SuicideSolution Posted April 24, 2019 Hi Been a while since I posted on here so I apologise if this is not the correct forum location …. Friends sons computer has been a git lately and is causing all sorts of slowing issues! System details: Windows 10 Pro 64 bit Operating System (x64 bit processor) 4GB Ram Hijackthis log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 16:29:05, on 24/04/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Games\World_of_Tanks\WargamingGameUpdater.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\jack\Desktop\HijackThis.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit= O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" O4 - HKCU\..\Run: [Chromium] "c:\users\jack\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol hijack: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) -- End of file - 9231 bytes ---------------------------------- Kind Regards Loz Share this post Link to post Share on other sites
Juliet Posted April 25, 2019 Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32)or Farbar Recovery Scan Tool (x64)andsave the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Share this post Link to post Share on other sites
SuicideSolution Posted June 9, 2019 Hi Juliet, Firstly, sincere apologies for delay in applying your solution and posting the logs. I have had all sorts of problems actually getting the problematic computer to run at all but today have managed it. The links would not work using my default browser and in the end I copied and pasted the HTTP details from the properties of the link to a different browser For future reference, Windows Defender would not allow me to run the FRST app and I had to disable it which took a little time to work out (not being a massive tech dude) but eventually I have managed it and below are the results: FRST Notepad Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019 Ran by jack (administrator) on DESKTOP-O8IQLFD (Packard Bell imedia S2870) (09-06-2019 17:33:46) Running from C:\Users\jack\Downloads Loaded Profiles: jack (Available Profiles: jack) Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-06-09] (Google LLC -> Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {45452D94-A227-443D-B941-06D26CCBC5EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {58DEFE7B-9A11-4738-B769-08EB8AC9131B} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask => {7C83C056-1D0D-4C8E-A6B0-89E79C213559} C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [191488 2019-05-01] (Microsoft Windows -> Microsoft Corporation) Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7A343A59-5C9C-4004-9E17-B1E57E933FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {8630196E-C4B3-4FCB-928C-31E7104D5C2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) Task: {908A8B3C-CE7F-4AD1-8F11-3B38B9759999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E8EF172D-5181-4F72-A7C8-917528CC7669}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {B6596B23-B583-4976-B70B-09942B51D533} - System32\Tasks\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01} => C:\WINDOWS\system32\pcalua.exe -a E:\start.exe -d E:\ Task: {BEC14D0B-64D3-46CB-B192-2681B18181E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {C5F485D0-1BB8-4F2D-8A39-45128DB0D008} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {D9ED0550-AB98-485F-A012-009BE5BF1557} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{59cf69be-9c1f-4872-8d31-66ca5a00501f}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> hxxp://www.google.co.uk/ FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.view-search.com/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Profile: C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default [2019-04-29] CHR Extension: (Slides) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10] CHR Extension: (Docs) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10] CHR Extension: (Google Drive) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10] CHR Extension: (YouTube) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] CHR Extension: (Sheets) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10] CHR Extension: (Google Docs Offline) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-24] CHR Extension: (Avast Online Security) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-29] CHR Extension: (Search Manager) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-04-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20] CHR Extension: (Gmail) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-29] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-03-05] (Intel(R) pGFX -> Intel Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-02] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-05-02] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation) S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-09-15] (Microsoft Windows -> Windows (R) Win 7 DDK provider) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2017-03-08] (Intel Corporation -> Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:33 - 2019-06-09 17:35 - 000022858 _____ C:\Users\jack\Downloads\FRST.txt 2019-06-09 17:33 - 2019-06-09 17:33 - 000000000 ____D C:\FRST 2019-06-09 17:31 - 2019-06-09 17:31 - 002417664 _____ (Farbar) C:\Users\jack\Downloads\FRST64.exe 2019-06-09 17:29 - 2019-06-09 17:29 - 001770496 _____ (Farbar) C:\Users\jack\Downloads\FRST.exe 2019-06-09 17:01 - 2019-06-09 17:01 - 000000556 _____ C:\WINDOWS\wininit.ini 2019-06-09 15:50 - 2019-01-21 16:46 - 000000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190609-155037.backup 2019-06-09 15:49 - 2019-06-09 15:49 - 000000000 ____D C:\Users\jack\AppData\Local\SlimWare Utilities Inc 2019-06-09 15:43 - 2019-06-09 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2019-06-09 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-06-09 15:43 - 2019-06-09 15:43 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2019-06-09 15:39 - 2019-06-09 15:39 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\jack\Downloads\spybotsd-2.7.64.0.exe 2019-06-09 15:37 - 2019-06-09 15:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers 2019-06-09 15:05 - 2019-06-09 15:03 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-05-17 20:30 - 2019-03-05 17:54 - 001108344 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-09 17:12 - 2019-05-01 19:57 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-09 17:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-09 17:10 - 2017-04-03 14:04 - 000000000 ____D C:\Program Files (x86)\Steam 2019-06-09 17:07 - 2017-03-05 14:37 - 000000000 __SHD C:\Users\jack\IntelGraphicsProfiles 2019-06-09 17:06 - 2019-05-01 20:03 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-06-09 17:06 - 2019-05-01 20:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-09 17:05 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-09 16:59 - 2019-05-01 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-09 16:53 - 2018-07-31 22:47 - 000000000 ____D C:\Users\jack\AppData\Local\CrashDumps 2019-06-09 16:43 - 2018-11-21 00:10 - 000000000 ____D C:\ProgramData\Packages 2019-06-09 15:56 - 2017-12-10 14:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-09 15:52 - 2018-04-20 21:47 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-06-09 15:47 - 2019-04-24 16:47 - 000000000 ___RD C:\Users\jack\Desktop\Loz 2019-06-09 15:39 - 2018-06-26 20:04 - 000000000 ____D C:\Users\jack\AppData\Local\AVAST Software 2019-06-09 15:36 - 2019-05-01 20:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001 2019-06-09 15:36 - 2019-05-01 19:46 - 000002364 _____ C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-09 15:36 - 2017-03-05 14:24 - 000000000 ___RD C:\Users\jack\OneDrive 2019-06-09 15:17 - 2019-04-24 16:02 - 000000000 ____D C:\Users\jack\AppData\Local\D3DSCache 2019-06-09 15:10 - 2019-05-01 19:46 - 000000000 ____D C:\Users\jack 2019-06-09 15:05 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-09 15:04 - 2019-03-01 17:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-06-09 15:04 - 2018-10-29 11:05 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-06-09 15:01 - 2019-01-28 19:33 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-05-17 20:37 - 2019-05-01 20:41 - 000000000 ____D C:\Windows.old 2019-05-17 20:36 - 2019-05-01 20:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-17 20:36 - 2019-05-01 20:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-17 20:26 - 2018-01-28 19:52 - 000000000 ___RD C:\Users\jack\3D Objects 2019-05-17 20:26 - 2016-11-23 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== Files in the root of some directories ======= 2018-05-07 18:49 - 2018-05-07 18:49 - 000000000 _____ () C:\Users\jack\AppData\Local\{3AE4B38E-B619-4099-86F2-2FAC96EA531A} ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019 Ran by jack (09-06-2019 17:36:03) Running from C:\Users\jack\Downloads Windows 10 Pro Version 1809 17763.475 (X64) (2019-05-01 19:05:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4127454622-3581897595-3763097022-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4127454622-3581897595-3763097022-503 - Limited - Disabled) Guest (S-1-5-21-4127454622-3581897595-3763097022-501 - Limited - Disabled) jack (S-1-5-21-4127454622-3581897595-3763097022-1001 - Administrator - Enabled) => C:\Users\jack WDAGUtilityAccount (S-1-5-21-4127454622-3581897595-3763097022-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts) Microsoft OneDrive (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.45.62.1020 - Electronic Arts Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) World of Tanks (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-09] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.5.5.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Code Writer -> C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_3.3.29.0_x64__24pqs290vpjk0 [2019-04-21] (Actipro Software LLC) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.6.0.9_x86__h6adky7gbf63m [2019-01-21] (Gameloft.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-06-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m [2019-06-09] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-05-01] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-04-29] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-01] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0 [2019-06-09] (Spotify AB) Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2017-07-10] (Ryan Tremblay) [MS Ad] Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-30] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-02-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\AppData:CSM [442] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7943 more sites. IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123simsen.com -> www.123simsen.com There are 7943 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2019-06-09 17:12 - 000454736 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15606 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{DEC7D197-3BA5-437A-9049-0D85C2363A0C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{DC3F9561-2BE9-4DB7-B6AE-34569439FE4E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{6DD80E10-C303-4768-AE8F-ABFFC6A76A0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5C146A50-4CD1-4D92-806D-F1E32BE1CC1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{7BC40AC7-1F75-4C4D-B664-D05DEE53A735}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{FE9680C6-9BCB-48F2-ACC4-F622C720ECCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{81DFC864-3FAD-4201-8AA8-1592787048AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F0617115-A03B-4A46-8CA7-B9FD5F39695D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{741172BE-D110-4CDE-A0EF-DA16327C7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{00B97100-3509-41E0-8030-659EE04C3393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{D1E91A08-98D2-405D-B044-772851BD2BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{472B6F9A-B2CF-44B3-8DC9-17E32988F23C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{1DC36F1F-DC00-4F4F-B580-DE8AA7B30378}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F667035D-6C19-43F5-968B-F8300B03DB0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{0B6FBE3B-2C9A-4121-9413-A685B39B6A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{AA41E2F4-B274-4E53-8843-FE426A1AC82A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{3BC22425-2F6C-4867-8F47-E1A940C971AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5E0B3903-ED20-4405-ADE2-8A3D2B1CBD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{471F6D60-FB2A-4987-90B7-67C9BE3AE709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{0E056B65-842E-4AF1-B97F-96E32674B8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{C9540541-E069-4C2D-857B-98B6641674F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{F50B3A5A-76E8-4860-9770-A0A27D09E994}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{234D5FEA-936F-4257-8892-B6AD49B4DBA2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{764BF0ED-23FF-4969-8342-67486B238931}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{411A9ED2-FAE3-4D31-89AF-E5FDA365EF59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{9C355290-1442-4A7E-8B2E-5B2BF5A1E036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{6C082675-089E-41B0-BE0A-452AE101FE2A}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7219AB0B-352B-4800-9E61-B732BF5EEECE}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7D3F4AFD-398D-40EC-8075-2FAD1C39427F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [{5FBA93B2-8DA0-4273-AB19-26F980D33C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{8AB97966-EA6C-44CF-9D4C-7DB6F6A735FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [UDP Query User{6F98FBD7-0ED5-4D82-AEAD-6509224A1428}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{4E0801A1-3C82-4FD3-8F7D-A064B04DFC1B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{B184455F-7786-46E4-B3FE-EAB454274F77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{971FF884-1CBC-4EB1-B11F-560E6B9B5E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{1AB033B8-57BE-46D5-BC47-F1E50ADFBB3A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{8F439E62-8E69-43A3-BE38-0A1AA124D0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{476B8BE2-5A86-4796-9FC5-5019688E9908}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{505F67D3-0DB3-420E-884D-BB6F8173AD8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{7E120442-D437-4957-9E58-2F9CF3B820BA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{4F0D2ED3-0662-4A4B-B23D-CEE138207AA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{8BB775C4-FB5D-49A4-8FF4-80A54D87ADF6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{59962D78-F343-4650-8713-C20C4E91F83B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{AD4347D5-B237-4094-8C60-3E44B338BBAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{8B28F566-D121-4A17-A80D-C7345A0AFDC3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{C4B73AF8-1A0C-41A3-8ABD-60956B9352A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{931C0DC7-C55E-4A6E-B4ED-3DB1ECC7D799}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [{8870048C-F815-4391-86CC-7621A4509FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{FF1ABA3C-5419-4D9F-A2CF-F7272C976E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{E6C10C76-B6D2-4412-92D4-C6963F500B94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{0F59AF8C-2FB3-4C19-83EA-ADA18749D4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9BC9CA88-E082-4C5B-A6D3-516D277C89A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{623E975E-15F1-4EBA-A25E-594138747853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{72F03D48-9C34-4B07-B816-77090B5F75D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{22C78244-AC29-43B3-9AB7-AF905067B853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AF4AEC1B-526F-4AA8-8791-EBF95A763AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B485EBD6-AA37-409C-A082-FCA779151D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{01806C9B-5453-4635-AE4F-3BF63887AD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 02-05-2019 17:36:27 Windows Update 09-06-2019 15:49:19 Removed Avast Driver Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2019 05:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a10 Start Time: 01d51ee01a4b78d3 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: d5683e54-0a7f-4442-816f-7e5cad887d01 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm (1).exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2304 Start Time: 01d51edda6f005bb Termination Time: 220 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 92af275e-deda-4dc5-a92d-52dc7ecdfcac Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (06/09/2019 05:24:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d14 Start Time: 01d51edf242b6b7d Termination Time: 10165 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 975f26e3-487d-405f-85cf-4b4947d9b91b Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a04 Start Time: 01d51ede77ef990a Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 6884681a-d0af-4b96-8b0c-89ac576c6c74 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:08:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 58.0.2988.0,language="*",type="win32",version="58.0.2988.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:06:31 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (06/09/2019 05:10:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8IQLFD) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-O8IQLFD\jack SID (S-1-5-21-4127454622-3581897595-3763097022-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (06/09/2019 05:04:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2019-06-09 17:09:18.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 17:06:17.609 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.333 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 16:52:39.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:52:22.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:47:39.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P11-A3 02/21/2013 Motherboard: Packard Bell imedia S2870 Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 80% Total physical RAM: 3982.99 MB Available physical RAM: 781.95 MB Total Virtual: 7694.99 MB Available Virtual: 4239.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:461.32 GB) (Free:316.09 GB) NTFS Drive e: (Sims4_1) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF \\?\Volume{1059c9e4-01d1-4c84-9dc8-267f55d2fb7c}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS\\?\Volume{78f3c03f-586e-453c-b80b-c2f9daca59d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3C0F8483) Partition: GPT. ==================== End of Addition.txt ============================ Many thanks for your help and support Regards Loz Share this post Link to post Share on other sites
Juliet Posted June 15, 2019 Let me apologize , I did not receive a response that you had replied, working on a fix now. Share this post Link to post Share on other sites
Juliet Posted June 15, 2019 What might need to be done here is to temporarily disable Avast to run the tools that will be used. The below items need to be removed from your add/remove programs list. Chromium BrowserByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTIONJava 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option. When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them. follow the default prompts and allow it to remove all files and all configuration information related to this program. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Start Farbar Recovery Scan Tool with Administrator privileges (Right click on the FRST icon and select Run as administrator) highlight on the text below and select Copy. beginning with Start:: and finishing with End:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Highlight the entire content of the quote box below and select Copy. Start:: CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) CHR HomePage: Default -> hxxp://www.view-search.com/ CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File C:\Windows\Temp\*.* End:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Start FRST (FRST64) with Administrator privileges Press the Fix button. FRST will process the lines copied above from the clipboard. When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from. Please copy and paste its contents in your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller Download the right version of RogueKiller for your Windows version (32 or 64-bit) Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete On completion, the results will be displayed Check every single entry (threat found), and click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply Please post these logs when finished. Share this post Link to post Share on other sites
SuicideSolution Posted June 23, 2019 Hi Juliet Continued thanks for your help and support. I have followed your instructions but with a few little glitches along the way ... I removed the 4 listed items but in doing so I could not find a 'chromium' browser and so I assumed this was Google Chrome and removed that … I am not sure if that is correct? Also when trying to remove the PremierOpinion from the 'add / remove' options window, I kept getting an error message: I have uploaded a desktop image of the fault message titled 'PremierOpinion Error Message. FRST FIX LOG FILE: Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2019 Ran by jack (23-06-2019 12:52:01) Run:1 Running from C:\Users\jack\Desktop\Loz\FRST Loaded Profiles: jack (Available Profiles: jack) Boot Mode: Normal ============================================== fixlist content: ***************** Clos eP rocesses: CreateRestorePoint: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) CHR HomePage: Default -> hxxp://www.view-search.com/ CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6D A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File C:\Windows\Temp\*.* ***************** Clos eP rocesses: => Error: No automatic fix found for this entry. Restore point was successfully created. "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => removed successfully HKLM\Software\Classes\CLSID\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll" => not found "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll" => not found "Chrome HomePage" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\PremierOpinion => removed successfully PremierOpinion => service removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67326F6A-DAF4-403D-A689-0E3589ADA176}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD17905-62A1-4291-A526-FA3C48F69916}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65268CB6-BF11-4237-A176-E025C99D6D A4}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248605FB-F395-4A06-B7BC-FA98B3476600}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\chrome_installer.log => moved successfully Could not move "C:\Windows\Temp\MpCmdRun.log" => Scheduled to move on reboot. C:\Windows\Temp\sa.Microsoft.SkypeApp_kzf8qxf38zg5c_1__.Public.InstallAgent.dat => moved successfully C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2019 12:58:32) C:\Windows\Temp\MpCmdRun.log => Could not move ==== End of Fixlog 12:58:33 ==== ADW CLEANER LOG FILE: # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-23-2019 # Duration: 00:00:04 # OS: Windows 10 Pro # Cleaned: 32 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\WebDiscoverBrowser Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\jack\AppData\Local\WebDiscoverBrowser Deleted C:\Users\jack\AppData\Local\slimware utilities inc ***** [ Files ] ***** Deleted C:\Windows\SysWOW64\pmls.dll Deleted C:\Windows\System32\PMLS64.DLL ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F Deleted HKCU\Software\WebDiscoverBrowser Deleted HKCU\Software\csastats Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser Deleted HKLM\Software\WebDiscoverBrowser Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\.DEFAULT\Software\WebDiscoverBrowser Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-18\Software\WebDiscoverBrowser Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\java-runtime-environment-64.en.softonic.com Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\java-runtime-environment-64.en.softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted Search Manager ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [5686 octets] - [23/06/2019 13:04:08] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ROGUEKILLER LOG FILE: RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17763) 64 bits Started in : Normal mode User : jack [Administrator] Started from : C:\Users\jack\Desktop\RogueKiller_portable64.exe Signatures : 20190622_071611, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/06/23 13:44:36 (Duration : 00:18:55) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.SearchManager (Potentially Malicious)] Search Manager -- nahhmpbckpgdidfnmfkfgiflpjijilce -> Deleted With the RogueKiller programme I wasnt sure which version to install - I know it is 64 bit but it gave me the option of 'Installer' or 'Portable' versions and as the portable version differentiated between 32 and 64 bit I went for that. In doing so I found that none of the buttons were in the places you had described so I am not sure if the log posted will have what you might expect to see? Let me know and i can always try the installer version and report the resulting log file Many thanks Share this post Link to post Share on other sites
SuicideSolution Posted June 23, 2019 p.s. I meant to say that in order to remove the 'PremierOpinion' from the computer I searched for it and found that it only seemed to appear on the start up menu so I used the remove/uninstall option from here and it seems to have gone (on face value anyway?) Share this post Link to post Share on other sites
Juliet Posted June 24, 2019 You did good. If any of it is left it's been rendered useless. Let's check for remnants Please download the Malwarebytes Anti-Malware setup file to your Desktop. OR from this location Here Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator" After the installation IS complete let it update if it asks. Under SETTINGS.....APPLICATIONS leave everything at default Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on. Then go to the Dashboard and click on SCAN NOW If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the Reports tab. Double-click the Scan Log. At the bottom click Export and choose Text file. Save the file to your desktop and include its content in your next reply. You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here Then click on POST Exit Malwarebytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Emsisoft Emergency Kit - Fix Mode Follow the instructions below to run a scan using the Emsisoft Emergency Kit. Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder; Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); EEK will suggest that you run an online update before using the program. Click on Yes to launch it. After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes). Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button; If it asks you for a reboot to delete some items, click on Ok to reboot automatically; After the restart, open EEK again (in the C:\EEK folder); This time, click on Logs; From there, go under the Quarantine Log tab, and click on the Export button; Save the log on your desktop, then open it, and copy/paste its content in your next reply; Please post these 2 logs when finished. Also, tell me how the computer is now. Share this post Link to post Share on other sites
SuicideSolution Posted July 6, 2019 Hi Juliet, Apologies again for the slight delay in sorting your guidance but it sometimes is a couple of weeks before I am able to sit in front of the computer ... Anyways all done as instructed as below: Malware Bytes Log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 06/07/2019 Scan Time: 15:34 Log File: 329b9624-9ffb-11e9-b684-eca86bd6d5e5.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.11428 Licence: Trial -System Information- OS: Windows 10 (Build 17763.475) CPU: x64 File System: NTFS User: DESKTOP-O8IQLFD\jack -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 284251 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 4 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [2078], [476595],1.0.11428 Registry Value: 1 PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.SearchModule, C:\USERS\JACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_nahhmpbckpgdidfnmfkfgiflpjijilce_0.localstorage, Quarantined, [281], [453492],1.0.11428 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) EEK Log: Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us] OS: Windows 10 (Version 10.0, Build 17763, 64-bit Edition) Forensics log Date Component Action Details 06/07/2019 16:15:43 User Update Downloaded and installed 63 files (4394 kb) (21 min. 47 sec.). 06/07/2019 16:14:30 User DESKTOP-O8IQLFD\JACK Infection quarantined Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp". 06/07/2019 16:08:27 Scanner Scan finished Found 1 object , user to decide on further actions. 06/07/2019 16:01:53 Scanner Detection Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp" (SHA1: 19c0ab79e706c1d46cdaffcd11ed6f929de6724f) 06/07/2019 15:56:10 User DESKTOP-O8IQLFD\jack Scan started Malware Scan 06/07/2019 15:55:46 User DESKTOP-O8IQLFD\jack Setting modified "Detect PUPs" has been changed to "Enabled". 06/07/2019 15:55:41 User DESKTOP-O8IQLFD\jack Setting modified "Recommended readings & news" has been changed to "Enabled". 06/07/2019 15:54:03 User DESKTOP-O8IQLFD\jack Setting modified "Recommended readings & news" has been changed to "Disabled". 06/07/2019 15:53:56 Core Notification "Recommended Reading:9 critical cyber safety lessons to teach your kids". I had some trouble locating the Quarantine Log export option as it wasn't under the Quarantine Tab? I then went to logs and found an entry that said as above and so saved that. I then deleted the quarantined item and found an entry that read: 06/07/2019 16:43:25 Medium risk Malware "Adware.DealPly.1.Gen (B)" in "C:\Users\jack\AppData\Roaming\Lobus\trzCC02.tmp" deleted by user DESKTOP-O8IQLFD\JACK Overall the PC is better … start up can be a little slow but after a minute or two it seems to run reasonably ok. On more than one occasion the Microsoft Edge closed without any prompting, once or twice when I minimised it and another time when I first ran ?EEK (Perhaps a requirement of the scan procedure I put that down to?) Continued thanks for your help Loz Share this post Link to post Share on other sites
Juliet Posted July 6, 2019 What the last scans found weren't that alarming but we don't want that on the machine. Let's give this a day of regular use and see if those times of slacking get a bit better. Share this post Link to post Share on other sites
SuicideSolution Posted August 3, 2019 Hi Juliet Again apologies for delay ... I dont get as much time teching problems as I would like and the PC is at another house but I am told it is running better and smother than before to the satisfaction of the girlfriends son ... Thank you for all your help :) ... you are quality :) Share this post Link to post Share on other sites
Juliet Posted August 21, 2019 Glad we could help. Since this issue appears resolved ... this Topic is closed. Share this post Link to post Share on other sites
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
