Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update infection?


  • This topic is locked This topic is locked
12 replies to this topic

#1 jwcole1181

jwcole1181

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 February 2016 - 09:53 PM

So, my computer is probably teeming with malware, viruses, and everything else.  My computer has started freezing all the time and every time I restart it I get the windows update screen saying "please do not shut down your PC, windows is updating."  I know this is bullbleep, as there are no windows updates to install, and plus I don't need to update windows everyday all day. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Cleric of Helm (administrator) on LAPTOP (23-02-2016 21:44:32)
Running from C:\Users\Cleric of Helm\AppData\Local\Microsoft\Windows\INetCache\IE\MMN1QNF9
Loaded Profiles: Cleric of Helm (Available Profiles: Cleric of Helm)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA5440.tmp
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\...\Run: [BitTorrent] => C:\Users\Cleric of Helm\AppData\Roaming\BitTorrent\BitTorrent.exe [1698152 2015-08-19] (BitTorrent Inc.)
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\...\MountPoints2: {cb194206-5ad2-11e4-be88-24fd523e923b} - "D:\Setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
Startup: C:\Users\Cleric of Helm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.exe [2015-04-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 199.16.221.70 199.16.221.71
Tcpip\..\Interfaces\{843D86B2-37FC-4197-A8DE-ED02010F5B3E}: [DhcpNameServer] 8.8.8.8 8.8.4.4 199.16.221.70 199.16.221.71
Tcpip\..\Interfaces\{E978080E-9B8C-47D1-8AAD-F4A2E6F43715}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1502439129-952301949-3866729752-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1502439129-952301949-3866729752-1002 -> DefaultScope {E556A179-7D1E-4D49-A5F1-511323D5AF3B} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=B014AU662D20130617&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1502439129-952301949-3866729752-1002 -> {76F89507-406B-4C81-B90F-A60A6BF846D9} URL =
SearchScopes: HKU\S-1-5-21-1502439129-952301949-3866729752-1002 -> {E556A179-7D1E-4D49-A5F1-511323D5AF3B} URL = hxxps://au.search.yahoo.com/search?fr=mcafee&type=B014AU662D20130617&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-27] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-05-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-27] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Cleric of Helm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-04-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-17] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-25] (Acer Incorporate)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-26] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-06] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-19] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-24] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2016-02-23] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 15:13 - 2016-02-23 21:44 - 00000000 ____D C:\FRST
2016-02-23 14:33 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-02-23 14:33 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-02-23 14:33 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-02-23 14:33 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-02-23 14:33 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-02-23 14:33 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-02-23 14:33 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-02-23 14:33 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-02-23 14:33 - 2015-12-03 12:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-02-23 14:33 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-02-23 14:33 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-02-23 14:33 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-02-23 14:33 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-02-23 14:33 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-02-23 14:33 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-02-23 14:33 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-02-23 14:33 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-02-23 14:33 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-02-23 14:33 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-02-23 14:33 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-02-23 14:33 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-02-23 14:33 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-02-23 14:33 - 2015-08-26 21:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-23 14:33 - 2015-08-26 21:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-23 14:27 - 2015-09-29 07:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-02-23 14:24 - 2015-09-07 11:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-02-23 14:24 - 2015-09-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-02-23 14:24 - 2015-09-07 10:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-02-23 14:17 - 2015-09-24 11:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-02-23 14:17 - 2015-09-24 11:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-02-23 14:15 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-02-23 14:15 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-02-23 14:15 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-02-23 14:15 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-02-23 14:15 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-02-23 14:15 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-02-23 14:14 - 2016-02-23 14:16 - 05658013 _____ (Swearware) C:\Users\Cleric of Helm\Downloads\ComboFix.exe
2016-02-23 14:14 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-02-23 14:14 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-02-23 14:14 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-02-23 14:14 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-02-23 14:14 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-02-23 14:14 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-02-23 14:14 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-02-23 14:14 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-02-23 14:14 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-02-23 14:14 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-23 14:14 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-23 14:14 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-23 14:14 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-23 14:14 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-23 14:14 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-23 14:14 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-02-23 14:14 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-23 14:14 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-24 22:52 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-01-24 22:52 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-01-24 22:47 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-24 22:47 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-24 22:47 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-24 22:47 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-24 22:47 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-24 22:47 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-01-24 22:47 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-01-24 22:47 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-01-24 22:47 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2016-01-24 22:47 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-01-24 22:47 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-01-24 22:45 - 2015-12-09 19:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-24 22:45 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-24 22:45 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-24 22:45 - 2015-11-17 16:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-24 22:45 - 2015-10-11 01:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-01-24 22:45 - 2015-10-11 01:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2016-01-24 22:45 - 2015-10-11 01:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2016-01-24 22:45 - 2015-10-11 01:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-01-24 22:45 - 2015-10-11 01:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2016-01-24 22:45 - 2015-10-10 13:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2016-01-24 22:45 - 2015-10-10 13:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2016-01-24 22:45 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2016-01-24 22:45 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2016-01-24 22:45 - 2015-09-12 08:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-01-24 22:45 - 2015-07-09 11:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-01-24 22:42 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-01-24 22:42 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-24 22:42 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-01-24 22:42 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-01-24 22:42 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-01-24 22:42 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-01-24 22:42 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2016-01-24 22:42 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-01-24 22:42 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2016-01-24 22:42 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2016-01-24 22:42 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2016-01-24 22:40 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-24 22:40 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-24 22:40 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-01-24 22:40 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-24 22:40 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-24 22:40 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-01-24 22:40 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-01-24 22:40 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-01-24 22:40 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-01-24 22:40 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-01-24 22:40 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2016-01-24 22:40 - 2015-07-10 14:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-01-24 22:40 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 20:32 - 2014-10-16 05:10 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D99C155F-0FFA-4E47-A4D6-0D8A0C5401E9}
2016-02-23 18:03 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 18:00 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-23 18:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-23 17:47 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-23 17:31 - 2014-09-28 00:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-23 17:24 - 2014-09-28 00:26 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-23 17:19 - 2014-09-22 19:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1502439129-952301949-3866729752-1002
2016-02-23 17:10 - 2014-09-24 02:15 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-23 17:07 - 2014-09-22 19:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-23 17:05 - 2014-09-23 02:55 - 00000442 _____ C:\WINDOWS\Tasks\SlimDrivers Startup.job
2016-02-23 17:04 - 2014-09-23 02:55 - 00016152 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-02-23 17:00 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-23 17:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-23 16:55 - 2015-04-06 06:19 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-02-23 16:55 - 2015-04-06 06:19 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-23 16:54 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-23 14:37 - 2015-03-05 03:31 - 00000000 ____D C:\Users\Cleric of Helm\AppData\Local\Steam
2016-02-23 14:17 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-23 14:14 - 2015-02-21 03:17 - 00000000 ____D C:\ProgramData\MFAData
2016-02-23 14:10 - 2014-10-10 03:07 - 00000000 ____D C:\Users\Cleric of Helm
2016-02-23 14:06 - 2014-12-11 22:46 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-23 14:06 - 2014-09-24 04:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-02-23 08:13 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 21:37 - 2015-06-12 23:40 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2015-06-12 23:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-25 21:20 - 2014-10-15 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-25 12:46 - 2015-02-21 03:26 - 00000985 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2016-01-25 12:46 - 2015-02-21 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2015-04-20 06:41 - 2015-04-20 06:41 - 6103040 _____ () C:\Program Files (x86)\GUT79B3.tmp
2015-01-16 21:53 - 2015-01-16 21:53 - 0000000 _____ () C:\Users\Cleric of Helm\AppData\Local\{0769348F-BA85-405A-A28F-7275C30623B0}
2013-06-16 13:13 - 2013-06-16 13:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-23 17:22

==================== End of FRST.txt ============================

Attached Files


Edited by jwcole1181, 24 February 2016 - 12:19 AM.


BC AdBot (Login to Remove)

 


#2 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2016 - 12:19 AM

Sorry I forgot to add the attachment. 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 24 February 2016 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Remove this App by Ask via the Control Panel > Programs and Features applet.
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA5440.tmp
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Startup: C:\Users\Cleric of Helm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.exe [2015-04-01] ()
C:\Windows\System32\Macromed\Flash\FLA5440.tmp
C:\Users\Cleric of Helm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know what problem persists with this computer.

#4 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2016 - 10:15 AM

Ok, I did the above.  However, whenever I try to open fixlog it tells me that access is denied. I would attach the file as an attachment but, when I try, it tells me access is denied.  Thanks.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 24 February 2016 - 11:39 AM

This is a first for me.

Right click on the Fixlog.txt file and look at the properties.

Make sure you can read, write, etc... the file.

#6 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2016 - 12:22 PM

ok I got into the log file.

 

EmptyTemp: => 379.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:27:23 ====

 

Though I am still getting the erroneous windows is updating nonsense.



#7 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2016 - 01:01 PM

used Adwcleaner, it deleted some stuff.  Maybe this logfile will help.

 

 

# AdwCleaner v5.036 - Logfile created 24/02/2016 at 12:53:38
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Cleric of Helm - LAPTOP
# Running from : C:\Users\Cleric of Helm\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\15462420444190305410
[-] Folder Deleted : C:\Users\Cleric of Helm\AppData\Local\slimware utilities inc

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1332 bytes] - [24/02/2016 12:53:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [1683 bytes] - [21/02/2015 02:59:33]
C:\AdwCleaner\AdwCleaner[R1].txt - [3322 bytes] - [12/05/2015 00:21:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [1384 bytes] - [21/02/2015 03:02:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [3381 bytes] - [12/05/2015 00:27:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [1646 bytes] - [24/02/2016 12:38:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [1719 bytes] - [24/02/2016 12:42:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1843 bytes] ##########



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 24 February 2016 - 03:36 PM

Start an elevated command prompt. <- Open the Explorer locate CMD.EXE and run it as an Administrator.
Type the the following commands at the DOS prompt hitting enter after each line:

net stop wuauserv
cd %systemroot%
ren SoftwareDistribution SoftwareDistribution.old
net start wuauserv


Reboot normally

Try to install updates again
**Important** The following issues occur when you do this:
Updates that are currently downloaded but that have not yet been installed have to be downloaded again by using Windows Update or Microsoft Update.
When you delete the Software Distribution folder, your download history is removed.
If you currently receive updates from Microsoft Update and from Windows Update, you will have to re-select this option from the Windows Update Web site.
**Note** If the issue is resolved and you can successfully download and install updates, you can safely delete the SoftwareDistribution.old directory to recover disk space.

It is imperative that you let the update finish.
If you brake the cycle you will have the same problem next time you start the computer.

#9 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2016 - 05:21 PM

when I type in ren SoftwareDistribution SoftwareDistribution.old, in the command line, it says "Access is Denied"



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 25 February 2016 - 08:51 AM

Fist make sure you are logged in as the Administrator.

Make sure that you have stopped the service.
net stop wuauserv

Then thy Exit to return to the operaring system.

Open Explorer and navigate to c:\Windows folder

Right click on the SoftwareDistribution folder.

Look at the properties. Remove the Read only attibute. Click the apply button.

Return to C:\Windows\SoftwarDistribution folder and rename it to SoftwarDistribution.old

Accept the change.

Check the Microsoft updates.

When done

Return to the command prompt and execute

net start wuauserv

Restart the computer normally.

#11 jwcole1181

jwcole1181
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 25 February 2016 - 07:01 PM

Ok, still, when I go to change softwaredistribution to softwaredistribution.old. It says it is being used in another program. That is after I type net stop wuauserv in command line.  Also I click on the folder, softwaredistribution, and then hit properties.  I see that it is readonly, then I uncheck that box.  I hit apply, no problem, it applies the setting to a bunch of folders.  As soon as I look at its properties again, however, it has reverted back to readonly.  what the bleep?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 26 February 2016 - 08:09 AM

Go to this page.

http://www.blackmanticore.com/30becce9a227e690c0ae63bedc26c9be

TRY THIS Microsoft's supported way

The only truly supported way is to use Disk Cleanup, incorporated in every Windows-client version (Vista, Win7, Win8, ...):

Start Disk Cleanup: open Explorer, right-click the C-drive, Properties, and then there's the Disk Cleanup button.
If you're not running elevated, wait for the scan to complete, then click the Clean up System Files button. This will redo the scan.
When the scan is completed, you will be able to select to delete Windows Updates, which basically deletes the cached updates.
This is the preferred way to clean out the cache, but if you can't use Disk Cleanup, read on to the next part.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 03 March 2016 - 09:20 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users