Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues galore!


  • Please log in to reply
21 replies to this topic

#1 ririguy

ririguy

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 05 January 2017 - 01:56 AM

Ok, I have a HP Pavillion 15. It's 8months old. 

I managed to stupidly get the osiris virus the other week, luckily I back stuff up to external hardrive, so I installed malware bytes and CC Cleaner and other stuff advised by a friend and wiped laptop and purchased avast and sorted it all out. 
The past few days I have been getting a popup sometimes when I try and open a new tab. Mostly  weevah2.top/ but some porn sometimes.

avast and malwarebytes aren't finding anything? 

Also - 

 

My nans pc - it was windows 7, I spoke to microsoft online and they helped me to update to 10. Again I got her stuff backed up. Boxing day I was knackered and managed somehow to make more drives on the pc? I want to wipe it completely as she has A WHOLE HEAP of crap on it. But when I try and restore through the settings in control panel and choose "delete files" it is't able to do it, How else can I just wipe and start her PC from fresh?

LASTLY = is it normal for laptops to make noises? I know the fans make a noise, but I don't know if the noise mine makes is normal? Sounds like a very very very quiet fuzzing?


Edited by hamluis, 05 January 2017 - 06:24 AM.
Moved from W10 Spt to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 05 January 2017 - 02:37 AM

Mod Edit:  Split from https://www.bleepingcomputer.com/forums/t/576287/popups-replace-a-new-window - Hamluis.

 

Will all of this work for windows 10?


Edited by hamluis, 05 January 2017 - 06:20 AM.


#3 TheGreenGamers

TheGreenGamers

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 05 January 2017 - 10:22 PM

Everything should work, I've never come across a program that wouldn't work on Windows 10, even if the download site doesn't specifically state that the software works with it.



#4 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 08 January 2017 - 08:36 PM

Everything should work, I've never come across a program that wouldn't work on Windows 10, even if the download site doesn't specifically state that the software works with it.

Cheers i'll give it a go



#5 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 08 January 2017 - 09:04 PM

I've just noticed the used that helped the original poster is banned? :/

Can anyone else help? Please?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:02 AM

Posted 08 January 2017 - 10:09 PM

You may have infected yourself from what was backed up.

MiniToolBox[/b][/color][/url], save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list] SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 05:14 PM

You may have infected yourself from what was backed up.

MiniToolBox[/b][/color][/url], save it to your desktop and run it.

  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  •  
  •  
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list] SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  •  
  •  
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

 

Hey, do I do one then post result, then wait for reply?

Or do it all, copy logs and paste all together in one go? Sorry - I got learning difficulties. Not being daft on purpose 



#8 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 08:53 PM

You may have infected yourself from what was backed up.

MiniToolBox[/b][/color][/url], save it to your desktop and run it.

  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  •  
  •  
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list] SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  •  
  •  
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

 

Another question - how can I check if it's anything on my internal hard drive?



#9 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 09:06 PM

I seen on others people just posted so i'll do same. First result
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by riley (administrator) on 10-01-2017 at 02:04:20
Running from "C:\Users\riley\Downloads"
Microsoft Windows 10 Home  (X64)
Model: HP Pavilion 15 Notebook PC Manufacturer: HP
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3165 = WiFi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BigBlueMcGrue
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : DC-4A-3E-F8-BB-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : E0-94-67-C8-C4-0A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
   Physical Address. . . . . . . . . : E0-94-67-C8-C4-09
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::80f0:b7f5:5304:6c50%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 09 January 2017 01:53:19
   Lease Expires . . . . . . . . . . : 11 January 2017 00:57:42
   Default Gateway . . . . . . . . . : fe80::1%7
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 81826919
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-F4-66-18-DC-4A-3E-F8-BB-1F
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : E0-94-67-C8-C4-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3c97:2b1f:65c6:1a45(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c97:2b1f:65c6:1a45%15(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-F4-66-18-DC-4A-3E-F8-BB-1F
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{3EC3A629-388F-40D8-8A9F-1BDE10019514}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  192.168.1.254
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2a00:1450:4007:805::200e
 74.125.206.100
 74.125.206.138
 74.125.206.101
 74.125.206.139
 74.125.206.113
 74.125.206.102
 
 
Pinging google.com [74.125.206.101] with 32 bytes of data:
Reply from 74.125.206.101: bytes=32 time=13ms TTL=44
Reply from 74.125.206.101: bytes=32 time=14ms TTL=44
 
Ping statistics for 74.125.206.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server:  192.168.1.254
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=150ms TTL=45
Reply from 98.138.253.109: bytes=32 time=116ms TTL=45
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 116ms, Maximum = 150ms, Average = 133ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...dc 4a 3e f8 bb 1f ......Realtek PCIe FE Family Controller
  5...e0 94 67 c8 c4 0a ......Microsoft Wi-Fi Direct Virtual Adapter
  7...e0 94 67 c8 c4 09 ......Intel® Dual Band Wireless-AC 3165
 13...e0 94 67 c8 c4 0d ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.6     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    311
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    311
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    331 ::/0                     On-link
  7    311 ::/0                     fe80::1
  1    331 ::1/128                  On-link
 15    331 2001::/32                On-link
 15    331 2001:0:5ef5:79fb:3c97:2b1f:65c6:1a45/128
                                    On-link
  7    311 fe80::/64                On-link
 15    331 fe80::/64                On-link
 15    331 fe80::3c97:2b1f:65c6:1a45/128
                                    On-link
  7    311 fe80::80f0:b7f5:5304:6c50/128
                                    On-link
  1    331 ff00::/8                 On-link
  7    311 ff00::/8                 On-link
 15    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6031
 
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6031
 
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2017 07:19:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1611.18000, time stamp: 0x582f93e9
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c9a
Faulting process ID: 0xbd4
Faulting application start time: 0xMicrosoft.Photos.exe0
Faulting application path: Microsoft.Photos.exe1
Faulting module path: Microsoft.Photos.exe2
Report ID: Microsoft.Photos.exe3
Faulting package full name: Microsoft.Photos.exe4
Faulting package-relative application ID: Microsoft.Photos.exe5
 
Error: (01/09/2017 06:56:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1611.18000, time stamp: 0x582f93e9
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c9a
Faulting process ID: 0x1d40
Faulting application start time: 0xMicrosoft.Photos.exe0
Faulting application path: Microsoft.Photos.exe1
Faulting module path: Microsoft.Photos.exe2
Report ID: Microsoft.Photos.exe3
Faulting package full name: Microsoft.Photos.exe4
Faulting package-relative application ID: Microsoft.Photos.exe5
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15391
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15391
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2017 01:37:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11625
 
Error: (01/09/2017 01:37:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11625
 
 
System errors:
=============
Error: (01/09/2017 11:02:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 02:12:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 01:37:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 12:25:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 04:58:21 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 01:54:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 01:53:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/09/2017 01:53:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/08/2017 09:51:35 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/08/2017 01:45:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6031
 
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6031
 
Error: (01/09/2017 11:02:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2017 07:19:38 PM) (Source: Application Error)(User: )
Description: Microsoft.Photos.exe1.0.1611.18000582f93e9igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c9abd401d26aad4e85d4e2C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dlld53a0f23-f9c6-4f8e-b885-0b78860c302dMicrosoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbweApp
 
Error: (01/09/2017 06:56:39 PM) (Source: Application Error)(User: )
Description: Microsoft.Photos.exe1.0.1611.18000582f93e9igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c9a1d4001d26a1df25bab38C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dll455cdfba-5d29-48d0-bd55-2f0486ee84e4Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbweApp
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15391
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15391
 
Error: (01/09/2017 01:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2017 01:37:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11625
 
Error: (01/09/2017 01:37:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11625
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-12-29 07:14:47.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\PrintConfig.dll that did not meet the Store signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4508 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4508 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4508 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.26.62 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4}) (Version: 1.4.6 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{07a12c6f-97c2-4a0e-9dd6-50ffc08ff551}) (Version: 18.20.0000.3210 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{71095B37-F2D5-44A9-82D4-7E4E95DB3C43}) (Version: 17.1.1530.1676 - Intel Corporation)
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.103 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7584 - Realtek Semiconductor Corp.)
Safe Startup (HKLM\...\stgu) (Version: 4.05 - PrivacyRoot.com)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
Secret Disk (HKLM\...\sede) (Version: 3.12 - PrivacyRoot.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
System Ninja version 3.1.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.6 - SingularLabs)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.21 - Tweaking.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.65 - NCH Software)
Wipe (HKLM\...\wipe) (Version: 17.00 - PrivacyRoot.com)
Xperia Companion (HKLM-x32\...\{69fb49e3-2848-40e8-9fdd-8f02e02c327a}) (Version: 1.1.24.0 - Sony)
Xperia Companion (HKLM-x32\...\{A200B3A0-279C-4282-98D3-D2BF5B1E49AD}) (Version: 1.1.24.0 - Sony) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 65%
Total physical RAM: 8114.27 MB
Available physical RAM: 2802.13 MB
Total Virtual: 10178.46 MB
Available Virtual: 2871.97 MB
 
========================= Partitions: =====================================
 
1 Drive c: (WINDOWS) (Fixed) (Total:909.86 GB) (Free:821.98 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:20.4 GB) (Free:0.03 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BIGBLUEMCGRUE
 
Administrator            DefaultAccount           defaultuser0             
Guest                    riley                    
 
 
**** End of log ****


#10 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 09:13 PM

02:09:55.0312 0x2664  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
02:09:55.0312 0x2664  UEFI system
02:10:03.0319 0x2664  ============================================================
02:10:03.0319 0x2664  Current date / time: 2017/01/10 02:10:03.0319
02:10:03.0319 0x2664  SystemInfo:
02:10:03.0319 0x2664  
02:10:03.0319 0x2664  OS Version: 10.0.14393 ServicePack: 0.0
02:10:03.0319 0x2664  Product type: Workstation
02:10:03.0319 0x2664  ComputerName: BIGBLUEMCGRUE
02:10:03.0320 0x2664  UserName: riley
02:10:03.0320 0x2664  Windows directory: C:\WINDOWS
02:10:03.0320 0x2664  System windows directory: C:\WINDOWS
02:10:03.0320 0x2664  Running under WOW64
02:10:03.0320 0x2664  Processor architecture: Intel x64
02:10:03.0320 0x2664  Number of processors: 4
02:10:03.0320 0x2664  Page size: 0x1000
02:10:03.0320 0x2664  Boot type: Normal boot
02:10:03.0320 0x2664  CodeIntegrityOptions = 0x00000001
02:10:03.0320 0x2664  ============================================================
02:10:03.0695 0x2664  KLMD registered as C:\WINDOWS\system32\drivers\46372243.sys
02:10:03.0695 0x2664  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.576, osProperties = 0x19
02:10:04.0296 0x2664  System UUID: {863A8679-B5DD-F405-5B26-F58B82F2332A}
02:10:05.0744 0x2664  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:10:05.0771 0x2664  ============================================================
02:10:05.0771 0x2664  \Device\Harddisk0\DR0:
02:10:05.0772 0x2664  GPT partitions:
02:10:05.0772 0x2664  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9D461733-A6F3-41D6-93DD-CDE90464B320}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
02:10:05.0772 0x2664  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {71C2F960-10D1-40CE-81A5-FCEA9E11B1E5}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x40000
02:10:05.0772 0x2664  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5E6416A2-890B-4912-A46F-9CA714336D51}, Name: Basic data partition, StartLBA 0xC2800, BlocksNum 0x71BBA664
02:10:05.0772 0x2664  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6349B0D6-28AA-4603-AD2C-90BC85CD9538}, Name: , StartLBA 0x71C7D000, BlocksNum 0x1BB000
02:10:05.0773 0x2664  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BF61066B-6071-4A2E-93AD-886104B8139D}, Name: Basic data partition, StartLBA 0x71E38000, BlocksNum 0x28CD000
02:10:05.0773 0x2664  MBR partitions:
02:10:05.0773 0x2664  ============================================================
02:10:05.0834 0x2664  C: <-> \Device\Harddisk0\DR0\Partition3
02:10:05.0876 0x2664  D: <-> \Device\Harddisk0\DR0\Partition5
02:10:05.0876 0x2664  ============================================================
02:10:05.0876 0x2664  Initialize success
02:10:05.0876 0x2664  ============================================================
02:10:38.0379 0x2988  ============================================================
02:10:38.0379 0x2988  Scan started
02:10:38.0379 0x2988  Mode: Manual; 
02:10:38.0379 0x2988  ============================================================
02:10:38.0379 0x2988  KSN ping started
02:10:39.0124 0x2988  KSN ping finished: true
02:10:41.0069 0x2988  ================ Scan system memory ========================
02:10:41.0069 0x2988  System memory - ok
02:10:41.0071 0x2988  ================ Scan services =============================
02:10:41.0250 0x2988  1394ohci - ok
02:10:41.0260 0x2988  3ware - ok
02:10:41.0302 0x2988  [ 36E8D1E627D422241D903305B4008E9B, BD4BB52E98302A71A217DDE85102DBFBD04A59CEE9BAD7AF1138BF453889D6EA ] Accelerometer   C:\WINDOWS\System32\drivers\Accelerometer.sys
02:10:41.0460 0x2988  Accelerometer - ok
02:10:41.0562 0x2988  ACPI - ok
02:10:41.0603 0x2988  AcpiDev - ok
02:10:41.0633 0x2988  acpiex - ok
02:10:41.0644 0x2988  acpipagr - ok
02:10:41.0669 0x2988  AcpiPmi - ok
02:10:41.0684 0x2988  acpitime - ok
02:10:41.0824 0x2988  [ 6F3C49799F770075E339E92B9B14AF21, 96295CA42275D7C22FEDC9567E8CCA4AB6584B7D38B4D1D62CCF197CA539C8A3 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:10:41.0852 0x2988  AdobeFlashPlayerUpdateSvc - ok
02:10:41.0895 0x2988  ADP80XX - ok
02:10:41.0922 0x2988  AFD - ok
02:10:41.0931 0x2988  ahcache - ok
02:10:41.0960 0x2988  AJRouter - ok
02:10:41.0978 0x2988  ALG - ok
02:10:42.0017 0x2988  AmdK8 - ok
02:10:42.0041 0x2988  AmdPPM - ok
02:10:42.0053 0x2988  amdsata - ok
02:10:42.0059 0x2988  amdsbs - ok
02:10:42.0075 0x2988  amdxata - ok
02:10:42.0090 0x2988  AppID - ok
02:10:42.0128 0x2988  AppIDSvc - ok
02:10:42.0141 0x2988  Appinfo - ok
02:10:42.0169 0x2988  applockerfltr - ok
02:10:42.0183 0x2988  AppReadiness - ok
02:10:42.0195 0x2988  AppXSvc - ok
02:10:42.0208 0x2988  arcsas - ok
02:10:42.0272 0x2988  [ 9B480B472D6826E7257C90E2D0EE2954, C52C198602D180011A9345AE6F108EC4B1FD91234AF2E6296B2E39C1888B0D4D ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
02:10:42.0275 0x2988  aswHwid - ok
02:10:42.0309 0x2988  [ 06362BBA1347CBA0996F4B39BB1D8353, 0C6B7B085F13FB7C71E2AF481CD216C6ACB63577DC7E2793182F734378C141DA ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
02:10:42.0312 0x2988  aswKbd - ok
02:10:42.0350 0x2988  [ 1BB00571CC2C78463ABD7E9C32970758, BF523468754CB1628D66F28B06FAF7C545C5724801B04888517A2FB4BF9582BF ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
02:10:42.0421 0x2988  aswMonFlt - ok
02:10:42.0499 0x2988  [ 75325BC6BE15471331FFCEEC14E1DA03, 68A9DC2C4518DBAD54E60B7C89F713DD9FD287D42CFC75700D44A5B8CA4AED0F ] aswNetSec       C:\WINDOWS\system32\drivers\aswNetSec.sys
02:10:42.0519 0x2988  aswNetSec - ok
02:10:42.0540 0x2988  [ 7010B57D708DA5C9686A5923EE621776, 5A554B8941C156EC341C602F34679A7475802B19EE6A99AA29AE2628A123ECB1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
02:10:42.0545 0x2988  aswRdr - ok
02:10:42.0584 0x2988  [ 937885085BFE5BD08EC1BC0245DD203B, 6DDD89245EEA3B8106C5F2EB6FA8CF525F3B42AA7032276DE78953E06FE7F4B4 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
02:10:42.0588 0x2988  aswRvrt - ok
02:10:42.0648 0x2988  [ 0B6352251C5D84130DF4252D33D266C2, C6A2E0074A7FCFB5799949431F5660B9AF6441001EA9B609F7B3900F4007EBD0 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
02:10:42.0671 0x2988  aswSnx - ok
02:10:42.0695 0x2988  [ 28213B34725B18387CC1B8C3D73858A1, D86113D89C62F090B393B68B522581248AEF3568F8FD0FF86B3625F2E6DD4DB8 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
02:10:42.0706 0x2988  aswSP - ok
02:10:42.0743 0x2988  [ 9C58B6E9663D0A76D00D83E43C765BDF, 3F474932E77318CD450A3A9C89667D2B26A7E3FAB9AA95D97FF3B1979623A7F2 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
02:10:42.0748 0x2988  aswStm - ok
02:10:42.0782 0x2988  [ D60D9201739400F0FBDB9E36A3212D91, 01A17516AB7F4D2C72E2DC51F7B49D1C4F50F564992F78A71E73821D7F8220E7 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
02:10:42.0789 0x2988  aswVmm - ok
02:10:42.0815 0x2988  AsyncMac - ok
02:10:42.0862 0x2988  atapi - ok
02:10:42.0895 0x2988  AudioEndpointBuilder - ok
02:10:42.0912 0x2988  Audiosrv - ok
02:10:42.0987 0x2988  [ F4E0580B5789474385E7ACB189C4AF2C, DB5BE2C852AC102AB8EB186362E582E250B843BA52B3B71AF08A5FDA8A6F91AF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:10:43.0002 0x2988  avast! Antivirus - ok
02:10:43.0046 0x2988  [ CAA9BB913356E9FD56761C9352B7054B, E810C6EE0673BEBCF9C74223D120589E8441CB1B74D25A7E10554B6EA96D6909 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
02:10:43.0055 0x2988  avast! Firewall - ok
02:10:43.0096 0x2988  AxInstSV - ok
02:10:43.0122 0x2988  b06bdrv - ok
02:10:43.0151 0x2988  BasicDisplay - ok
02:10:43.0167 0x2988  BasicRender - ok
02:10:43.0197 0x2988  bcmfn - ok
02:10:43.0229 0x2988  bcmfn2 - ok
02:10:43.0262 0x2988  BDESVC - ok
02:10:43.0283 0x2988  Beep - ok
02:10:43.0306 0x2988  BFE - ok
02:10:43.0322 0x2988  BITS - ok
02:10:43.0372 0x2988  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:10:43.0386 0x2988  Bonjour Service - ok
02:10:43.0395 0x2988  bowser - ok
02:10:43.0405 0x2988  BrokerInfrastructure - ok
02:10:43.0429 0x2988  Browser - ok
02:10:43.0447 0x2988  BthA2DP - ok
02:10:43.0491 0x2988  BthAvrcpTg - ok
02:10:43.0510 0x2988  BthEnum - ok
02:10:43.0551 0x2988  BthHFAud - ok
02:10:43.0567 0x2988  BthHFEnum - ok
02:10:43.0584 0x2988  bthhfhid - ok
02:10:43.0609 0x2988  BthHFSrv - ok
02:10:43.0643 0x2988  BthLEEnum - ok
02:10:43.0669 0x2988  BTHMODEM - ok
02:10:43.0679 0x2988  BthPan - ok
02:10:43.0685 0x2988  BTHPORT - ok
02:10:43.0721 0x2988  bthserv - ok
02:10:43.0728 0x2988  BTHUSB - ok
02:10:43.0785 0x2988  buttonconverter - ok
02:10:43.0803 0x2988  CapImg - ok
02:10:43.0834 0x2988  cdfs - ok
02:10:43.0866 0x2988  CDPSvc - ok
02:10:43.0873 0x2988  CDPUserSvc - ok
02:10:43.0951 0x2988  cdrom - ok
02:10:43.0984 0x2988  CertPropSvc - ok
02:10:44.0032 0x2988  cht4iscsi - ok
02:10:44.0041 0x2988  cht4vbd - ok
02:10:44.0080 0x2988  circlass - ok
02:10:44.0098 0x2988  CLFS - ok
02:10:44.0116 0x2988  ClipSVC - ok
02:10:44.0136 0x2988  clreg - ok
02:10:44.0253 0x2988  [ 228CB7727EC19833A74DAA5BE8627114, 7ABDEABF648C0CF04C736D9F1056CD54D5913837E1543CC358FDDFA9389934EC ] clwvd6          C:\WINDOWS\system32\DRIVERS\clwvd6.sys
02:10:44.0433 0x2988  clwvd6 - ok
02:10:44.0451 0x2988  CmBatt - ok
02:10:44.0467 0x2988  CNG - ok
02:10:44.0485 0x2988  cnghwassist - ok
02:10:44.0580 0x2988  CompositeBus - ok
02:10:44.0591 0x2988  COMSysApp - ok
02:10:44.0626 0x2988  condrv - ok
02:10:44.0652 0x2988  CoreMessagingRegistrar - ok
02:10:44.0747 0x2988  [ 94F87813DC2248043C1745DC640F19FB, 3A3FAF6BC58410D607FC88BD3B33BF12DA77E1B1D23F479C5B261E6B5FCB0413 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
02:10:46.0353 0x2988  cphs - ok
02:10:46.0404 0x2988  CryptSvc - ok
02:10:46.0418 0x2988  dam - ok
02:10:46.0446 0x2988  DcomLaunch - ok
02:10:46.0488 0x2988  DcpSvc - ok
02:10:46.0541 0x2988  defragsvc - ok
02:10:46.0560 0x2988  DeviceAssociationService - ok
02:10:46.0578 0x2988  DeviceInstall - ok
02:10:46.0607 0x2988  DevQueryBroker - ok
02:10:46.0621 0x2988  Dfsc - ok
02:10:46.0639 0x2988  Dhcp - ok
02:10:46.0695 0x2988  diagnosticshub.standardcollector.service - ok
02:10:46.0724 0x2988  DiagTrack - ok
02:10:46.0774 0x2988  disk - ok
02:10:46.0814 0x2988  DmEnrollmentSvc - ok
02:10:46.0823 0x2988  dmvsc - ok
02:10:46.0863 0x2988  dmwappushservice - ok
02:10:46.0895 0x2988  Dnscache - ok
02:10:46.0908 0x2988  dot3svc - ok
02:10:46.0928 0x2988  DPS - ok
02:10:46.0967 0x2988  [ C1283B0BEE35F9AF3511E0EBA71F311C, 542D560B654EA4E4708837231A4A967FB4DF5CDB190B7D763E92B1F6FCB255B4 ] dptf_cpu        C:\WINDOWS\System32\drivers\dptf_cpu.sys
02:10:47.0090 0x2988  dptf_cpu - ok
02:10:47.0131 0x2988  drmkaud - ok
02:10:47.0184 0x2988  DsmSvc - ok
02:10:47.0208 0x2988  DsSvc - ok
02:10:47.0224 0x2988  DXGKrnl - ok
02:10:47.0256 0x2988  EapHost - ok
02:10:47.0272 0x2988  ebdrv - ok
02:10:47.0287 0x2988  EFS - ok
02:10:47.0323 0x2988  EhStorClass - ok
02:10:47.0354 0x2988  EhStorTcgDrv - ok
02:10:47.0423 0x2988  embeddedmode - ok
02:10:47.0454 0x2988  EntAppSvc - ok
02:10:47.0501 0x2988  ErrDev - ok
02:10:47.0664 0x2988  [ 8A00CC653B8F02503C250FC1B9475807, 496517DD9E0BFFE03701E813EB7732578482ABA808771BE7889A27E1E2FEB647 ] esifsvc         C:\WINDOWS\SysWoW64\esif_uf.exe
02:10:47.0695 0x2988  esifsvc - ok
02:10:47.0715 0x2988  [ 99984B5D3378F8236F3A85E51ACEDD16, 73EE5B93C27C09F15BBAEADC8A293CB14FDD1E3DC65DDC0C665549D71F307D33 ] esif_lf         C:\WINDOWS\system32\DRIVERS\esif_lf.sys
02:10:47.0721 0x2988  esif_lf - ok
02:10:47.0753 0x2988  [ 4D7F3114147C31390262F19F74E5BF07, E89F5304149B51327DFE1314AE13352923B752BC24585FF42F28EF5F00936A6A ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
02:10:48.0314 0x2988  ESProtectionDriver - ok
02:10:48.0358 0x2988  EventSystem - ok
02:10:48.0488 0x2988  [ 6DCB7233AAD29E43331B3ECFCC8FB8D1, A8E203BB774A4E055C871E9A28F958287A75E8BEA42496E6BA9983063CF6C539 ] EvtEng          c:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:10:48.0513 0x2988  EvtEng - ok
02:10:48.0527 0x2988  exfat - ok
02:10:48.0544 0x2988  fastfat - ok
02:10:48.0570 0x2988  Fax - ok
02:10:48.0608 0x2988  fdc - ok
02:10:48.0634 0x2988  fdPHost - ok
02:10:48.0643 0x2988  FDResPub - ok
02:10:48.0664 0x2988  fhsvc - ok
02:10:48.0691 0x2988  FileCrypt - ok
02:10:48.0696 0x2988  FileInfo - ok
02:10:48.0752 0x2988  Filetrace - ok
02:10:48.0787 0x2988  flpydisk - ok
02:10:48.0806 0x2988  FltMgr - ok
02:10:48.0844 0x2988  FontCache - ok
02:10:48.0943 0x2988  FontCache3.0.0.0 - ok
02:10:48.0983 0x2988  FrameServer - ok
02:10:49.0019 0x2988  FsDepends - ok
02:10:49.0036 0x2988  Fs_Rec - ok
02:10:49.0051 0x2988  fvevol - ok
02:10:49.0103 0x2988  gencounter - ok
02:10:49.0163 0x2988  genericusbfn - ok
02:10:49.0186 0x2988  GPIOClx0101 - ok
02:10:49.0207 0x2988  gpsvc - ok
02:10:49.0236 0x2988  GpuEnergyDrv - ok
02:10:49.0353 0x2988  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:10:49.0365 0x2988  gupdate - ok
02:10:49.0384 0x2988  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:10:49.0390 0x2988  gupdatem - ok
02:10:49.0430 0x2988  HDAudBus - ok
02:10:49.0444 0x2988  HidBatt - ok
02:10:49.0469 0x2988  HidBth - ok
02:10:49.0496 0x2988  hidi2c - ok
02:10:49.0503 0x2988  hidinterrupt - ok
02:10:49.0537 0x2988  HidIr - ok
02:10:49.0566 0x2988  hidserv - ok
02:10:49.0581 0x2988  HidUsb - ok
02:10:49.0606 0x2988  HomeGroupListener - ok
02:10:49.0632 0x2988  HomeGroupProvider - ok
02:10:49.0664 0x2988  [ 3E28EE56DEC5678EC088752B91C05ADF, 1F80E7162BF80C66C5E58DD40513877579324FE4387044DC2A335F4320E8DFC7 ] hpdskflt        C:\WINDOWS\system32\drivers\hpdskflt.sys
02:10:49.0667 0x2988  hpdskflt - ok
02:10:49.0784 0x2988  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
02:10:49.0806 0x2988  hpqwmiex - ok
02:10:49.0876 0x2988  HpSAMD - ok
02:10:49.0905 0x2988  [ 2456CAA57C1DBF8DD4AAB89A293F9F26, 8996E639C3FB13D90DC6304563C69F7C46EC5E053BAFEE0E0A9F999093FC31E9 ] hpsrv           C:\WINDOWS\system32\Hpservice.exe
02:10:51.0674 0x2988  hpsrv - ok
02:10:51.0745 0x2988  [ 5D664AB70F56CFBDD0CA2DE397AEBDA9, 397F433F108506E2397AC635654ACA7E4D0D7ADE70967A60E881234351FB81F0 ] HPSupportSolutionsFrameworkService c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
02:10:51.0747 0x2988  HPSupportSolutionsFrameworkService - ok
02:10:51.0804 0x2988  [ F219227D6D2B869D631DBF5D99C3F12E, ACB779660F1C1FCF062A3899093C13B4C8D5D75B1880DE831285E15B15937932 ] HPWMISVC        c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
02:10:51.0821 0x2988  HPWMISVC - ok
02:10:51.0850 0x2988  HTTP - ok
02:10:51.0904 0x2988  HvHost - ok
02:10:52.0056 0x2988  hvservice - ok
02:10:52.0061 0x2988  hwpolicy - ok
02:10:52.0174 0x2988  hyperkbd - ok
02:10:52.0211 0x2988  i8042prt - ok
02:10:52.0222 0x2988  iagpio - ok
02:10:52.0255 0x2988  iai2c - ok
02:10:52.0282 0x2988  iaLPSS2i_GPIO2 - ok
02:10:52.0308 0x2988  iaLPSS2i_I2C - ok
02:10:52.0324 0x2988  iaLPSSi_GPIO - ok
02:10:52.0365 0x2988  iaLPSSi_I2C - ok
02:10:52.0465 0x2988  [ 827933B762F90EB4E7690D4484190D77, 7400FA7CB1FDCC3142D9F56156C41427FB394CA32BC8887D17B1FB2DFC962C34 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
02:10:52.0489 0x2988  iaStorA - ok
02:10:52.0519 0x2988  iaStorAV - ok
02:10:52.0554 0x2988  [ F28CAA094A64E02E8EA9F42C81D4482E, B5908752FFEB9509C52436B520C2D56CDB4E180D84462ECD7FEA9F074D780093 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:10:52.0555 0x2988  IAStorDataMgrSvc - ok
02:10:52.0573 0x2988  iaStorV - ok
02:10:52.0601 0x2988  ibbus - ok
02:10:52.0609 0x2988  ibtsiva - ok
02:10:52.0653 0x2988  [ 606148419C4F99C3102E1EF5E3AFC72A, 63DB5D2ABFB3A0F048B87FCF4B32C4B862F396DDBD3AC5E52951648C99BEC3DD ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
02:10:52.0671 0x2988  ibtusb - ok
02:10:52.0702 0x2988  icssvc - ok
02:10:52.0902 0x2988  [ AEFF8BE94EBA58138962BE3F448F55D4, F7E431A780555A547989A62D3088DB71633EE92C5BF3767588EE6E2DB285254A ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
02:10:53.0102 0x2988  igfx - ok
02:10:53.0136 0x2988  [ D6A81B59C0A91CEC8F379AB4A4502AFE, C68D3F1FCCC2F6AD69A572C783FFF90FB706C886C4C37C3528D51770B3DE5D24 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
02:10:53.0293 0x2988  igfxCUIService2.0.0.0 - ok
02:10:53.0329 0x2988  IKEEXT - ok
02:10:53.0369 0x2988  IndirectKmd - ok
02:10:53.0567 0x2988  [ 8D1B4A683A73B57D84CB0F2DB6AAB32D, DD56FDFD648CA37B9BB58A1011C39709DFB16ADC17A190B2EA9BB6866B102073 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
02:10:54.0102 0x2988  IntcAzAudAddService - ok
02:10:54.0141 0x2988  [ C8D2B9B619E5A1E33C0A5CA8F0870298, F61941F2B6C65BDEF17514F0D991EA11D8F3D4B959DAA47C483277C63E910733 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
02:10:54.0152 0x2988  IntcDAud - ok
02:10:54.0220 0x2988  [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
02:10:54.0243 0x2988  Intel® Capability Licensing Service TCP IP Interface - ok
02:10:54.0290 0x2988  [ 869C4DB06F3CB5607B9C849289F09B10, E26668C3D61E4A07AE8BE10267E28FC3DFF904562E2EBC3C3B6C857DD4BC8DEC ] Intel® WiDi SAM C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
02:10:54.0296 0x2988  Intel® WiDi SAM - ok
02:10:54.0321 0x2988  [ 72586E6D6DD4144D0C4CBD9D2653BBED, 3EE3CBB98D7A2CEEC92A86D5D2F49733BB1FD42F45CDE8973B71022E57093BBA ] IntelHSWPcc     C:\WINDOWS\system32\drivers\IntelPcc.sys
02:10:54.0330 0x2988  IntelHSWPcc - ok
02:10:54.0386 0x2988  intelide - ok
02:10:54.0409 0x2988  intelpep - ok
02:10:54.0431 0x2988  intelppm - ok
02:10:54.0449 0x2988  iorate - ok
02:10:54.0461 0x2988  IpFilterDriver - ok
02:10:54.0477 0x2988  iphlpsvc - ok
02:10:54.0490 0x2988  IPMIDRV - ok
02:10:54.0509 0x2988  IPNAT - ok
02:10:54.0516 0x2988  irda - ok
02:10:54.0523 0x2988  IRENUM - ok
02:10:54.0539 0x2988  irmon - ok
02:10:54.0575 0x2988  isapnp - ok
02:10:54.0594 0x2988  iScsiPrt - ok
02:10:54.0655 0x2988  [ 58C50806D92BB4F55ED97CE80FB6B450, A724E518E72CD545BE027F5492CE841CE17F5150FB350D4D814323D808908FEB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
02:10:54.0660 0x2988  jhi_service - ok
02:10:54.0684 0x2988  kbdclass - ok
02:10:54.0703 0x2988  kbdhid - ok
02:10:54.0718 0x2988  kdnic - ok
02:10:54.0746 0x2988  KeyIso - ok
02:10:54.0753 0x2988  KSecDD - ok
02:10:54.0767 0x2988  KSecPkg - ok
02:10:54.0794 0x2988  ksthunk - ok
02:10:54.0835 0x2988  KtmRm - ok
02:10:54.0862 0x2988  LanmanServer - ok
02:10:54.0890 0x2988  LanmanWorkstation - ok
02:10:54.0930 0x2988  lfsvc - ok
02:10:54.0953 0x2988  LicenseManager - ok
02:10:54.0973 0x2988  lltdio - ok
02:10:54.0984 0x2988  lltdsvc - ok
02:10:55.0013 0x2988  lmhosts - ok
02:10:55.0064 0x2988  LSI_SAS - ok
02:10:55.0104 0x2988  LSI_SAS2i - ok
02:10:55.0126 0x2988  LSI_SAS3i - ok
02:10:55.0135 0x2988  LSI_SSS - ok
02:10:55.0159 0x2988  LSM - ok
02:10:55.0169 0x2988  luafv - ok
02:10:55.0180 0x2988  MapsBroker - ok
02:10:55.0195 0x2988  [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
02:10:55.0199 0x2988  MBAMChameleon - ok
02:10:55.0235 0x2988  [ F3960CA85778E5D7611EE0F501972340, 0DE5C8509A9A66C8185B9FAA7EAF69C0FA9C28CD9DE84AA23E128E4FF8E06BF4 ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
02:10:55.0243 0x2988  MBAMFarflt - ok
02:10:55.0267 0x2988  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
02:10:55.0271 0x2988  MBAMProtection - ok
02:10:55.0437 0x2988  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
02:10:55.0548 0x2988  MBAMService - ok
02:10:55.0591 0x2988  [ ABB371D9AEF728B0489B0E6872B4A1C0, E9539A4F85FE30F5BAED742778CA74C879995728668ABE6877C37633716D8770 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
02:10:55.0605 0x2988  MBAMSwissArmy - ok
02:10:55.0630 0x2988  [ 205C2D377E1CA85A4465491DB8064DA9, 0C69C6C958D8E26A6C6CCF2254E8B531BE718AD7FCFEB970F6F09426CA6C8C26 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
02:10:55.0634 0x2988  MBAMWebProtection - ok
02:10:55.0687 0x2988  megasas - ok
02:10:55.0724 0x2988  megasas2i - ok
02:10:55.0753 0x2988  megasr - ok
02:10:55.0788 0x2988  [ 296C443FCC228EA643ED310465772820, 4846A29DD631E2E253560E7A28439AE11F244AB77F0C826AD56EA485577DBDD6 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
02:10:55.0883 0x2988  MEIx64 - ok
02:10:55.0925 0x2988  MessagingService - ok
02:10:56.0009 0x2988  mlx4_bus - ok
02:10:56.0044 0x2988  MMCSS - ok
02:10:56.0077 0x2988  Modem - ok
02:10:56.0103 0x2988  monitor - ok
02:10:56.0121 0x2988  mouclass - ok
02:10:56.0175 0x2988  mouhid - ok
02:10:56.0195 0x2988  mountmgr - ok
02:10:56.0210 0x2988  mpsdrv - ok
02:10:56.0228 0x2988  MpsSvc - ok
02:10:56.0251 0x2988  MRxDAV - ok
02:10:56.0287 0x2988  mrxsmb - ok
02:10:56.0306 0x2988  mrxsmb10 - ok
02:10:56.0319 0x2988  mrxsmb20 - ok
02:10:56.0340 0x2988  MsBridge - ok
02:10:56.0390 0x2988  MSDTC - ok
02:10:56.0437 0x2988  Msfs - ok
02:10:56.0469 0x2988  msgpiowin32 - ok
02:10:56.0498 0x2988  mshidkmdf - ok
02:10:56.0518 0x2988  mshidumdf - ok
02:10:56.0535 0x2988  msisadrv - ok
02:10:56.0587 0x2988  MSiSCSI - ok
02:10:56.0599 0x2988  msiserver - ok
02:10:56.0628 0x2988  MSKSSRV - ok
02:10:56.0667 0x2988  MsLldp - ok
02:10:56.0673 0x2988  MSPCLOCK - ok
02:10:56.0680 0x2988  MSPQM - ok
02:10:56.0695 0x2988  MsRPC - ok
02:10:56.0720 0x2988  mssmbios - ok
02:10:56.0723 0x2988  MSTEE - ok
02:10:56.0740 0x2988  MTConfig - ok
02:10:56.0759 0x2988  Mup - ok
02:10:56.0777 0x2988  mvumis - ok
02:10:56.0850 0x2988  [ F1F6EE6C068CBDB80BAC43A79591F1F2, 39387A25ECFBFDD5B6A43A9A2CA2EC5703D0CCCFFE36C989B0E461B72C242D1C ] MyWiFiDHCPDNS   c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
02:10:56.0867 0x2988  MyWiFiDHCPDNS - ok
02:10:56.0911 0x2988  NativeWifiP - ok
02:10:56.0961 0x2988  NcaSvc - ok
02:10:56.0985 0x2988  NcbService - ok
02:10:57.0012 0x2988  NcdAutoSetup - ok
02:10:57.0053 0x2988  ndfltr - ok
02:10:57.0060 0x2988  NDIS - ok
02:10:57.0065 0x2988  NdisCap - ok
02:10:57.0089 0x2988  NdisImPlatform - ok
02:10:57.0115 0x2988  NdisTapi - ok
02:10:57.0127 0x2988  Ndisuio - ok
02:10:57.0145 0x2988  NdisVirtualBus - ok
02:10:57.0150 0x2988  NdisWan - ok
02:10:57.0159 0x2988  ndiswanlegacy - ok
02:10:57.0168 0x2988  ndproxy - ok
02:10:57.0181 0x2988  Ndu - ok
02:10:57.0191 0x2988  NetAdapterCx - ok
02:10:57.0196 0x2988  NetBIOS - ok
02:10:57.0216 0x2988  NetBT - ok
02:10:57.0221 0x2988  Netlogon - ok
02:10:57.0240 0x2988  Netman - ok
02:10:57.0275 0x2988  netprofm - ok
02:10:57.0306 0x2988  NetSetupSvc - ok
02:10:57.0369 0x2988  NetTcpPortSharing - ok
02:10:57.0405 0x2988  Netwtw04 - ok
02:10:57.0432 0x2988  NgcCtnrSvc - ok
02:10:57.0460 0x2988  NgcSvc - ok
02:10:57.0478 0x2988  NlaSvc - ok
02:10:57.0507 0x2988  Npfs - ok
02:10:57.0548 0x2988  npsvctrig - ok
02:10:57.0582 0x2988  nsi - ok
02:10:57.0606 0x2988  nsiproxy - ok
02:10:57.0629 0x2988  NTFS - ok
02:10:57.0674 0x2988  Null - ok
02:10:57.0709 0x2988  nvraid - ok
02:10:57.0738 0x2988  nvstor - ok
02:10:57.0794 0x2988  OneSyncSvc - ok
02:10:57.0845 0x2988  p2pimsvc - ok
02:10:57.0856 0x2988  p2psvc - ok
02:10:57.0887 0x2988  Parport - ok
02:10:57.0912 0x2988  partmgr - ok
02:10:57.0956 0x2988  PcaSvc - ok
02:10:57.0981 0x2988  pci - ok
02:10:58.0043 0x2988  pciide - ok
02:10:58.0062 0x2988  pcmcia - ok
02:10:58.0073 0x2988  pcw - ok
02:10:58.0083 0x2988  pdc - ok
02:10:58.0110 0x2988  PEAUTH - ok
02:10:58.0116 0x2988  percsas2i - ok
02:10:58.0122 0x2988  percsas3i - ok
02:10:58.0179 0x2988  PerfHost - ok
02:10:58.0234 0x2988  PhoneSvc - ok
02:10:58.0248 0x2988  PimIndexMaintenanceSvc - ok
02:10:58.0284 0x2988  pla - ok
02:10:58.0315 0x2988  PlugPlay - ok
02:10:58.0333 0x2988  PNRPAutoReg - ok
02:10:58.0355 0x2988  PNRPsvc - ok
02:10:58.0392 0x2988  PolicyAgent - ok
02:10:58.0403 0x2988  Power - ok
02:10:58.0438 0x2988  PptpMiniport - ok
02:10:58.0616 0x2988  [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
02:10:58.0737 0x2988  PrintNotify - ok
02:10:58.0776 0x2988  Processor - ok
02:10:58.0800 0x2988  ProfSvc - ok
02:10:58.0840 0x2988  Psched - ok
02:10:58.0857 0x2988  QWAVE - ok
02:10:58.0880 0x2988  QWAVEdrv - ok
02:10:58.0906 0x2988  RasAcd - ok
02:10:58.0933 0x2988  RasAgileVpn - ok
02:10:58.0971 0x2988  RasAuto - ok
02:10:58.0981 0x2988  Rasl2tp - ok
02:10:59.0000 0x2988  RasMan - ok
02:10:59.0008 0x2988  RasPppoe - ok
02:10:59.0024 0x2988  RasSstp - ok
02:10:59.0043 0x2988  rdbss - ok
02:10:59.0103 0x2988  rdpbus - ok
02:10:59.0119 0x2988  RDPDR - ok
02:10:59.0167 0x2988  RdpVideoMiniport - ok
02:10:59.0171 0x2988  rdyboost - ok
02:10:59.0176 0x2988  ReFSv1 - ok
02:10:59.0238 0x2988  [ B91EE7363FDC2B0CB1C5E6190B46F7DC, 650EE0262F2EE242D99A5BE013A64F76CA3537274C0B9313F9BD7741ACF38017 ] RegSrvc         c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:10:59.0249 0x2988  RegSrvc - ok
02:10:59.0271 0x2988  RemoteAccess - ok
02:10:59.0305 0x2988  RemoteRegistry - ok
02:10:59.0335 0x2988  RetailDemo - ok
02:10:59.0354 0x2988  RFCOMM - ok
02:10:59.0441 0x2988  [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
02:10:59.0464 0x2988  RichVideo64 - ok
02:10:59.0479 0x2988  RmSvc - ok
02:10:59.0506 0x2988  RpcEptMapper - ok
02:10:59.0517 0x2988  RpcLocator - ok
02:10:59.0535 0x2988  RpcSs - ok
02:10:59.0551 0x2988  rspndr - ok
02:10:59.0593 0x2988  [ 952209B8749D7AB91D5BB95665C5D13E, B7E6D7293A2D2B7492FD240E52E041E0BA4818F99FEBB3C6B718C1871D190E26 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
02:10:59.0615 0x2988  rt640x64 - ok
02:10:59.0641 0x2988  [ 668B521427918E788FE3DB0B0F5CBFDB, 6A1F6E4AA07BA7DF8BE37F634BCB236074C9D795EE7961DC045828DFBE7EDFFC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
02:10:59.0648 0x2988  RtkAudioService - ok
02:10:59.0690 0x2988  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
02:10:59.0699 0x2988  RTSUER - ok
02:10:59.0737 0x2988  s3cap - ok
02:10:59.0768 0x2988  SamSs - ok
02:10:59.0820 0x2988  sbp2port - ok
02:10:59.0851 0x2988  SCardSvr - ok
02:10:59.0888 0x2988  ScDeviceEnum - ok
02:10:59.0914 0x2988  scfilter - ok
02:10:59.0938 0x2988  Schedule - ok
02:10:59.0974 0x2988  scmbus - ok
02:11:00.0010 0x2988  scmdisk0101 - ok
02:11:00.0049 0x2988  SCPolicySvc - ok
02:11:00.0069 0x2988  sdbus - ok
02:11:00.0100 0x2988  SDRSVC - ok
02:11:00.0143 0x2988  sdstor - ok
02:11:00.0149 0x2988  seclogon - ok
02:11:00.0201 0x2988  [ EA160DB2589350DFF52C7ACCD7763187, 1EA4C33AE67EE0EC0748D892D402AD49832FE752F6864AF99AFCA52873D6F4A4 ] SecureLine      C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
02:11:00.0213 0x2988  SecureLine - ok
02:11:00.0229 0x2988  SENS - ok
02:11:00.0247 0x2988  SensorDataService - ok
02:11:00.0260 0x2988  SensorService - ok
02:11:00.0285 0x2988  SensrSvc - ok
02:11:00.0293 0x2988  SerCx - ok
02:11:00.0317 0x2988  SerCx2 - ok
02:11:00.0354 0x2988  Serenum - ok
02:11:00.0379 0x2988  Serial - ok
02:11:00.0398 0x2988  sermouse - ok
02:11:00.0426 0x2988  SessionEnv - ok
02:11:00.0465 0x2988  sfloppy - ok
02:11:00.0487 0x2988  SharedAccess - ok
02:11:00.0517 0x2988  ShellHWDetection - ok
02:11:00.0558 0x2988  shpamsvc - ok
02:11:00.0566 0x2988  SiSRaid2 - ok
02:11:00.0590 0x2988  SiSRaid4 - ok
02:11:00.0619 0x2988  [ EC1F172D220B3F4912CBCCCC0C0665A5, 1DE9077E9064E14332E7F1F2D8301408AAA08AFE3F344072B0F1ED40D4D9DB58 ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
02:11:00.0628 0x2988  SmbDrv - ok
02:11:00.0642 0x2988  [ A4DB86E8C2EA8F82364F2DB4D3ED64F5, 6D3CA6DEC43E99044353E80CC9391AE5BBBA516D13DF1CE51C508BF219404CF7 ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
02:11:00.0647 0x2988  SmbDrvI - ok
02:11:00.0660 0x2988  smphost - ok
02:11:00.0693 0x2988  SmsRouter - ok
02:11:00.0740 0x2988  SNMPTRAP - ok
02:11:00.0758 0x2988  spaceport - ok
02:11:00.0773 0x2988  SpbCx - ok
02:11:00.0790 0x2988  Spooler - ok
02:11:00.0821 0x2988  sppsvc - ok
02:11:00.0840 0x2988  srv - ok
02:11:00.0855 0x2988  srv2 - ok
02:11:00.0867 0x2988  srvnet - ok
02:11:00.0893 0x2988  SSDPSRV - ok
02:11:00.0927 0x2988  SstpSvc - ok
02:11:00.0951 0x2988  StateRepository - ok
02:11:00.0999 0x2988  stexstor - ok
02:11:01.0042 0x2988  [ B11724BFE7DA1BA55903B4D849415F1A, ED09B6AD68C87FED34FC66CB6C7A74DFC3AF524E3BE89EDD18A5B6685F656ACA ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
02:11:01.0049 0x2988  StillCam - ok
02:11:01.0086 0x2988  stisvc - ok
02:11:01.0127 0x2988  storahci - ok
02:11:01.0148 0x2988  storflt - ok
02:11:01.0160 0x2988  stornvme - ok
02:11:01.0199 0x2988  storqosflt - ok
02:11:01.0222 0x2988  StorSvc - ok
02:11:01.0241 0x2988  storufs - ok
02:11:01.0259 0x2988  storvsc - ok
02:11:01.0285 0x2988  svsvc - ok
02:11:01.0293 0x2988  swenum - ok
02:11:01.0305 0x2988  swprv - ok
02:11:01.0359 0x2988  Synth3dVsc - ok
02:11:01.0448 0x2988  [ EA5C1537D4F320A0F69C3144628D2C58, 52471E6EF8BA086671BC1CF3AA680DC07D319B7A8A60A170A1CB28F5EEFE7DE6 ] SynTP           C:\WINDOWS\System32\drivers\SynTP.sys
02:11:01.0472 0x2988  SynTP - ok
02:11:01.0526 0x2988  [ EE36B286D7677E5FAEC66C76F09CC9BA, 5136FBBC54847A6D49256E2589DE5B35607F1627BBBBDD41D01ACC0ECE314478 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
02:11:01.0549 0x2988  SynTPEnhService - ok
02:11:01.0589 0x2988  SysMain - ok
02:11:01.0627 0x2988  SystemEventsBroker - ok
02:11:01.0650 0x2988  TabletInputService - ok
02:11:01.0658 0x2988  TapiSrv - ok
02:11:01.0694 0x2988  Tcpip - ok
02:11:01.0701 0x2988  Tcpip6 - ok
02:11:01.0723 0x2988  tcpipreg - ok
02:11:01.0778 0x2988  tdx - ok
02:11:01.0828 0x2988  terminpt - ok
02:11:01.0850 0x2988  TermService - ok
02:11:01.0891 0x2988  Themes - ok
02:11:01.0926 0x2988  TieringEngineService - ok
02:11:01.0946 0x2988  tiledatamodelsvc - ok
02:11:01.0965 0x2988  TimeBrokerSvc - ok
02:11:01.0982 0x2988  TPM - ok
02:11:02.0001 0x2988  TrkWks - ok
02:11:02.0029 0x2988  [ B66EE1D68197DFB9AA24F961E68ACDCC, EB7536089BAF2384437EDE964F7A20AE00C988B8CCB61A8F12CB2BBD84C4FB6E ] trufos          C:\WINDOWS\system32\drivers\trufos.sys
02:11:02.0040 0x2988  trufos - ok
02:11:02.0073 0x2988  TrustedInstaller - ok
02:11:02.0083 0x2988  TsUsbFlt - ok
02:11:02.0114 0x2988  TsUsbGD - ok
02:11:02.0146 0x2988  tunnel - ok
02:11:02.0168 0x2988  tzautoupdate - ok
02:11:02.0199 0x2988  UASPStor - ok
02:11:02.0207 0x2988  UcmCx0101 - ok
02:11:02.0237 0x2988  UcmTcpciCx0101 - ok
02:11:02.0247 0x2988  UcmUcsi - ok
02:11:02.0263 0x2988  Ucx01000 - ok
02:11:02.0270 0x2988  UdeCx - ok
02:11:02.0281 0x2988  udfs - ok
02:11:02.0302 0x2988  UEFI - ok
02:11:02.0327 0x2988  Ufx01000 - ok
02:11:02.0349 0x2988  UfxChipidea - ok
02:11:02.0377 0x2988  ufxsynopsys - ok
02:11:02.0437 0x2988  UI0Detect - ok
02:11:02.0459 0x2988  umbus - ok
02:11:02.0481 0x2988  UmPass - ok
02:11:02.0519 0x2988  UmRdpService - ok
02:11:02.0535 0x2988  UnistoreSvc - ok
02:11:02.0556 0x2988  upnphost - ok
02:11:02.0593 0x2988  UrsChipidea - ok
02:11:02.0602 0x2988  UrsCx01000 - ok
02:11:02.0612 0x2988  UrsSynopsys - ok
02:11:02.0640 0x2988  usbaudio - ok
02:11:02.0677 0x2988  usbccgp - ok
02:11:02.0689 0x2988  usbcir - ok
02:11:02.0715 0x2988  usbehci - ok
02:11:02.0723 0x2988  usbhub - ok
02:11:02.0731 0x2988  USBHUB3 - ok
02:11:02.0747 0x2988  usbohci - ok
02:11:02.0770 0x2988  usbprint - ok
02:11:02.0778 0x2988  usbser - ok
02:11:02.0789 0x2988  USBSTOR - ok
02:11:02.0796 0x2988  usbuhci - ok
02:11:02.0828 0x2988  usbvideo - ok
02:11:02.0855 0x2988  USBXHCI - ok
02:11:02.0896 0x2988  UserDataSvc - ok
02:11:02.0932 0x2988  UserManager - ok
02:11:02.0948 0x2988  UsoSvc - ok
02:11:02.0979 0x2988  VaultSvc - ok
02:11:03.0010 0x2988  vdrvroot - ok
02:11:03.0038 0x2988  vds - ok
02:11:03.0045 0x2988  VerifierExt - ok
02:11:03.0052 0x2988  vhdmp - ok
02:11:03.0066 0x2988  vhf - ok
02:11:03.0081 0x2988  vmbus - ok
02:11:03.0086 0x2988  VMBusHID - ok
02:11:03.0115 0x2988  vmgid - ok
02:11:03.0129 0x2988  vmicguestinterface - ok
02:11:03.0133 0x2988  vmicheartbeat - ok
02:11:03.0137 0x2988  vmickvpexchange - ok
02:11:03.0156 0x2988  vmicrdv - ok
02:11:03.0161 0x2988  vmicshutdown - ok
02:11:03.0165 0x2988  vmictimesync - ok
02:11:03.0170 0x2988  vmicvmsession - ok
02:11:03.0174 0x2988  vmicvss - ok
02:11:03.0192 0x2988  volmgr - ok
02:11:03.0197 0x2988  volmgrx - ok
02:11:03.0218 0x2988  volsnap - ok
02:11:03.0244 0x2988  volume - ok
02:11:03.0259 0x2988  vpci - ok
02:11:03.0271 0x2988  vsmraid - ok
02:11:03.0305 0x2988  VSS - ok
02:11:03.0319 0x2988  VSTXRAID - ok
02:11:03.0336 0x2988  vwifibus - ok
02:11:03.0347 0x2988  vwififlt - ok
02:11:03.0367 0x2988  vwifimp - ok
02:11:03.0387 0x2988  W32Time - ok
02:11:03.0407 0x2988  WacomPen - ok
02:11:03.0431 0x2988  WalletService - ok
02:11:03.0449 0x2988  wanarp - ok
02:11:03.0457 0x2988  wanarpv6 - ok
02:11:03.0484 0x2988  wbengine - ok
02:11:03.0512 0x2988  WbioSrvc - ok
02:11:03.0522 0x2988  wcifs - ok
02:11:03.0543 0x2988  Wcmsvc - ok
02:11:03.0559 0x2988  wcncsvc - ok
02:11:03.0592 0x2988  wcnfs - ok
02:11:03.0608 0x2988  WdBoot - ok
02:11:03.0619 0x2988  Wdf01000 - ok
02:11:03.0639 0x2988  WdFilter - ok
02:11:03.0661 0x2988  WdiServiceHost - ok
02:11:03.0667 0x2988  WdiSystemHost - ok
02:11:03.0682 0x2988  wdiwifi - ok
02:11:03.0688 0x2988  WdNisDrv - ok
02:11:03.0725 0x2988  WdNisSvc - ok
02:11:03.0755 0x2988  WebClient - ok
02:11:03.0771 0x2988  Wecsvc - ok
02:11:03.0809 0x2988  WEPHOSTSVC - ok
02:11:03.0847 0x2988  wercplsupport - ok
02:11:03.0855 0x2988  WerSvc - ok
02:11:03.0873 0x2988  WFPLWFS - ok
02:11:03.0882 0x2988  WiaRpc - ok
02:11:03.0910 0x2988  WIMMount - ok
02:11:03.0916 0x2988  WinDefend - ok
02:11:03.0960 0x2988  WindowsTrustedRT - ok
02:11:03.0971 0x2988  WindowsTrustedRTProxy - ok
02:11:03.0994 0x2988  WinHttpAutoProxySvc - ok
02:11:04.0023 0x2988  WinMad - ok
02:11:04.0091 0x2988  Winmgmt - ok
02:11:04.0127 0x2988  WinRM - ok
02:11:04.0171 0x2988  WINUSB - ok
02:11:04.0200 0x2988  WinVerbs - ok
02:11:04.0237 0x2988  [ F3E427DB8ED545879AE6716F7FA9B85E, 7999E9D1D003AEF9A82BFD76C1BEA4F41CACD207B9A696EBBD28187E0AE9497E ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
02:11:04.0566 0x2988  WirelessButtonDriver64 - ok
02:11:04.0601 0x2988  wisvc - ok
02:11:04.0627 0x2988  WlanSvc - ok
02:11:04.0644 0x2988  wlidsvc - ok
02:11:04.0662 0x2988  WmiAcpi - ok
02:11:04.0690 0x2988  wmiApSrv - ok
02:11:04.0715 0x2988  WMPNetworkSvc - ok
02:11:04.0730 0x2988  Wof - ok
02:11:04.0774 0x2988  workfolderssvc - ok
02:11:04.0794 0x2988  WPDBusEnum - ok
02:11:04.0826 0x2988  WpdUpFltr - ok
02:11:04.0847 0x2988  WpnService - ok
02:11:04.0873 0x2988  WpnUserService - ok
02:11:04.0919 0x2988  ws2ifsl - ok
02:11:04.0940 0x2988  wscsvc - ok
02:11:04.0989 0x2988  WSDPrintDevice - ok
02:11:05.0014 0x2988  WSDScan - ok
02:11:05.0030 0x2988  WSearch - ok
02:11:05.0059 0x2988  wuauserv - ok
02:11:05.0073 0x2988  WudfPf - ok
02:11:05.0078 0x2988  WUDFRd - ok
02:11:05.0091 0x2988  wudfsvc - ok
02:11:05.0098 0x2988  WUDFWpdFs - ok
02:11:05.0105 0x2988  WUDFWpdMtp - ok
02:11:05.0118 0x2988  WwanSvc - ok
02:11:05.0138 0x2988  XblAuthManager - ok
02:11:05.0154 0x2988  XblGameSave - ok
02:11:05.0169 0x2988  xboxgip - ok
02:11:05.0184 0x2988  XboxNetApiSvc - ok
02:11:05.0202 0x2988  xinputhid - ok
02:11:05.0422 0x2988  [ 65308E8DDBCA0A3D7A72E3404E194319, 93D51235D4CB50F3C73DE006843CB98B8940F92BBB84365443C9A31DEB2426A6 ] ZeroConfigService c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
02:11:05.0553 0x2988  ZeroConfigService - ok
02:11:05.0557 0x2988  ================ Scan global ===============================
02:11:05.0631 0x2988  [ Global ] - ok
02:11:05.0631 0x2988  ================ Scan MBR ==================================
02:11:05.0645 0x2988  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:11:05.0671 0x2988  \Device\Harddisk0\DR0 - ok
02:11:05.0672 0x2988  ================ Scan VBR ==================================
02:11:05.0675 0x2988  [ 383F0A652CD5E48A96A79595E22FD7F0 ] \Device\Harddisk0\DR0\Partition1
02:11:05.0675 0x2988  \Device\Harddisk0\DR0\Partition1 - ok
02:11:05.0687 0x2988  [ A2C7C2D4A748185FD08C4B8EE2F7CBD6 ] \Device\Harddisk0\DR0\Partition2
02:11:05.0687 0x2988  \Device\Harddisk0\DR0\Partition2 - ok
02:11:05.0697 0x2988  [ A3A9E153D468CCBE453DB1D5F791181F ] \Device\Harddisk0\DR0\Partition3
02:11:05.0698 0x2988  \Device\Harddisk0\DR0\Partition3 - ok
02:11:05.0725 0x2988  [ A19F2F48B6A8FDEB1ED3019A9DDF97EC ] \Device\Harddisk0\DR0\Partition4
02:11:05.0727 0x2988  \Device\Harddisk0\DR0\Partition4 - ok
02:11:05.0740 0x2988  [ C58E622916A6DD82B0A6E61B26DB1E47 ] \Device\Harddisk0\DR0\Partition5
02:11:05.0744 0x2988  \Device\Harddisk0\DR0\Partition5 - ok
02:11:05.0745 0x2988  ================ Scan generic autorun ======================
02:11:06.0035 0x2988  [ F9DC1D9A721648AE3BD0BA15EDE354FD, C9FE2B55AFF2301A22FDE7896DEAB708AD141C6D9FD8436033A8F9D6E7E5FE18 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
02:11:06.0163 0x2988  RTHDVCPL - ok
02:11:06.0171 0x2988  SynTPEnh - ok
02:11:06.0172 0x2988  WindowsDefender - ok
02:11:06.0296 0x2988  [ 666FEA598D1776C7F8EDD7746F0F7F59, 54E330BCDBAB646B555DACC15F9CFB0AD6A05BF4E273F73C5133259EEE976C21 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
02:11:06.0398 0x2988  Malwarebytes TrayApp - ok
02:11:06.0446 0x2988  [ 723C1A077675BF982916D3D48182F440, D17F37A666F43E16D3434BCBE4D169FFB5F3F9171BF06DF70B0609BF6E456083 ] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
02:11:06.0462 0x2988  HPMessageService - ok
02:11:06.0745 0x2988  [ CE99AA11D0274BE5BDEF3991508852E9, C129B50010508603C6F2CDB4442ACA4E7FC6CD44DBDB6153D5E1D37E1BC32036 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
02:11:06.0883 0x2988  AvastUI.exe - ok
02:11:06.0920 0x2988  [ 1F820480D5608D4E92CFAAB5AF31E476, B55AE657EF8E6FA3FB70FCA42C28E65CC65B75049B0534C2A142F5B5ACD0A8A7 ] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
02:11:06.0926 0x2988  HPRadioMgr - ok
02:11:06.0970 0x2988  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
02:11:06.0976 0x2988  HP Software Update - ok
02:11:07.0167 0x2988  OneDriveSetup - ok
02:11:07.0169 0x2988  OneDriveSetup - ok
02:11:07.0171 0x2988  OneDriveSetup - ok
02:11:07.0350 0x2988  [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\riley\AppData\Local\Microsoft\OneDrive\OneDrive.exe
02:11:07.0374 0x2988  OneDrive - ok
02:11:07.0531 0x2988  [ 34BCBA3AF85DBF771A746DD5FF512F3A, ABC2327480BA02CECAB789A0D1A5A269230FBB4315B19D353C8C4A0FA363EA6F ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
02:11:07.0648 0x2988  XperiaCompanionAgent - ok
02:11:07.0690 0x2988  [ 34BCBA3AF85DBF771A746DD5FF512F3A, ABC2327480BA02CECAB789A0D1A5A269230FBB4315B19D353C8C4A0FA363EA6F ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
02:11:07.0724 0x2988  XperiaCompanion - ok
02:11:07.0865 0x2988  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
02:11:07.0911 0x2988  HP Photosmart 6520 series (NET) - ok
02:11:08.0199 0x2988  [ 2269768074F6A93E454BA384ED9652E2, 3BB698018941471327A3031CC0F4011D69EBA03B00E9E6F2D99922639DCCDA59 ] C:\Program Files\CCleaner\CCleaner64.exe
02:11:08.0339 0x2988  CCleaner Monitoring - ok
02:11:08.0461 0x2988  [ C9B40540600516F392DA756FD6AFDBA2, 134CA79193767667737174DCE7127D50D9F2F78360C996676C5AD28FBD9072FB ] C:\Program Files\Wipe\net1.exe
02:11:08.0481 0x2988  Wipe Maintance - ok
02:11:08.0567 0x2988  [ A757A2EEE711BA70787FEB246E3FA81D, EB7A8FF7C5A2146FA9391B662FA6FB4470A9D968241893BC5640DB280AD816F7 ] C:\Program Files\Secret Disk\net1.exe
02:11:08.0592 0x2988  Secret Disk Maintance - ok
02:11:08.0666 0x2988  [ 07236FF79FB160C031C4961DE96BC7E6, 5E48E320719CD6081AFFF4CDFB205177ECC36925B231261F244E914CF46BDB97 ] C:\Program Files\Safe Startup\net1.exe
02:11:08.0678 0x2988  Safe Startup Maintance - ok
02:11:08.0961 0x2988  [ 2269768074F6A93E454BA384ED9652E2, 3BB698018941471327A3031CC0F4011D69EBA03B00E9E6F2D99922639DCCDA59 ] C:\Program Files\CCleaner\CCleaner64.exe
02:11:09.0231 0x2988  CCleaner - ok
02:11:09.0240 0x2988  Waiting for KSN requests completion. In queue: 50
02:11:10.0327 0x2988  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
02:11:10.0330 0x2988  AV detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 12.3.3154.0 ), 0x41000 ( enabled : updated )
02:11:10.0350 0x2988  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.134 ), 0x61000 ( enabled : updated )
02:11:10.0356 0x2988  FW detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 12.3.3154.0 ), 0x41010 ( enabled )
02:11:11.0052 0x2988  ============================================================
02:11:11.0052 0x2988  Scan finished
02:11:11.0052 0x2988  ============================================================
02:11:11.0074 0x2110  Detected object count: 0
02:11:11.0074 0x2110  Actual detected object count: 0


#11 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 09:22 PM

adwcleaner -
 

# AdwCleaner v6.042 - Logfile created 10/01/2017 at 02:19:20
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-09.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : riley - BIGBLUEMCGRUE
# Running from : C:\Users\riley\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [989 Bytes] - [10/01/2017 02:19:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1061 Bytes] ##########


#12 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 January 2017 - 09:37 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by riley (Administrator) on 10/01/2017 at  2:29:05.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FA4D5F66-4A1E-4399-9D66-D0C23AA91594} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{FA4D5F66-4A1E-4399-9D66-D0C23AA91594} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/01/2017 at  2:35:07.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 10 January 2017 - 11:01 AM

You may have infected yourself from what was backed up.

MiniToolBox[/b][/color][/url], save it to your desktop and run it.

  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  •  
  •  
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list] SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  •  
  •  
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

 

Lastly the ESET result was only this - 

C:\Users\riley\Downloads\Downloaded Apps&Programmes\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted

Should I run the D:\ drive and scan too? I don't get why I keep getting that weevah and stuff


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:02 AM

Posted 10 January 2017 - 12:22 PM

Ok. it looks clean.. I would restore my browser to default setting and see if weevah goes.
https://www.google.com/#q=set+browser+to+default

I don't believe the laptop sounds are normal but better to ask in OS 10 forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 ririguy

ririguy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 10 January 2017 - 12:31 PM

Ok. it looks clean.. I would restore my browser to default setting and see if weevah goes.
https://www.google.com/#q=set+browser+to+default

I don't believe the laptop sounds are normal but better to ask in OS 10 forum.

Ooooo check me with my clean laptop haha. Thank you!

Ok will do thanks :) 

Any idea about the issue with my nans? and
Can I scan my D:\ drive the recovery drive on my laptop or did that scan do it previous?
And if I connect the portable harddrive can I scan that with the above method?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users