Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Responding


  • Please log in to reply
20 replies to this topic

#1 Anp56

Anp56

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 04 January 2017 - 09:20 AM

Hi all.
 
Happy New Year.
 
Whenever i log in to Win 10 i keep getting: Start not responding, Facebook not responding or Msn not responding. Pretty much goes for anything i click on to view. It takes 10 or 20 seconds and then eventually loads.
 
Any help would be appreciated.
 
Cheers
 
Les


Mod Edit: Moved to Am I Infected forum from Win 10 Sup...~~boopme

Edited by boopme, 04 January 2017 - 04:37 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 04 January 2017 - 09:25 AM

Step 1: Speccy Scan.
 

  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will appear, post that link.

Step 2: MiniToolBox Scan


Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

Step 3: Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

 

Step 4: Security Check Scan.
 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.


#3 Rocky Bennett

Rocky Bennett

  • Members
  • 2,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:06:19 AM

Posted 04 January 2017 - 11:28 AM

What web browser are you using? You might want to try Google Chrome

 

https://www.google.com/chrome/

 

or my favorite, Firefox

 

https://www.mozilla.org/en-US/firefox/new/


594965_zpsp5exvyzm.png


#4 Anp56

Anp56
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 04 January 2017 - 12:21 PM

Step 1: Speccy Scan Results
 
http://speccy.piriform.com/results/153gIE5niE43EU2kQQPMdUu
 
Step 2: MiniBoxTool Scan
 
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Administrator (administrator) on 04-01-2017 at 15:49:36
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 10 Home  (X64)
Model: CQ2930EA Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
========================= IP Configuration: ================================
802.11n USB Wireless LAN Card = WiFi 3 (Connected)
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 22" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 20" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 23" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 21" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 18" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 19" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 17" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 25" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 15" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 24" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : GaiLes
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : default
Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : This Qualcomm Atheros network Controller connects you to the network.
   Physical Address. . . . . . . . . : 4C-72-B9-93-F8-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 24:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter #7
   Physical Address. . . . . . . . . : 7C-DD-90-70-54-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 25:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #8
   Physical Address. . . . . . . . . : 7C-DD-90-70-54-31
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter WiFi 3:
   Connection-specific DNS Suffix  . : default
   Description . . . . . . . . . . . : 802.11n USB Wireless LAN Card
   Physical Address. . . . . . . . . : 7C-DD-90-70-54-37
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::50fe:7a6:2f00:810e%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 02 January 2017 23:32:21
   Lease Expires . . . . . . . . . . : 06 January 2017 10:44:16
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 259841424
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-03-6F-52-4C-72-B9-93-F8-70
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1cad:4ba:3f57:fe8f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cad:4ba:3f57:fe8f%2(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 385875968
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-03-6F-52-4C-72-B9-93-F8-70
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.default:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : default
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  BrightBox.ee
Address:  192.168.1.1
Name:    google.com
Addresses:  2a00:1450:4009:800::200e
   216.58.204.14

Pinging google.com [216.58.210.46] with 32 bytes of data:
Reply from 216.58.210.46: bytes=32 time=18ms TTL=55
Reply from 216.58.210.46: bytes=32 time=10ms TTL=55
Ping statistics for 216.58.210.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 18ms, Average = 14ms
Server:  BrightBox.ee
Address:  192.168.1.1
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=97ms TTL=50
Reply from 98.139.183.24: bytes=32 time=91ms TTL=50
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 97ms, Average = 94ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...4c 72 b9 93 f8 70 ......This Qualcomm Atheros network Controller connects you to the network.
 25...7c dd 90 70 54 30 ......Microsoft Hosted Network Virtual Adapter #7
 18...7c dd 90 70 54 31 ......Microsoft Wi-Fi Direct Virtual Adapter #8
 19...7c dd 90 70 54 37 ......802.11n USB Wireless LAN Card
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.112     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.112    306
    192.168.1.112  255.255.255.255         On-link     192.168.1.112    306
    192.168.1.255  255.255.255.255         On-link     192.168.1.112    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.112    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.112    306
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  2    331 2001::/32                On-link
  2    331 2001:0:5ef5:79fb:1cad:4ba:3f57:fe8f/128
                                    On-link
 19    306 fe80::/64                On-link
  2    331 fe80::/64                On-link
  2    331 fe80::1cad:4ba:3f57:fe8f/128
                                    On-link
 19    306 fe80::50fe:7a6:2f00:810e/128
                                    On-link
  1    331 ff00::/8                 On-link
 19    306 ff00::/8                 On-link
  2    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/04/2017 03:44:30 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/04/2017 02:04:22 PM) (Source: ESENT) (User: )
Description: DllHost (2792) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery/restore failed with unexpected error -1216.
Error: (01/04/2017 02:04:22 PM) (Source: ESENT) (User: )
Description: DllHost (2792) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (01/04/2017 12:18:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GAILES)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (01/04/2017 12:14:46 PM) (Source: Application Hang) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: d4c
Start Time: 01d26682b10224dc
Termination Time: 555
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Report Id: 53c6bd22-d277-11e6-bfc6-4c72b993f870
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (01/03/2017 07:47:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GAILES)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (01/03/2017 05:40:59 PM) (Source: HP Active Health) (User: )
Description: Invalid or tampered assembly
Error: (01/03/2017 12:38:56 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/03/2017 12:32:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GAILES)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (01/02/2017 08:14:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GAILES)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (01/04/2017 03:20:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 02:54:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 01:44:36 PM) (Source: DCOM) (User: GAILES)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}GAILESAdministratorS-1-5-21-673946038-3257325301-1201602189-500LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/04/2017 01:00:27 PM) (Source: DCOM) (User: GAILES)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}GAILESAdministratorS-1-5-21-673946038-3257325301-1201602189-500LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/04/2017 11:34:55 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 11:29:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 11:24:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 11:19:23 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 11:14:11 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (01/04/2017 11:08:59 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Microsoft Office Sessions:
=========================
Error: (01/04/2017 03:44:30 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/04/2017 02:04:22 PM) (Source: ESENT)(User: )
Description: DllHost2792Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: -1216
Error: (01/04/2017 02:04:22 PM) (Source: ESENT)(User: )
Description: DllHost2792Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: -1216C:\Users\Administrator\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb
Error: (01/04/2017 12:18:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GAILES)
Description: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge
Error: (01/04/2017 12:14:46 PM) (Source: Application Hang)(User: )
Description: MicrosoftEdgeCP.exe11.0.14393.82d4c01d26682b10224dc555C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe53c6bd22-d277-11e6-bfc6-4c72b993f870Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
Error: (01/03/2017 07:47:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GAILES)
Description: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge
Error: (01/03/2017 05:40:59 PM) (Source: HP Active Health)(User: )
Description: Invalid or tampered assembly
Error: (01/03/2017 12:38:56 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/03/2017 12:32:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GAILES)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2144927142
Error: (01/02/2017 08:14:27 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GAILES)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

CodeIntegrity Errors:
===================================
  Date: 2016-12-14 19:58:44.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll that did not meet the Store signing level requirements.

=========================== Installed Programs ============================
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-56e965c8-282c-4a9f-9073-b9077ed63c91) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.50.9 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.151.1 - Intel Security)
Jewel Match 3 (HKLM-x32\...\WTA-c87e0b85-ad7f-461b-a4bd-aabe0dec37f4) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (HKLM-x32\...\WTA-48665ffe-4172-4c26-b227-7deb19347bca) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-d344d3e5-8cb9-4b74-a45a-30c8ab87f727) (Version: 2.2.0.98 - WildTangent) Hidden
Live! Cam Chat HD VF0790 Driver (1.00.07.00) (HKLM\...\Creative VF0790) (Version:  - Creative Technology Ltd.)
Mahjongg Artifacts (HKLM-x32\...\WTA-e34c5843-23b1-47f2-b044-5a5255a35a66) (Version: 2.2.0.110 - WildTangent) Hidden
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-bfee2653-b0a3-4322-ab12-4d6006dd7f68) (Version: 2.2.0.98 - WildTangent) Hidden
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Polar Bowler (HKLM-x32\...\WTA-5c5513ab-023d-43ea-a2ff-966284330963) (Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-c398a13b-ba0e-4e36-a4f4-2f494f81451b) (Version: 2.2.0.98 - WildTangent) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1609.107 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Trinklit Supreme (HKLM-x32\...\WTA-22aa8faf-b272-4230-93cd-8e8d3e52dd6a) (Version: 2.2.0.98 - WildTangent) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
Virtual Families (HKLM-x32\...\WTA-25843ac6-345d-4643-8d7a-008ee4be8806) (Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (HKLM-x32\...\WTA-0e4ff6d2-41c6-407c-a8da-c41e295a3813) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Zuma's Revenge (HKLM-x32\...\WTA-4cd3406a-ac84-4467-9ece-da11d94a5475) (Version: 2.2.0.98 - WildTangent) Hidden
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 62%
Total physical RAM: 3659.65 MB
Available physical RAM: 1374.45 MB
Total Virtual: 4475.85 MB
Available Virtual: 769.61 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:917.18 GB) (Free:811.11 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:12.07 GB) (Free:1.43 GB) NTFS
3 Drive e: (Driver) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
========================= Users: ========================================
User accounts for \\GAILES
Administrator            DefaultAccount           Guest                   

**** End of log ****

 

Step 3: Auto Run Scan

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "02/12/2016 17:33" ""
+ "WindowsDefender" "Windows Defender notification icon" "Microsoft Corporation" "c:\program files\windows defender\msascuil.exe" "07/09/2016 04:50" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "02/12/2016 19:28" ""
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" "22/08/2015 02:05" ""
+ "V0790Mon.exe" "Event Monitoring Applet" "Creative Technology Ltd." "c:\windows\v0790mon.exe" "06/07/2015 06:11" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "26/11/2016 14:13" ""
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner64.exe" "28/09/2016 16:22" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\administrator\appdata\local\microsoft\onedrive\onedrive.exe" "09/08/2016 18:30" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "15/11/2016 16:28" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "01/10/2016 11:30" ""
+ "Mediatek Wireless Utility.lnk" "Mediatek Wireless LAN Card Utility" "Mediatek Inc." "c:\program files (x86)\mediatekwifi\common\raui.exe" "11/01/2016 20:32" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "03/12/2016 14:46" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "16/07/2016 02:25" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "01/10/2016 11:07" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "16/07/2016 02:25" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "01/10/2016 11:07" ""
+ "Network Tray SSO" "" "" "c:\windows\syswow64\pnidui.dll" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "02/12/2016 19:28" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "07/09/2016 04:50" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "02/12/2016 17:33" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "07/09/2016 04:50" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "02/12/2016 17:33" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "07/09/2016 04:50" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "01/10/2016 11:11" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" "22/08/2015 02:06" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "01/10/2016 11:07" ""
+ "EnhancedStorageShell" "" "" "c:\windows\syswow64\ehstorshell.dll" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "15/11/2016 22:32" ""
+ "HP Network Check Helper" "HP Network Check IE Plug-in" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckpluginx64.dll" "27/05/2016 06:03" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "18/11/2016 17:45" ""
+ "HP Network Check Helper" "HP Network Check IE Plug-in" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll" "27/05/2016 06:01" ""
+ "{0F4B8786-5502-4803-8EBC-F652A1153BB6}" "True Key" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie.dll" "12/08/2016 21:25" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "01/10/2016 11:28" ""
+ "True Key" "True Key" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie.dll" "12/08/2016 21:25" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "01/10/2016 11:26" ""
+ "HP Network Check" "NCLauncherFromIE" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe" "17/05/2016 11:09" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "01/10/2016 11:28" ""
+ "HP Network Check" "NCLauncherFromIE" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe" "17/05/2016 11:09" ""
"Task Scheduler" "" "" "" "" ""
+ "\AMD Updater" "AMD Install Manager" "Advanced Micro Devices, Inc." "c:\program files\amd\cim\bin64\installmanagerapp.exe" "21/03/2016 14:07" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "28/09/2016 16:19" ""
+ "\Hewlett-Packard\HP Support Assistant\Product Configurator" "ProductConfig" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\productconfig.exe" "15/12/2016 06:52" ""
+ "\HPCeeScheduleForAdministrator" "HP Ceement" "HP Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe" "12/05/2016 15:31" ""
+ "\Microsoft\Windows\Defrag\ScheduledDefrag" "" "" "c:\windows\syswow64\defrag.exe" "" ""
+ "\Microsoft\Windows\Diagnosis\Scheduled" "" "" "c:\windows\syswow64\sdiagschd.dll" "" ""
X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" "" "" "c:\windows\syswow64\dfdwiz.exe" "" ""
+ "\Microsoft\Windows\Location\Notifications" "" "" "c:\windows\syswow64\locationnotificationwindows.exe" "" ""
+ "\Microsoft\Windows\Maps\MapsUpdateTask" "" "" "c:\windows\syswow64\mapsupdatetask.dll" "" ""
+ "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" "" "" "c:\windows\syswow64\memorydiagnostic.dll" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "16/07/2016 11:42" ""
X "\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate" "" "" "c:\windows\syswow64\sysmain.dll" "" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "16/07/2016 02:23" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "16/07/2016 02:23" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "16/07/2016 02:23" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "16/07/2016 02:23" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "16/07/2016 02:25" ""
X "\Microsoft\Windows\Workplace Join\Automatic-Device-Join" "" "" "c:\windows\syswow64\dsregcmd.exe" "" ""
+ "\Microsoft_Hardware_Launch_ipoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\ipoint.exe" "12/08/2016 07:56" ""
+ "\Microsoft_Hardware_Launch_itype_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\itype.exe" "12/08/2016 07:56" ""
+ "\Microsoft_Hardware_Launch_mousekeyboardcenter_exe" "Microsoft Mouse and Keyboard Center" "Microsoft" "c:\program files\microsoft mouse and keyboard center\mousekeyboardcenter.exe" "12/08/2016 07:53" ""
+ "\Microsoft_MKC_Logon_Task_ipoint.exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\ipoint.exe" "12/08/2016 07:56" ""
+ "\Microsoft_MKC_Logon_Task_itype.exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\itype.exe" "12/08/2016 07:56" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "04/01/2017 15:47" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "10/12/2016 23:16" ""
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "22/08/2015 01:48" ""
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe" "22/08/2015 02:09" ""
+ "AudioEndpointBuilder" "Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start" "" "c:\windows\syswow64\audioendpointbuilder.dll" "" ""
+ "BDESVC" "BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used.  Stopping or disabling the service would prevent users from leveraging this functionality." "" "c:\windows\syswow64\bdesvc.dll" "" ""
+ "fhsvc" "Protects user files from accidental loss by copying them to a backup location" "" "c:\windows\syswow64\fhsvc.dll" "" ""
+ "hpqcaslwmiex" "HP CASL Framework Service" "HP" "c:\program files (x86)\hp\shared\hpqwmiex.exe" "03/06/2016 21:45" ""
+ "HPRegistrationSvc" "HP Registration Service" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp registration service\hpregistrationservice.exe" "19/07/2012 12:18" ""
+ "HPSupportSolutionsFrameworkService" "This service allows for the detection of HP products and enables identification of support solutions for detected products." "HP Inc." "c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe" "06/12/2016 20:40" ""
+ "IntelBCAsvc" "Intel® Biometric and Context Agent Service" "Intel® Corporation" "c:\program files\intel\bca\pabesvc64.exe" "28/07/2016 17:16" ""
+ "KtmRm" "Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start." "" "c:\windows\syswow64\msdtckrm.dll" "" ""
+ "LanmanServer" "Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "" "c:\windows\syswow64\srvsvc.dll" "" ""
+ "MediatekRegistryWriter" "MediatekRegistryWriter" "Mediatek Inc." "c:\program files (x86)\mediatekwifi\common\raregistry.exe" "03/12/2014 20:32" ""
+ "MediatekRegistryWriter64" "MediatekRegistryWriter" "Mediatek Inc." "c:\program files (x86)\mediatekwifi\common\raregistry64.exe" "03/12/2014 20:32" ""
+ "NcdAutoSetup" "Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface." "" "c:\windows\syswow64\ncdautosetup.dll" "" ""
+ "RapportMgmtService" "IBM Security Trusteer Endpoint Protection Central Management and Monitoring Service" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe" "22/11/2016 18:28" ""
+ "RpcLocator" "In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility." "" "c:\windows\syswow64\locator.exe" "" ""
+ "RtkAudioService" "For cooperation with Realtek audio driver." "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkaudioservice64.exe" "18/06/2013 11:09" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "20/09/2016 12:51" ""
+ "svsvc" "Verifies potential file system corruptions." "" "c:\windows\syswow64\svsvc.dll" "" ""
+ "UmRdpService" "Allows the redirection of Printers/Drives/Ports for RDP connections" "" "c:\windows\syswow64\umrdp.dll" "" ""
+ "wbengine" "The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer." "" "c:\windows\syswow64\wbengine.exe" "" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "16/07/2016 02:24" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "16/07/2016 02:27" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries with other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "07/09/2016 04:41" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "04/01/2017 15:47" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "18/05/2015 22:28" ""
+ "acpitime" "" "" "c:\windows\syswow64\drivers\acpitime.sys" "" ""
+ "ADP80XX" "PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "09/04/2015 20:49" ""
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys" "22/08/2015 02:10" ""
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "22/08/2015 01:45" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "14/05/2015 12:14" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "11/12/2012 21:21" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "01/05/2015 00:55" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "09/04/2015 19:12" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "25/05/2016 07:03" ""
+ "bcmfn" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "08/06/2015 08:32" ""
+ "bcmfn2" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "16/03/2014 10:07" ""
+ "bowser" "Implements the kernel datagram receiver for the computer browser browser service." "" "c:\windows\syswow64\drivers\bowser.sys" "" ""
+ "bthhfhid" "" "" "c:\windows\syswow64\drivers\bthhfhid.sys" "" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "20/04/2016 09:54" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "15/04/2016 07:32" ""
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys" "02/12/2015 02:04" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "25/05/2016 07:01" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "26/03/2013 21:36" ""
+ "HTTP" "HTTP Service" "" "c:\windows\syswow64\drivers\http.sys" "" ""
+ "hwpolicy" "Contains Processor and other policies" "" "c:\windows\syswow64\drivers\hwpolicy.sys" "" ""
+ "iagpio" "Intel® Serial IO GPIO Controller Driver" "Intel® Corporation" "c:\windows\system32\drivers\iagpio.sys" "18/02/2016 07:35" ""
+ "iai2c" "Intel® Serial IO I2C Driver" "Intel® Corporation" "c:\windows\system32\drivers\iai2c.sys" "22/09/2015 06:53" ""
+ "iaLPSS2i_GPIO2" "Intel® Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "03/03/2016 02:06" ""
+ "iaLPSS2i_I2C" "Intel® Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "03/03/2016 02:06" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "02/02/2015 09:00" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "24/02/2015 15:52" ""
+ "iaStorAV" "Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "19/02/2015 12:08" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/04/2011 18:48" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "10/04/2016 13:46" ""
+ "IndirectKmd" "Kernel mode driver that implements the Indirect Displays framework." "" "c:\windows\syswow64\drivers\indirectkmd.sys" "" ""
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "30/07/2013 12:06" ""
+ "kbdclass" "" "" "c:\windows\syswow64\drivers\kbdclass.sys" "" ""
+ "kdnic" "" "" "c:\windows\syswow64\drivers\kdnic.sys" "" ""
+ "KMWDFILTER" "" "" "c:\windows\syswow64\drivers\kmwdfilter.sys" "" ""
+ "L1C" "Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller" "Qualcomm Atheros Co., Ltd." "c:\windows\system32\drivers\l1c63x64.sys" "01/04/2013 03:15" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "25/03/2015 19:36" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "28/03/2016 18:49" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "28/03/2016 18:49" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "15/03/2013 23:39" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "05/03/2015 02:36" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "22/07/2016 21:36" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "03/06/2013 22:02" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "10/04/2016 13:49" ""
+ "MMCSS" "@%systemroot%\system32\drivers\mmcss.sys,-101" "" "c:\windows\syswow64\drivers\mmcss.sys" "" ""
+ "MpKsl1620966d" "KSLDriver" "Microsoft Corporation" "c:\programdata\microsoft\windows defender\definition updates\{65794b99-25f6-4da0-bd11-8021e81b2f66}\mpksl1620966d.sys" "20/05/2015 01:50" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "23/05/2014 20:39" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "10/04/2016 13:46" ""
+ "NetAdapterCx" "" "" "c:\windows\syswow64\drivers\netadaptercx.sys" "" ""
+ "netr28ux" "MediaTek 802.11n Wireless Adapter Driver" "MediaTek Inc." "c:\windows\system32\drivers\netr28ux.sys" "14/11/2015 02:01" ""
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "21/04/2014 18:28" ""
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "21/04/2014 18:34" ""
+ "percsas2i" "" "" "c:\windows\syswow64\drivers\percsas2i.sys" "" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "04/03/2016 21:22" ""
+ "RapportCerberus_1609053" "RapportCerberus" "IBM Corp." "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_1609053.sys" "01/09/2016 14:46" ""
+ "RapportEI64" "RapportEI64" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys" "22/11/2016 18:34" ""
+ "RapportHades64" "RapportHades64" "IBM Corp." "c:\windows\system32\drivers\rapporthades64.sys" "22/11/2016 18:34" ""
+ "RapportKE64" "RapportKE" "IBM Corp." "c:\windows\system32\drivers\rapportke64.sys" "22/11/2016 18:34" ""
+ "RapportPG64" "RapportPG64" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys" "22/11/2016 18:34" ""
+ "RasAcd" "Remote Access Auto Connection Driver" "" "c:\windows\syswow64\drivers\rasacd.sys" "" ""
+ "RasSstp" "WAN Miniport (SSTP)" "" "c:\windows\syswow64\drivers\rassstp.sys" "" ""
+ "SDHookDriver" "" "" "c:\program files (x86)\spybot - search & destroy 2\sdhookdrv64.sys" "03/12/2013 11:56" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24/09/2008 18:28" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01/10/2008 21:56" ""
+ "ssudmdm" "@oem3.inf,%ssud.Service.Desc%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys" "02/12/2015 02:04" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "27/11/2012 00:02" ""
+ "swenum" "" "" "c:\windows\syswow64\drivers\swenum.sys" "" ""
+ "tcpipreg" "Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality." "" "c:\windows\syswow64\drivers\tcpipreg.sys" "" ""
+ "ufxsynopsys" "" "" "c:\windows\syswow64\drivers\ufxsynopsys.sys" "" ""
+ "V0790Vid" "@oem5.inf,%VideoServiceDescription% %DeviceDescription%.;Provides a software interface to control Live! Cam Chat HD VF0790." "Creative Technology Ltd." "c:\windows\system32\drivers\v0790vid.sys" "07/09/2015 09:41" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "22/04/2014 19:21" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "21/01/2013 19:00" ""
+ "WIMMount" "WIM Image mount service driver" "" "c:\windows\syswow64\drivers\wimmount.sys" "" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "10/04/2016 13:46" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "10/04/2016 13:46" ""
+ "ZAM_Guard" "ZAM" "Zemana Ltd." "c:\windows\system32\drivers\zamguard64.sys" "24/05/2016 09:38" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "01/10/2016 11:07" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "02/11/2016 10:31" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "01/10/2016 11:10" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "16/07/2016 02:26" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "01/10/2016 11:10" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "16/07/2016 01:41" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "16/07/2016 01:42" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "27/10/2016 12:55" ""
+ "{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E}" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax" "08/08/2012 14:12" ""
+ "{4A6E162C-6F51-4956-86D0-A72729178B9B}" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "08/08/2012 14:12" ""
+ "{854F4628-CE51-42C4-80E9-80DAE27FAAAE}" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "08/08/2012 14:12" ""
+ "{9E665ED7-958C-410C-9C56-05DA783E7933}" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" "08/08/2012 14:12" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "01/10/2016 11:40" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "16/07/2016 02:17" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "01/10/2016 11:26" ""
+ "McAfee.TrueKey.CredentialProvider" "McAfee TrueKey Credential Provider Dll" "McAfee, Inc." "c:\program files\truekey\mcafee.truekey.credentialprovider.dll" "17/08/2016 05:35" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "01/10/2016 11:28" ""
+ "HP Universal Port Monitor" "Port Monitor Server DLL" "Hewlett-Packard" "c:\windows\system32\hpbprtmon.dll" "08/08/2012 03:22" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "02/01/2017 21:24" ""
+ "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "" "" "File not found: C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter.exe" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "02/01/2017 21:24" ""
+ "livessp" "" "" "File not found: livessp" "" ""
 

 

Step 4: Security Check Scan

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 04.01.2017 17:14:55
Path starting: C:\Users\Administrator\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Administrator
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________
Windows 10(6.3.14393) (x64) Core Lang: English(0809)
Installation date OS: 01.10.2016 11:57:49
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.EXE
SystemDrive: C: FS: [NTFS] Capacity: [917.2 Gb] Used: [101.9 Gb] Free: [815.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 NPAPI v.24.0.0.186
--------------------------- [ RunningProcess ] ----------------------------
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe v.11.0.14393.576
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Intel Security True Key v.4.5.151.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games v.1.0.3.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Jewel Quest Solitaire 2 v.2.2.0.98 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------


#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 04 January 2017 - 12:42 PM

Step 1: Removal Of Useless Programs.

Remove these items with Geek Uninstaller.

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.50.9 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)



Step 2:Ccleaner

 

 

Clean up temp files and reduce startup load with CCleaner.
 

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.

 

Step 2A: Speedy fox

 

Unzip Speedy fox to desktop.

Close open Browsers.

Right Click Run as admin.

 

Step 3: Fix with Autoruns.


Right Click Autoruns -- Run as administrator -- and under the "Task Scheduler" tab -- uncheck these items.

 

+ "\AMD Updater" "AMD Install Manager" "Advanced Micro Devices, Inc." "c:\program files\amd\cim\bin64\installmanagerapp.exe" "21/03/2016 14:07" ""

+ "\Hewlett-Packard\HP Support Assistant\Product Configurator" "ProductConfig" "HP Inc." "c:\program files (x86)\hewlett-packard\hp support framework\resources\productconfig.exe" "15/12/2016 06:52" ""
+ "\HPCeeScheduleForAdministrator" "HP Ceement" "HP Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe" "12/05/2016 15:31" ""

+ "\Microsoft\Windows\Diagnosis\Scheduled" "" "" "c:\windows\syswow64\sdiagschd.dll" "" ""

+ "\Microsoft\Windows\Location\Notifications" "" "" "c:\windows\syswow64\locationnotificationwindows.exe" "" ""
+ "\Microsoft\Windows\Maps\MapsUpdateTask" "" "" "c:\windows\syswow64\mapsupdatetask.dll" "" ""
+ "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" "" "" "c:\windows\syswow64\memorydiagnostic.dll" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "16/07/2016 11:42" ""


+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "16/07/2016 02:25" ""

 


Step 4: Disable useless items.

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


 tnkjYlk.png

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

 

PO7tPc7.png

 

Step 5: Run Batch File.

Download and unzip internet Flush.zip to your desktop right click it run as Administrator.
Reboot machine after running this tool.

 

Step 6: Disable Tunnel Adapters.

Now disable tunnel adapters with this tool.

 

 

Step 7: Set A Strong DNS Server

Set your DNS to Google or Open DNS with this tool.

 

 

 

Step 8: Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

Step 9: JRT Scan.

 

 


Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Step 10: Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by InadequateInfirmity, 04 January 2017 - 12:52 PM.


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:19 AM

Posted 04 January 2017 - 01:06 PM

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
 
Why you should not use Registry Cleaners and Optimization Tools
 
There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.
 
Credit for this goes to Quietman7, one of our Global Moderators.
 
 
Security tools like ADWCleaner are not allowed to be used in the Windows forum, or any other security tools.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Anp56

Anp56
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 04 January 2017 - 02:18 PM

Hi dc3.

 

So all what i have been advised to do (above) is not advisable?

 

Cheers

 

Les



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:19 AM

Posted 04 January 2017 - 02:21 PM

You can do what has been requested, it won't hurt.  My comment wasn't intended for you.  


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 Anp56

Anp56
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 04 January 2017 - 02:24 PM

Ok, thank you



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 04 January 2017 - 04:22 PM

Be sure that in Easy Optimizer,,,Remote Registry (this is not usually enabled by default, but if is you can disable it for safety)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 04 January 2017 - 04:28 PM

Boopme, can you please move this thread to AII as I requested. :)



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 04 January 2017 - 04:38 PM

Moved to Am I Infected, meant to do that earlier.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 04 January 2017 - 05:21 PM

Thank you very much! :)



#14 Anp56

Anp56
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 04 January 2017 - 05:26 PM

JRT Scan

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Administrator (Administrator) on 04/01/2017 at 22:13:47.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Deleted the following from C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\obgmlb5h.default\prefs.js
user_pref(lightweightThemes.usedThemes, [{\id\:\197415\,\name\:\motorhead lemmy\,\headerURL\:\hxxps://addons.cdn.mozilla.net/user-media/addons/197415/PersonaHead
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/01/2017 at 22:20:23.64
End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Reset Host File
 
-|x| RstHosts v2.0 - Rapport créé le 04/01/2017 à 22:24:03
-|x| Système d'exploitation : Windows 10 Home  (64 bits)
-|x| Nom d'utilisateur : Administrator - GAILES (Administrateur)
-|x|- Informations -|x|-
Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 26/07/2012 - 05:26:52
Date de modification : 04/01/2017 - 22:24:00
Date de dernier accès : 04/01/2017 - 22:24:00
-|x|- Contenu du fichier -|x|-
# Fichier Hosts créé par RstHosts
127.0.0.1       localhost
::1             localhost
-|x|- E.O.F - C:\RstHosts.txt - 609 bytes -|x|-

 

 

I couldn't find where to download on the easy optimizer. Just kept taking me to other pages!

 

More to come



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 04 January 2017 - 05:35 PM

Here is the direct link for ESO.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users