018-04-20 blindman.exe (2.7.64.152) 2018-04-20 explorer.exe (2.7.64.191) 2018-02-06 SDBootCD.exe (2.7.64.109) 2018-04-20 SDCleaner.exe (2.7.64.110) 2018-04-20 SDDelFile.exe (2.7.64.94) 2018-04-20 SDFiles.exe (2.7.64.137) 2018-04-20 SDFileScanHelper.exe (2.7.64.7) 2018-04-20 SDFSSvc.exe (2.7.64.219) 2018-04-20 SDHelp.exe (2.7.64.1) 2018-02-06 SDHookHelper.exe (2.7.64.2) 2018-02-06 SDHookInst32.exe (2.7.64.2) 2018-02-06 SDHookInst64.exe (2.7.64.2) 2018-04-20 SDImmunize.exe (2.7.64.133) 2018-08-15 SDLicense.exe (2.7.65.3) 2018-04-20 SDLogReport.exe (2.7.64.107) 2018-04-20 SDOnAccess.exe (2.7.64.12) 2018-04-20 SDPESetup.exe (2.7.64.3) 2018-04-20 SDPEStart.exe (2.7.64.86) 2018-04-20 SDPhoneScan.exe (2.7.64.29) 2018-04-20 SDPRE.exe (2.7.64.22) 2018-02-06 SDPrepPos.exe (2.7.64.15) 2018-04-20 SDQuarantine.exe (2.7.64.103) 2018-02-06 SDRootAlyzer.exe (2.7.64.116) 2018-02-06 SDSBIEdit.exe (2.7.64.39) 2018-04-20 SDScan.exe (2.7.64.191) 2018-02-06 SDScript.exe (2.7.64.54) 2018-04-20 SDSettings.exe (2.7.64.139) 2018-04-20 SDShell.exe (2.7.64.2) 2018-02-06 SDShred.exe (2.7.64.108) 2018-02-06 SDSysRepair.exe (2.7.64.102) 2018-02-06 SDTools.exe (2.7.64.157) 2018-04-20 SDTray.exe (2.7.64.129) 2018-04-20 SDUpdate.exe (2.7.64.98) 2018-04-20 SDUpdSvc.exe (2.7.64.82) 2018-08-08 SDUpgrade.exe (2.7.65.0) 2018-08-15 SDWelcome.exe (2.7.65.131) 2018-02-06 SDWSCSvc.exe (2.7.64.3) 2018-09-03 Spybot3.LicenseInstaller.exe 2017-02-15 spybotsd2-install-bdupd-2017a.exe (2.6.52.0) 2018-10-24 spybotsd2-install-license-installer.exe (2.7.65.0) 2019-02-22 spybotsd2-SDLicense-websitev5.exe (2.7.65.0) 2019-08-03 unins000.exe (51.1052.0.0) 2017-11-28 xcacls.exe 2017-11-28 borlndmm.dll (10.0.2288.42451) 2018-01-29 DelZip190.dll (1.9.0.119) 2018-01-29 DelZip192.dll (1.9.2.136) 2018-01-29 libeay32.dll (1.0.2.14) 2017-11-28 libssl32.dll (1.0.0.4) 2018-02-06 NotificationSpreader.dll (2.7.64.4) 2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98) 2018-04-20 SDAV.dll (2.4.40.7) 2018-02-06 SDECon32.dll (2.7.64.114) 2018-03-23 SDECon64.dll (2.7.64.113) 2018-02-06 SDEvents.dll (2.7.64.2) 2018-04-20 SDFileScanLibrary.dll (2.7.64.24) 2018-02-06 SDHook32.dll (2.7.64.2) 2018-02-06 SDHook64.dll (2.7.64.2) 2018-04-20 SDImmunizeLibrary.dll (2.7.64.3) 2018-04-20 SDLicense.dll (2.7.64.3) 2018-04-20 SDLists.dll (2.7.64.8) 2018-02-06 SDResources.dll (2.7.64.7) 2018-04-20 SDScanLibrary.dll (2.7.64.131) 2018-04-20 SDTasks.dll (2.7.64.15) 2018-02-06 SDWinLogon.dll (2.7.64.0) 2018-01-29 sqlite3.dll (3.22.0.0) 2018-01-29 ssleay32.dll (1.0.2.14) 2018-02-06 Tools.dll (2.7.64.36) 2019-07-03 Includes\Adware-000.sbi 2018-09-24 Includes\Adware-001.sbi 2018-09-24 Includes\Adware-002.sbi 2018-09-24 Includes\Adware-003.sbi 2019-07-31 Includes\Adware-C.sbi 2014-01-13 Includes\Adware.sbi 2014-01-13 Includes\AdwareC.sbi 2017-11-28 Includes\Cookies.sbi 2014-11-14 Includes\Dialer-000.sbi 2014-11-14 Includes\Dialer-001.sbi 2018-06-20 Includes\Dialer-C.sbi 2014-01-13 Includes\Dialer.sbi 2014-01-13 Includes\DialerC.sbi 2014-01-09 Includes\Fraud-000.sbi 2017-01-30 Includes\Fraud-001.sbi 2014-03-31 Includes\Fraud-002.sbi 2016-07-06 Includes\Fraud-003.sbi 2012-11-14 Includes\HeavyDuty.sbi 2014-11-14 Includes\Hijackers-000.sbi 2014-11-14 Includes\Hijackers-001.sbi 2018-04-04 Includes\Hijackers-C.sbi 2014-01-13 Includes\Hijackers.sbi 2014-01-13 Includes\HijackersC.sbi 2014-01-08 Includes\iPhone-000.sbi 2014-01-08 Includes\iPhone.sbi 2016-05-27 Includes\Keyloggers-000.sbi 2019-07-31 Includes\Keyloggers-C.sbi 2014-01-13 Includes\Keyloggers.sbi 2014-01-13 Includes\KeyloggersC.sbi 2015-06-25 Includes\Malware-000.sbi 2014-11-14 Includes\Malware-001.sbi 2018-04-12 Includes\Malware-002.sbi 2016-11-07 Includes\Malware-003.sbi 2014-11-14 Includes\Malware-004.sbi 2014-11-14 Includes\Malware-005.sbi 2014-02-26 Includes\Malware-006.sbi 2014-01-09 Includes\Malware-007.sbi 2019-07-24 Includes\Malware-C.sbi 2014-01-13 Includes\Malware.sbi 2014-01-13 Includes\MalwareC.sbi 2018-05-02 Includes\PUPS-000.sbi 2018-05-02 Includes\PUPS-001.sbi 2018-05-02 Includes\PUPS-002.sbi 2018-05-02 Includes\PUPS-003.sbi 2018-05-02 Includes\PUPS-004.sbi 2019-07-31 Includes\PUPS-C.sbi 2014-01-13 Includes\PUPS.sbi 2014-01-13 Includes\PUPSC.sbi 2014-01-08 Includes\Security-000.sbi 2018-08-01 Includes\Security-C.sbi 2014-01-21 Includes\Security.sbi 2014-01-21 Includes\SecurityC.sbi 2015-11-11 Includes\Spyware-000.sbi 2015-05-06 Includes\Spyware-001.sbi 2019-07-17 Includes\Spyware-C.sbi 2014-01-21 Includes\Spyware.sbi 2014-01-21 Includes\SpywareC.sbi 2011-06-07 Includes\Tracks.sbi 2012-11-19 Includes\Tracks.uti 2017-06-28 Includes\Trojans-000.sbi 2014-01-15 Includes\Trojans-001.sbi 2017-10-25 Includes\Trojans-002.sbi 2016-01-20 Includes\Trojans-003.sbi 2018-11-28 Includes\Trojans-004.sbi 2014-03-19 Includes\Trojans-005.sbi 2015-03-31 Includes\Trojans-006.sbi 2017-12-01 Includes\Trojans-007.sbi 2014-07-09 Includes\Trojans-008.sbi 2018-11-28 Includes\Trojans-009.sbi 2018-06-21 Includes\Trojans-010.sbi 2019-07-31 Includes\Trojans-C.sbi 2014-01-15 Includes\Trojans-OG-000.sbi 2014-01-15 Includes\Trojans-TD-000.sbi 2014-01-15 Includes\Trojans-VM-000.sbi 2014-01-15 Includes\Trojans-VM-001.sbi 2014-01-15 Includes\Trojans-VM-002.sbi 2014-01-15 Includes\Trojans-VM-003.sbi 2014-01-15 Includes\Trojans-VM-004.sbi 2014-01-15 Includes\Trojans-VM-005.sbi 2014-01-15 Includes\Trojans-VM-006.sbi 2014-01-15 Includes\Trojans-VM-007.sbi 2014-01-15 Includes\Trojans-VM-008.sbi 2014-01-15 Includes\Trojans-VM-009.sbi 2014-01-15 Includes\Trojans-VM-010.sbi 2014-01-15 Includes\Trojans-VM-011.sbi 2014-01-15 Includes\Trojans-VM-012.sbi 2014-01-15 Includes\Trojans-VM-013.sbi 2014-01-15 Includes\Trojans-VM-014.sbi 2014-01-15 Includes\Trojans-VM-015.sbi 2014-01-15 Includes\Trojans-VM-016.sbi 2014-01-15 Includes\Trojans-VM-017.sbi 2014-01-15 Includes\Trojans-VM-018.sbi 2014-01-15 Includes\Trojans-VM-019.sbi 2014-01-15 Includes\Trojans-VM-020.sbi 2014-01-15 Includes\Trojans-VM-021.sbi 2014-01-15 Includes\Trojans-VM-022.sbi 2014-01-15 Includes\Trojans-VM-023.sbi 2014-01-15 Includes\Trojans-VM-024.sbi 2014-01-15 Includes\Trojans-ZB-000.sbi 2016-02-03 Includes\Trojans-ZL-000.sbi 2014-01-09 Includes\Trojans.sbi 2014-01-16 Includes\TrojansC-01.sbi 2014-01-16 Includes\TrojansC-02.sbi 2014-01-16 Includes\TrojansC-03.sbi 2014-01-16 Includes\TrojansC-04.sbi 2014-01-16 Includes\TrojansC-05.sbi 2014-01-09 Includes\TrojansC.sbi Spybot has ... allegedly cleared all that was found but I am not sure Since running the scan on SpyBot and fixing all selected, the desktop background image has disappeared on the laptop and I am now running a simple black background ... I havent seen that for some years As always, pleading for help and am eternally grateful to all of you Regards Loz
  8. Hi Juliet Again apologies for delay ... I dont get as much time teching problems as I would like and the PC is at another house but I am told it is running better and smother than before to the satisfaction of the girlfriends son ... Thank you for all your help :) ... you are quality :)
  9. Hi Juliet, Apologies again for the slight delay in sorting your guidance but it sometimes is a couple of weeks before I am able to sit in front of the computer ... Anyways all done as instructed as below: Malware Bytes Log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 06/07/2019 Scan Time: 15:34 Log File: 329b9624-9ffb-11e9-b684-eca86bd6d5e5.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.11428 Licence: Trial -System Information- OS: Windows 10 (Build 17763.475) CPU: x64 File System: NTFS User: DESKTOP-O8IQLFD\jack -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 284251 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 4 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [2078], [476595],1.0.11428 Registry Value: 1 PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.SearchModule, C:\USERS\JACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_nahhmpbckpgdidfnmfkfgiflpjijilce_0.localstorage, Quarantined, [281], [453492],1.0.11428 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) EEK Log: Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us] OS: Windows 10 (Version 10.0, Build 17763, 64-bit Edition) Forensics log Date Component Action Details 06/07/2019 16:15:43 User Update Downloaded and installed 63 files (4394 kb) (21 min. 47 sec.). 06/07/2019 16:14:30 User DESKTOP-O8IQLFD\JACK Infection quarantined Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp". 06/07/2019 16:08:27 Scanner Scan finished Found 1 object , user to decide on further actions. 06/07/2019 16:01:53 Scanner Detection Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp" (SHA1: 19c0ab79e706c1d46cdaffcd11ed6f929de6724f) 06/07/2019 15:56:10 User DESKTOP-O8IQLFD\jack Scan started Malware Scan 06/07/2019 15:55:46 User DESKTOP-O8IQLFD\jack Setting modified "Detect PUPs" has been changed to "Enabled". 06/07/2019 15:55:41 User DESKTOP-O8IQLFD\jack Setting modified "Recommended readings & news" has been changed to "Enabled". 06/07/2019 15:54:03 User DESKTOP-O8IQLFD\jack Setting modified "Recommended readings & news" has been changed to "Disabled". 06/07/2019 15:53:56 Core Notification "Recommended Reading:9 critical cyber safety lessons to teach your kids". I had some trouble locating the Quarantine Log export option as it wasn't under the Quarantine Tab? I then went to logs and found an entry that said as above and so saved that. I then deleted the quarantined item and found an entry that read: 06/07/2019 16:43:25 Medium risk Malware "Adware.DealPly.1.Gen (B)" in "C:\Users\jack\AppData\Roaming\Lobus\trzCC02.tmp" deleted by user DESKTOP-O8IQLFD\JACK Overall the PC is better … start up can be a little slow but after a minute or two it seems to run reasonably ok. On more than one occasion the Microsoft Edge closed without any prompting, once or twice when I minimised it and another time when I first ran ?EEK (Perhaps a requirement of the scan procedure I put that down to?) Continued thanks for your help Loz
  10. p.s. I meant to say that in order to remove the 'PremierOpinion' from the computer I searched for it and found that it only seemed to appear on the start up menu so I used the remove/uninstall option from here and it seems to have gone (on face value anyway?)
  11. Hi Juliet Continued thanks for your help and support. I have followed your instructions but with a few little glitches along the way ... I removed the 4 listed items but in doing so I could not find a 'chromium' browser and so I assumed this was Google Chrome and removed that … I am not sure if that is correct? Also when trying to remove the PremierOpinion from the 'add / remove' options window, I kept getting an error message: I have uploaded a desktop image of the fault message titled 'PremierOpinion Error Message. FRST FIX LOG FILE: Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2019 Ran by jack (23-06-2019 12:52:01) Run:1 Running from C:\Users\jack\Desktop\Loz\FRST Loaded Profiles: jack (Available Profiles: jack) Boot Mode: Normal ============================================== fixlist content: ***************** Clos eP rocesses: CreateRestorePoint: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) CHR HomePage: Default -> hxxp://www.view-search.com/ CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6D A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File C:\Windows\Temp\*.* ***************** Clos eP rocesses: => Error: No automatic fix found for this entry. Restore point was successfully created. "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => removed successfully HKLM\Software\Classes\CLSID\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll" => not found "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll" => not found "Chrome HomePage" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\PremierOpinion => removed successfully PremierOpinion => service removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67326F6A-DAF4-403D-A689-0E3589ADA176}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD17905-62A1-4291-A526-FA3C48F69916}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65268CB6-BF11-4237-A176-E025C99D6D A4}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248605FB-F395-4A06-B7BC-FA98B3476600}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\chrome_installer.log => moved successfully Could not move "C:\Windows\Temp\MpCmdRun.log" => Scheduled to move on reboot. C:\Windows\Temp\sa.Microsoft.SkypeApp_kzf8qxf38zg5c_1__.Public.InstallAgent.dat => moved successfully C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2019 12:58:32) C:\Windows\Temp\MpCmdRun.log => Could not move ==== End of Fixlog 12:58:33 ==== ADW CLEANER LOG FILE: # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-23-2019 # Duration: 00:00:04 # OS: Windows 10 Pro # Cleaned: 32 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\WebDiscoverBrowser Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\jack\AppData\Local\WebDiscoverBrowser Deleted C:\Users\jack\AppData\Local\slimware utilities inc ***** [ Files ] ***** Deleted C:\Windows\SysWOW64\pmls.dll Deleted C:\Windows\System32\PMLS64.DLL ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F Deleted HKCU\Software\WebDiscoverBrowser Deleted HKCU\Software\csastats Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser Deleted HKLM\Software\WebDiscoverBrowser Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\.DEFAULT\Software\WebDiscoverBrowser Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-18\Software\WebDiscoverBrowser Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\java-runtime-environment-64.en.softonic.com Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\java-runtime-environment-64.en.softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted Search Manager ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [5686 octets] - [23/06/2019 13:04:08] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ROGUEKILLER LOG FILE: RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17763) 64 bits Started in : Normal mode User : jack [Administrator] Started from : C:\Users\jack\Desktop\RogueKiller_portable64.exe Signatures : 20190622_071611, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/06/23 13:44:36 (Duration : 00:18:55) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.SearchManager (Potentially Malicious)] Search Manager -- nahhmpbckpgdidfnmfkfgiflpjijilce -> Deleted With the RogueKiller programme I wasnt sure which version to install - I know it is 64 bit but it gave me the option of 'Installer' or 'Portable' versions and as the portable version differentiated between 32 and 64 bit I went for that. In doing so I found that none of the buttons were in the places you had described so I am not sure if the log posted will have what you might expect to see? Let me know and i can always try the installer version and report the resulting log file Many thanks
  12. Hi Juliet, Firstly, sincere apologies for delay in applying your solution and posting the logs. I have had all sorts of problems actually getting the problematic computer to run at all but today have managed it. The links would not work using my default browser and in the end I copied and pasted the HTTP details from the properties of the link to a different browser For future reference, Windows Defender would not allow me to run the FRST app and I had to disable it which took a little time to work out (not being a massive tech dude) but eventually I have managed it and below are the results: FRST Notepad Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019 Ran by jack (administrator) on DESKTOP-O8IQLFD (Packard Bell imedia S2870) (09-06-2019 17:33:46) Running from C:\Users\jack\Downloads Loaded Profiles: jack (Available Profiles: jack) Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-06-09] (Google LLC -> Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {45452D94-A227-443D-B941-06D26CCBC5EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {58DEFE7B-9A11-4738-B769-08EB8AC9131B} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask => {7C83C056-1D0D-4C8E-A6B0-89E79C213559} C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [191488 2019-05-01] (Microsoft Windows -> Microsoft Corporation) Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7A343A59-5C9C-4004-9E17-B1E57E933FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {8630196E-C4B3-4FCB-928C-31E7104D5C2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) Task: {908A8B3C-CE7F-4AD1-8F11-3B38B9759999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E8EF172D-5181-4F72-A7C8-917528CC7669}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {B6596B23-B583-4976-B70B-09942B51D533} - System32\Tasks\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01} => C:\WINDOWS\system32\pcalua.exe -a E:\start.exe -d E:\ Task: {BEC14D0B-64D3-46CB-B192-2681B18181E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {C5F485D0-1BB8-4F2D-8A39-45128DB0D008} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {D9ED0550-AB98-485F-A012-009BE5BF1557} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{59cf69be-9c1f-4872-8d31-66ca5a00501f}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> hxxp://www.google.co.uk/ FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.view-search.com/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Profile: C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default [2019-04-29] CHR Extension: (Slides) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10] CHR Extension: (Docs) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10] CHR Extension: (Google Drive) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10] CHR Extension: (YouTube) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] CHR Extension: (Sheets) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10] CHR Extension: (Google Docs Offline) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-24] CHR Extension: (Avast Online Security) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-29] CHR Extension: (Search Manager) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-04-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20] CHR Extension: (Gmail) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-29] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-03-05] (Intel(R) pGFX -> Intel Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-02] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-05-02] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation) S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-09-15] (Microsoft Windows -> Windows (R) Win 7 DDK provider) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2017-03-08] (Intel Corporation -> Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:33 - 2019-06-09 17:35 - 000022858 _____ C:\Users\jack\Downloads\FRST.txt 2019-06-09 17:33 - 2019-06-09 17:33 - 000000000 ____D C:\FRST 2019-06-09 17:31 - 2019-06-09 17:31 - 002417664 _____ (Farbar) C:\Users\jack\Downloads\FRST64.exe 2019-06-09 17:29 - 2019-06-09 17:29 - 001770496 _____ (Farbar) C:\Users\jack\Downloads\FRST.exe 2019-06-09 17:01 - 2019-06-09 17:01 - 000000556 _____ C:\WINDOWS\wininit.ini 2019-06-09 15:50 - 2019-01-21 16:46 - 000000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190609-155037.backup 2019-06-09 15:49 - 2019-06-09 15:49 - 000000000 ____D C:\Users\jack\AppData\Local\SlimWare Utilities Inc 2019-06-09 15:43 - 2019-06-09 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2019-06-09 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-06-09 15:43 - 2019-06-09 15:43 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2019-06-09 15:39 - 2019-06-09 15:39 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\jack\Downloads\spybotsd-2.7.64.0.exe 2019-06-09 15:37 - 2019-06-09 15:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers 2019-06-09 15:05 - 2019-06-09 15:03 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-05-17 20:30 - 2019-03-05 17:54 - 001108344 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-09 17:12 - 2019-05-01 19:57 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-09 17:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-09 17:10 - 2017-04-03 14:04 - 000000000 ____D C:\Program Files (x86)\Steam 2019-06-09 17:07 - 2017-03-05 14:37 - 000000000 __SHD C:\Users\jack\IntelGraphicsProfiles 2019-06-09 17:06 - 2019-05-01 20:03 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-06-09 17:06 - 2019-05-01 20:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-09 17:05 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-09 16:59 - 2019-05-01 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-09 16:53 - 2018-07-31 22:47 - 000000000 ____D C:\Users\jack\AppData\Local\CrashDumps 2019-06-09 16:43 - 2018-11-21 00:10 - 000000000 ____D C:\ProgramData\Packages 2019-06-09 15:56 - 2017-12-10 14:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-09 15:52 - 2018-04-20 21:47 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-06-09 15:47 - 2019-04-24 16:47 - 000000000 ___RD C:\Users\jack\Desktop\Loz 2019-06-09 15:39 - 2018-06-26 20:04 - 000000000 ____D C:\Users\jack\AppData\Local\AVAST Software 2019-06-09 15:36 - 2019-05-01 20:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001 2019-06-09 15:36 - 2019-05-01 19:46 - 000002364 _____ C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-09 15:36 - 2017-03-05 14:24 - 000000000 ___RD C:\Users\jack\OneDrive 2019-06-09 15:17 - 2019-04-24 16:02 - 000000000 ____D C:\Users\jack\AppData\Local\D3DSCache 2019-06-09 15:10 - 2019-05-01 19:46 - 000000000 ____D C:\Users\jack 2019-06-09 15:05 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-09 15:04 - 2019-03-01 17:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-06-09 15:04 - 2018-10-29 11:05 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-06-09 15:01 - 2019-01-28 19:33 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-05-17 20:37 - 2019-05-01 20:41 - 000000000 ____D C:\Windows.old 2019-05-17 20:36 - 2019-05-01 20:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-17 20:36 - 2019-05-01 20:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-17 20:26 - 2018-01-28 19:52 - 000000000 ___RD C:\Users\jack\3D Objects 2019-05-17 20:26 - 2016-11-23 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== Files in the root of some directories ======= 2018-05-07 18:49 - 2018-05-07 18:49 - 000000000 _____ () C:\Users\jack\AppData\Local\{3AE4B38E-B619-4099-86F2-2FAC96EA531A} ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019 Ran by jack (09-06-2019 17:36:03) Running from C:\Users\jack\Downloads Windows 10 Pro Version 1809 17763.475 (X64) (2019-05-01 19:05:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4127454622-3581897595-3763097022-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4127454622-3581897595-3763097022-503 - Limited - Disabled) Guest (S-1-5-21-4127454622-3581897595-3763097022-501 - Limited - Disabled) jack (S-1-5-21-4127454622-3581897595-3763097022-1001 - Administrator - Enabled) => C:\Users\jack WDAGUtilityAccount (S-1-5-21-4127454622-3581897595-3763097022-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts) Microsoft OneDrive (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.45.62.1020 - Electronic Arts Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) World of Tanks (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-09] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.5.5.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Code Writer -> C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_3.3.29.0_x64__24pqs290vpjk0 [2019-04-21] (Actipro Software LLC) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.6.0.9_x86__h6adky7gbf63m [2019-01-21] (Gameloft.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-06-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m [2019-06-09] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-05-01] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-04-29] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-01] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0 [2019-06-09] (Spotify AB) Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2017-07-10] (Ryan Tremblay) [MS Ad] Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-30] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-02-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\AppData:CSM [442] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7943 more sites. IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123simsen.com -> www.123simsen.com There are 7943 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2019-06-09 17:12 - 000454736 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15606 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{DEC7D197-3BA5-437A-9049-0D85C2363A0C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{DC3F9561-2BE9-4DB7-B6AE-34569439FE4E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{6DD80E10-C303-4768-AE8F-ABFFC6A76A0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5C146A50-4CD1-4D92-806D-F1E32BE1CC1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{7BC40AC7-1F75-4C4D-B664-D05DEE53A735}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{FE9680C6-9BCB-48F2-ACC4-F622C720ECCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{81DFC864-3FAD-4201-8AA8-1592787048AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F0617115-A03B-4A46-8CA7-B9FD5F39695D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{741172BE-D110-4CDE-A0EF-DA16327C7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{00B97100-3509-41E0-8030-659EE04C3393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{D1E91A08-98D2-405D-B044-772851BD2BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{472B6F9A-B2CF-44B3-8DC9-17E32988F23C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{1DC36F1F-DC00-4F4F-B580-DE8AA7B30378}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F667035D-6C19-43F5-968B-F8300B03DB0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{0B6FBE3B-2C9A-4121-9413-A685B39B6A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{AA41E2F4-B274-4E53-8843-FE426A1AC82A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{3BC22425-2F6C-4867-8F47-E1A940C971AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5E0B3903-ED20-4405-ADE2-8A3D2B1CBD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{471F6D60-FB2A-4987-90B7-67C9BE3AE709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{0E056B65-842E-4AF1-B97F-96E32674B8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{C9540541-E069-4C2D-857B-98B6641674F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{F50B3A5A-76E8-4860-9770-A0A27D09E994}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{234D5FEA-936F-4257-8892-B6AD49B4DBA2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{764BF0ED-23FF-4969-8342-67486B238931}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{411A9ED2-FAE3-4D31-89AF-E5FDA365EF59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{9C355290-1442-4A7E-8B2E-5B2BF5A1E036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{6C082675-089E-41B0-BE0A-452AE101FE2A}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7219AB0B-352B-4800-9E61-B732BF5EEECE}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7D3F4AFD-398D-40EC-8075-2FAD1C39427F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [{5FBA93B2-8DA0-4273-AB19-26F980D33C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{8AB97966-EA6C-44CF-9D4C-7DB6F6A735FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [UDP Query User{6F98FBD7-0ED5-4D82-AEAD-6509224A1428}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{4E0801A1-3C82-4FD3-8F7D-A064B04DFC1B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{B184455F-7786-46E4-B3FE-EAB454274F77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{971FF884-1CBC-4EB1-B11F-560E6B9B5E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{1AB033B8-57BE-46D5-BC47-F1E50ADFBB3A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{8F439E62-8E69-43A3-BE38-0A1AA124D0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{476B8BE2-5A86-4796-9FC5-5019688E9908}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{505F67D3-0DB3-420E-884D-BB6F8173AD8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{7E120442-D437-4957-9E58-2F9CF3B820BA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{4F0D2ED3-0662-4A4B-B23D-CEE138207AA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{8BB775C4-FB5D-49A4-8FF4-80A54D87ADF6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{59962D78-F343-4650-8713-C20C4E91F83B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{AD4347D5-B237-4094-8C60-3E44B338BBAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{8B28F566-D121-4A17-A80D-C7345A0AFDC3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{C4B73AF8-1A0C-41A3-8ABD-60956B9352A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{931C0DC7-C55E-4A6E-B4ED-3DB1ECC7D799}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [{8870048C-F815-4391-86CC-7621A4509FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{FF1ABA3C-5419-4D9F-A2CF-F7272C976E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{E6C10C76-B6D2-4412-92D4-C6963F500B94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{0F59AF8C-2FB3-4C19-83EA-ADA18749D4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9BC9CA88-E082-4C5B-A6D3-516D277C89A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{623E975E-15F1-4EBA-A25E-594138747853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{72F03D48-9C34-4B07-B816-77090B5F75D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{22C78244-AC29-43B3-9AB7-AF905067B853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AF4AEC1B-526F-4AA8-8791-EBF95A763AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B485EBD6-AA37-409C-A082-FCA779151D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{01806C9B-5453-4635-AE4F-3BF63887AD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 02-05-2019 17:36:27 Windows Update 09-06-2019 15:49:19 Removed Avast Driver Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2019 05:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a10 Start Time: 01d51ee01a4b78d3 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: d5683e54-0a7f-4442-816f-7e5cad887d01 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm (1).exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2304 Start Time: 01d51edda6f005bb Termination Time: 220 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 92af275e-deda-4dc5-a92d-52dc7ecdfcac Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (06/09/2019 05:24:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d14 Start Time: 01d51edf242b6b7d Termination Time: 10165 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 975f26e3-487d-405f-85cf-4b4947d9b91b Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a04 Start Time: 01d51ede77ef990a Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 6884681a-d0af-4b96-8b0c-89ac576c6c74 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:08:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:06:31 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (06/09/2019 05:10:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8IQLFD) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-O8IQLFD\jack SID (S-1-5-21-4127454622-3581897595-3763097022-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (06/09/2019 05:04:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2019-06-09 17:09:18.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 17:06:17.609 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.333 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 16:52:39.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:52:22.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:47:39.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P11-A3 02/21/2013 Motherboard: Packard Bell imedia S2870 Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 80% Total physical RAM: 3982.99 MB Available physical RAM: 781.95 MB Total Virtual: 7694.99 MB Available Virtual: 4239.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:461.32 GB) (Free:316.09 GB) NTFS Drive e: (Sims4_1) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF \\?\Volume{1059c9e4-01d1-4c84-9dc8-267f55d2fb7c}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS \\?\Volume{78f3c03f-586e-453c-b80b-c2f9daca59d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3C0F8483) Partition: GPT. ==================== End of Addition.txt ============================ Many thanks for your help and support Regards Loz
  13. Hi Been a while since I posted on here so I apologise if this is not the correct forum location …. Friends sons computer has been a git lately and is causing all sorts of slowing issues! System details: Windows 10 Pro 64 bit Operating System (x64 bit processor) 4GB Ram Hijackthis log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 16:29:05, on 24/04/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Games\World_of_Tanks\WargamingGameUpdater.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\jack\Desktop\HijackThis.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit= O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" O4 - HKCU\..\Run: [Chromium] "c:\users\jack\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol hijack: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) -- End of file - 9231 bytes ---------------------------------- Kind Regards Loz
  14. Nice one Red, just what I was looking for .... One small prob - being from the UK I had to look elsewhere for the item and found this: http://www.1topstore.com/product_info.php?...p;products_id=5 Can you just advise - Do I need to purchase a kit that has a power supply or can I simply supply power to the drive from the usual loom/power supply within my own comp? cheers Loz
  15. Hello again one and all, Firstly, sorry for resurrecting this thread but I have still not been able to resolve thenissue at hand - the delay in writting is somewhat a better reason - my baby boy was born on 7th December and after a few initial complications all is well now And back to the problem: My mothers laptop is having a major issue - it stops during start up and says: 'Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM' It then offers me the opportunity to repayr this file by starting Windows Setup using the original setup CD-ROM. I have tried this and at no point does it offer me the chance to 'repair' the files - it only offers me the chance to reinstall. I have also followed the links previously submitted in this thread and encountered the following problem: Using the manual steps to recover a corrupt registry - it stated that the following file did not exist and could not be copied = copy c:\windows\system32\config\software c:\windows\tmp\software.bak. Now if I try to manually recover using this method it tells me that md tmp already exists and I cannot think of a way of getting around this. The most recent suggestion of again performing a Windows XP repair install doesnt work because the option to repair is not available I have never tried to slave a laptop hard drive but i think that is now the best option to save some of the files then do a reinstall. I only have a Windows 7 laptop but my desktop is Windows XP - can I slave a laptop hard drive to a desktop PC?? or can I slave the XP corrupted HDD to my Windows 7 laptop? All help gratefully received ... Happy New Year one and all Cheers Loz
×
×
  • Create New...