Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow internet after cleaning up infection


  • Please log in to reply
22 replies to this topic

#1 Nimdok

Nimdok

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 20 April 2017 - 03:32 PM

Over the past few weeks I had noticed increasingly erratic behavior from my desktop (Windows 10 on a home-made PC) and, after several different cleaning sweeps, managed to get rid of a pile of bitcoin miners and other nasty stuff. However, since cleaning up I've had INCREDIBLY slow internet speeds over wifi (I pay for 100 Mbps, and I'm lucky to get 1 to 5 down, 10 up) only on said desktop (Phone on same wifi gets 50+ up), and I'm not sure if it's leftovers or something else entirely. The modem is a Ubee provided by my provider (Spectrum), but it's bridged to my router (Nighthawk).


Edited by Nimdok, 20 April 2017 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 20 April 2017 - 06:02 PM

It sounds as if there may be some malware remaining after your PC was cleaned.

 

Download Farbar MiniToolBox from here.

Once downloaded and open, select these options:

 

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change settings here)

List Users, Partitions and Memory size

List Restore Points

 

Click Go and wait for the scan to be over. Copy and paste the log file contents into a post.

 

 

 

Download SecurityCheck from here.

  1. Launch the program SecurityCheck.exe
  2. Follow the instructions inside of the black box onscreen
  3. A notepad window will open. Paste the contents into a post

Note: If a firewall or antivirus blocks DIG.EXE from accessing the Internet, unblock it. If you get a message that says UNSUPPORTED OPERATING SYSTEM! ABORTED! restart the computer and it should work

 

 

Download Malwarebytes from here.

  1. Launch the install wizard and install Malwarebytes
  2. Open Malwarebytes and click Scan Now on the screen
  3. Malwarebytes will download updates and scan your computer.
  4. Once finished, make sure all the threats are selected and click Remove Selected. Restart your PC if asked to do so.
  5. Go to History on the left and then select Application logs. Paste the contents of the log in your post.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 20 April 2017 - 07:09 PM

In order, Minitoolbox log

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Tim & Dixie (administrator) on 20-04-2017 at 16:37:06
Running from "C:\Users\Tim & Dixie\Downloads"
Microsoft Windows 10 Home  (X64)
Model: MS-7817 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
173.252.120.68 facebjork.com
========================= IP Configuration: ================================

Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : TimDixie
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-CB-8A-10-40-A6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 76-DA-38-11-11-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 74-DA-38-11-11-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:e000:1301:42f5::1000(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, 20 April, 2017 12:18:31 PM
   Lease Expires . . . . . . . . . . : Friday, 21 April, 2017 12:18:31 PM
   Link-local IPv6 Address . . . . . : fe80::6830:efea:8d8b:627b%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 20 April, 2017 12:18:02 PM
   Lease Expires . . . . . . . . . . : Friday, 21 April, 2017 12:18:02 PM
   Default Gateway . . . . . . . . . : fe80::e6f4:c6ff:fe18:a15c%3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 74766904
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-3C-E0-30-D8-CB-8A-10-40-A6
   DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
                                       2001:4860:4860::8844
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2499:3be2:97dc:24d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2499:3be2:97dc:24d%17(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 301989888
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-3C-E0-30-D8-CB-8A-10-40-A6
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  2001:4860:4860::8888

Name:    google.com
Addresses:  2607:f8b0:4007:80b::200e
      216.58.193.206


Pinging google.com [2607:f8b0:4007:80b::200e] with 32 bytes of data:
Reply from 2607:f8b0:4007:80b::200e: time=20ms
Reply from 2607:f8b0:4007:80b::200e: time=17ms

Ping statistics for 2607:f8b0:4007:80b::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 20ms, Average = 18ms
Server:  google-public-dns-a.google.com
Address:  2001:4860:4860::8888

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=82ms
Reply from 2001:4998:44:204::a7: time=79ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 79ms, Maximum = 82ms, Average = 80ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...d8 cb 8a 10 40 a6 ......Realtek PCIe GBE Family Controller
 18...76 da 38 11 11 f0 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...74 da 38 11 11 f0 ......Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     45
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    301
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    301
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    301
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3   4141 ::/0                     fe80::e6f4:c6ff:fe18:a15c
  1    331 ::1/128                  On-link
 17    331 2001::/32                On-link
 17    331 2001:0:9d38:6ab8:2499:3be2:97dc:24d/128
                                    On-link
  3    301 2605:e000:1301:42f5::1000/128
                                    On-link
  3    301 fe80::/64                On-link
 17    331 fe80::/64                On-link
 17    331 fe80::2499:3be2:97dc:24d/128
                                    On-link
  3    301 fe80::6830:efea:8d8b:627b/128
                                    On-link
  1    331 ff00::/8                 On-link
 17    331 ff00::/8                 On-link
  3    301 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2017 02:35:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/20/2017 02:30:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/20/2017 07:35:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/20/2017 07:31:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 10:37:08 PM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:08 PM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:01 PM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:01 PM) (Source: Microsoft Security Client) (User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:32:32 PM) (Source: VBRuntime) (User: )
Description: The VB Application identified by the event source logged this Application MSICUU: Thread ID: 38592 ,Logged:

Success:
C:\Program Files (x86)\Windows Installer Clean Up\msizap.exe TW! {45410935-B52C-468A-A836-0D1000018201}

Error: (04/19/2017 10:32:32 PM) (Source: VBRuntime) (User: )
Description: The VB Application identified by the event source logged this Application MSICUU: Thread ID: 38592 ,Logged:

Success:
C:\Program Files (x86)\Windows Installer Clean Up\msizap.exe TW! {1632FD86-1BA4-4FC4-8B25-A8C655D63F68}


System errors:
=============
Error: (04/20/2017 03:49:41 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/19/2017 10:40:16 PM) (Source: Service Control Manager) (User: )
Description: The CldFlt service failed to start due to the following error:
%%50 = The request is not supported.


Error: (04/19/2017 04:18:19 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (04/19/2017 04:18:18 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/19/2017 02:52:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/19/2017 02:52:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/19/2017 02:52:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/19/2017 02:52:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/19/2017 02:22:39 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/19/2017 02:21:42 PM) (Source: WinRM) (User: )
Description: *HTTP


Microsoft Office Sessions:
=========================
Error: (04/20/2017 02:35:06 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\amd\cim\bin64\SetACL64.exe

Error: (04/20/2017 02:30:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\amd\cim\bin64\SetACL64.exe

Error: (04/20/2017 07:35:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\amd\cim\bin64\SetACL64.exe

Error: (04/20/2017 07:31:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\amd\cim\bin64\SetACL64.exe

Error: (04/19/2017 10:37:08 PM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:08 PM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:01 PM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:37:01 PM) (Source: Microsoft Security Client)(User: )
Description: 0x1ProtectionManagement

Error: (04/19/2017 10:32:32 PM) (Source: VBRuntime)(User: )
Description: Application MSICUU: Thread ID: 38592 ,Logged:

Success:
C:\Program Files (x86)\Windows Installer Clean Up\msizap.exe TW! {45410935-B52C-468A-A836-0D1000018201}

Error: (04/19/2017 10:32:32 PM) (Source: VBRuntime)(User: )
Description: Application MSICUU: Thread ID: 38592 ,Logged:

Success:
C:\Program Files (x86)\Windows Installer Clean Up\msizap.exe TW! {1632FD86-1BA4-4FC4-8B25-A8C655D63F68}


CodeIntegrity Errors:
===================================
  Date: 2017-04-20 09:53:34.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 09:53:33.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 09:53:32.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 09:53:32.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 09:53:32.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-19 22:56:51.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-04-19 22:56:51.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-04-19 22:56:50.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-04-19 22:56:50.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-04-19 22:56:50.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.


=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{BC5A9829-B67F-4E3A-83EE-0CDBDB6FBA1C}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BulletStorm (HKLM-x32\...\{45410935-B52C-468A-A836-0D1000018201}) (Version: 1.0.0001.130 - EA) Hidden
calibre 64bit (HKLM\...\{D7D0A0C9-6728-4FA3-B611-04FFDB739F97}) (Version: 2.83.0 - Kovid Goyal)
Castle of Illusion (HKLM\...\Steam App 227600) (Version:  - SEGA Studios Australia)
Catalyst Control Center Next Localization BR (HKLM\...\{B6C70979-A8D1-6CF9-82D0-44FD6BC4AD6C}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B5623A0D-4DFA-A529-8AF0-88E5C41EB336}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{78820559-3CFB-C2A3-A15C-DEFFBDDB155C}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{1F0A6BCA-64DE-2B02-32E4-8656C269C24A}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1380564A-BDE8-4AC8-5326-24550AB52CCF}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{68BB3E0C-372F-3CEB-36F3-9A4EC46E931D}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{193CAB03-2BFB-D17E-3067-0270357D0399}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7C7B4C16-95F3-9F76-DDD6-4C4595A9ADE2}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{0E6E4FAF-4D81-EF90-9627-D6D05D691823}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{9B79401A-4183-A1FE-A951-863F82CC3E06}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CB0AF2D7-7034-CA2D-1457-43C0CBF05AF7}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{739C3FDD-0D11-4854-903B-F70A7566FD20}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D6972606-1186-1DC4-F55D-418C5D822975}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{22E7A75B-0848-014A-6E1A-1E66EBEB0D33}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A91B5A4A-D524-71C1-263C-D59B25E408DC}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{AF5D1C22-3B09-CCAC-BF8B-46B738C4378E}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{5344752B-AFED-7FB0-8148-DC898DC49115}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{1F5F4AF8-A07E-8F55-B9A7-4CA143637432}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A54655A9-BD47-9B6A-4C0B-428BC4F0DF71}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6F44487C-9C5A-5410-6915-1D2DE43CC8FB}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{73538F98-8D73-7D47-51BB-7F457762B57E}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Chroma Squad (HKLM\...\Steam App 251130) (Version:  - Behold Studios)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0229 - Disc Soft Ltd)
Dashlane (HKCU\...\Dashlane) (Version: 4.6.8.26847 - Dashlane SAS)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version:  - Double Fine Productions)
Deadtime Stories (HKLM-x32\...\Deadtime Stories) (Version: 32.0.0.0 - Shockwave.com)
D-Fend Reloaded 1.4.2 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disney Winnie the Pooh (HKLM\...\Steam App 319400) (Version:  - Disney Interactive)
Dragon Fantasy: The Black Tome of Ice (HKLM\...\Steam App 328000) (Version:  - Muteki)
Dreamship Tales (HKLM-x32\...\Dreamship Tales) (Version:  - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Earn to Die 2 (HKLM\...\Steam App 431590) (Version:  - Toffee Games)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.3 - Emsisoft Ltd.)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
f.lux (HKCU\...\Flux) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.3 - Google Inc.) Hidden
Hellboy (HKLM-x32\...\Hellboy) (Version:  - )
Hollow Knight (HKLM-x32\...\1308320804_is1) (Version: 1.0.2.8 - GOG.com)
Insaniquarium! Deluxe (HKLM\...\Steam App 3320) (Version:  - PopCap Games, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
JumpStart 4th Grade v1.2 (HKLM-x32\...\4G_1.2) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Leap of Fate (HKLM\...\Steam App 363420) (Version:  - Clever-Plays)
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{50B93E1B-EBA1-46AE-909F-10F6F97E1505}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (de-DE) (HKLM-x32\...\{955F43D9-38C4-4C22-BEE3-1A6C63F968FA}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-AU) (HKLM-x32\...\{FA19A2B8-9A24-49B0-A51C-CF4A6B4B2B62}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-CA) (HKLM-x32\...\{0C96ED3F-83E2-4917-89DC-7837DC775FEC}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-GB) (HKLM-x32\...\{E0D13850-F97C-4B30-9F05-862299CE8DA5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-ES) (HKLM-x32\...\{5D4A25B6-3A4E-409B-90FA-EDE99E2006B4}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (es-MX) (HKLM-x32\...\{BE94188A-CA4F-4AC7-A1B3-52D37882C30D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-CA) (HKLM-x32\...\{58DE670F-4977-4A23-9D2E-8C82A2072920}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (fr-FR) (HKLM-x32\...\{4D2DDB98-1FE6-4CFE-BCFD-EFE27FF24FAE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (it-IT) (HKLM-x32\...\{9267D7E7-5872-4CB1-B4E3-377F4CA272D0}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ja-JP) (HKLM-x32\...\{A06F3EA5-7C55-4505-8982-534BA05F49BE}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ko-KR) (HKLM-x32\...\{1D8F6891-9B7F-4F08-A54E-C568D8C33276}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-PT) (HKLM-x32\...\{DAFE30C6-C638-4505-9372-2ECD1A1B317C}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-HK) (HKLM-x32\...\{6BAA03F9-B2E5-40EB-8871-703FF0046E9D}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-TW) (HKLM-x32\...\{28292B72-CF8A-4915-A5F5-07FF1E44C6F5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich)
Normality (HKLM-x32\...\1207658949_is1) (Version: 2.1.0.8 - GOG.com)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Oracle VM VirtualBox 5.1.14 (HKLM\...\{6AE61854-0F78-49E3-ABCC-586FB43CE709}) (Version: 5.1.14 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.33873 - Electronic Arts, Inc.)
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
Pajama Sam 4 - Life is Rough When You Lose Your Stuff (HKLM-x32\...\1434538201_is1) (Version: 2.0.0.2 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{6cfa815d-cf6e-46ac-bb70-16a5607aaccd}) (Version: 1.5.5.3634 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{CB63BB68-E807-43E8-97B2-08CB69AE405A}) (Version: 1.5.3634 - Plex, Inc.) Hidden
Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™ (HKLM-x32\...\Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™) (Version:  - )
Reader Rabbit Learn To Read With Phonics (HKLM-x32\...\Reader Rabbit Learn To Read With Phonics) (Version:  - )
Reader Rabbit Preschool® Sparkle Star Rescue!™ (HKLM-x32\...\Reader Rabbit Preschool® Sparkle Star Rescue!™) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Satellite Reign (HKLM-x32\...\Steam App 268870) (Version:  - 5 Lives Studios)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.6.16.0 - Seagate)
Song of the Deep (HKLM\...\Steam App 460700) (Version:  - Insomniac Games)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.8.0.10 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\1207660733_is1) (Version: 2.2.0.4 - GOG.com)
Stopping Plex (HKLM-x32\...\{630E9167-7F30-4474-B4BE-28C6689E559D}) (Version: 1.5.3634 - Plex, Inc.) Hidden
Syberia (HKLM-x32\...\{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}) (Version:  - )
Syberia 2 (HKLM-x32\...\1207658849_is1) (Version: 2.1.0.10 - GOG.com)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
TomTom MyDrive Connect 4.1.4.3089 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.4.3089 - TomTom)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Viva Pinata (HKLM-x32\...\{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Viva Piñata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voodoo Chronicles: The First Sign (HKLM-x32\...\Voodoo Chronicles: The First Sign) (Version: 32.0.0.0 - Shockwave.com)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-3) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
War for the Overworld (HKLM\...\Steam App 230190) (Version:  - Brightrock Games)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.30 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
WMS Slots Quest For The Fountain (HKLM-x32\...\{DA7EDB20-7082-4586-B0E4-46EECC0C5B6A}) (Version: 1.0 - Phantom EFX)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 8134.45 MB
Available physical RAM: 4021.37 MB
Total Virtual: 10054.45 MB
Available Virtual: 4893.99 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:118.48 GB) (Free:50.18 GB) NTFS
2 Drive d: (Clovis) (Fixed) (Total:931.39 GB) (Free:713.19 GB) NTFS
3 Drive f: (Backup) (Fixed) (Total:1863.02 GB) (Free:1670.63 GB) NTFS
4 Drive h: (Scheherazade) (Fixed) (Total:2794.39 GB) (Free:1294.01 GB) NTFS

========================= Users: ========================================

User accounts for \\TIMDIXIE

Administrator            DefaultAccount           Guest                    
Tim & Dixie              

========================= Restore Points ==================================

19-04-2017 23:37:29 Windows Update

**** End of log ****

NOTE: the facebjork thing was me; I was dicking around with the host files to see if I could get my browser to automatically redirect to Facebook when I typed Facebjork into the address bar. Since it didn't work, I just got bored and walked away and never deleted the entry. I don't think I know how to delete it, actually.

SecurityCheck, literally, gives me a blank log; from what I can scan of what it's doing it repeatedly cannot find Process.TXT or Install.TXT and therefor isn't doing anything.


I went ahead and told Malwarebytes to scan all of my drives (Windows drive, normal use, media, and backup), including the rootkit scan, so I'll post that when it's done.
 



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 20 April 2017 - 07:17 PM

For a second I thought "What is that facebjork.org??"

Anyway, you can change the Facebjork to 127.0.0.1 Localhost.


Edited by iMacg3, 20 April 2017 - 07:18 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 20 April 2017 - 11:24 PM

Malwarebytes came up clean.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/20/17
Scan Time: 4:46 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1772
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: TimDixie\Tim & Dixie

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 476316
Time Elapsed: 1 hr, 47 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 21 April 2017 - 10:40 AM

Download ESET Online Scanner and save the file. 

  1. Double-click on the .exe file you downloaded. Make sure you are running as administrator.
  2. Click Accept on the Terms of use screen.
  3. Click on Enable detection of potentially unwanted applications and click Scan.
  4. Once the scan is complete, make sure all threats are selected and then click Remove selected and restart the computer if needed.
  5. Make sure Show Hidden Files and Folders is enabled, then go to C:\users\%userprofile%\appdata\local\temp\log.txt and paste the log file contents into a post.

 

Download RogueKiller and save the file.

  1. Double-click on the .exe file you just downloaded.
  2. Run a scan using RogueKiller
  3. Once the scan is done, click on Report, then export the log in Text format.
  4. Paste the contents of the log into a post.

Download Rkill and save the file.

  1. Double-click on the .exe file you just downloaded. Note: Malwarebytes and other programs may detect Rkill as a virus. Please allow Rkill to run.
  2. Let Rkill stop any malicious processes on your computer.
  3. Once done, Rkill will open a text document. Paste the contents into a post.

Download Junkware Removal Tool and save the file

  1. Double-click on the file you downloaded. (JRT.exe)
  2. Let JRT run.
  3. Once it's done, it will produce a file to your desktop called JRT.txt.
  4. Open the file and paste its contents into a post.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2017 - 01:05 PM

ESET log

 

09:09:46 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=
# end=init
# utc_time=2017-04-21 16:09:45
# local_time=2017-04-21 09:09:45 (-0800, Pacific Daylight Time)
# country="United States"
# osver=10.0.15063 NT
09:09:50 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=a63da2dc2c654e4e881c7feb5e59872e
# end=init
# utc_time=2017-04-21 16:09:49
# local_time=2017-04-21 09:09:49 (-0800, Pacific Daylight Time)
# country="United States"
# osver=10.0.15063 NT
09:09:58 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Tim & Dixie\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
09:10:03 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=a63da2dc2c654e4e881c7feb5e59872e
# end=init
# utc_time=2017-04-21 16:10:02
# local_time=2017-04-21 09:10:02 (-0800, Pacific Daylight Time)
# country="United States"
# osver=10.0.15063 NT
09:10:16 Updating
09:10:16 Update Init
09:10:18 Update Download
09:18:11 esets_scanner_reload returned 0
09:18:11 g_uiModuleBuild: 33133
09:18:11 Update Finalize
09:18:11 Call m_esets_charon_send
09:18:11 Call m_esets_charon_destroy
09:18:11 Updated modules version: 33133
09:18:20 Call m_esets_charon_setup_create
09:18:20 Call m_esets_charon_create
09:18:20 m_esets_charon_create OK
09:18:20 Call m_esets_charon_start_send_thread
09:18:20 Call m_esets_charon_setup_set
09:18:20 m_esets_charon_setup_set OK
09:18:20 Scanner engine: 33133
10:51:38 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=a63da2dc2c654e4e881c7feb5e59872e
# engine=33133
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-04-21 17:51:37
# local_time=2017-04-21 10:51:37 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=10.0.15063 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 0 32060655 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1984941 9576471 0 0
# scanned=2
# found=0
# cleaned=0
# scan_time=5605
11:03:55 Call m_esets_charon_send
11:03:55 Call m_esets_charon_destroy
11:03:56 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Tim & Dixie\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
 



#8 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2017 - 02:17 PM

Roguekiller log

 

ogueKiller V12.10.5.0 (x64) [Apr 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Tim & Dixie [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/21/2017 11:05:34 (Duration : 00:28:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] mqywbkio.default-1492638223166 : user_pref("browser.startup.homepage", "https://en.wikipedia.org/wiki/Special:Random"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: APOTOP SSD S3C +++++
--- User ---
[MBR] 6d10f8f68ca4add7fdd30cf4a007082c
[BSP] c3b262263d9781d1ec1d1e41a515b8ea : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 200 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 411648 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 673792 | Size: 121325 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 249147392 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-07M2NA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD30EZRZ-00Z5HB0 +++++
--- User ---
[MBR] c04a40d3a6a527a8f4dbc5de124b09e2
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Seagate BUP Slim SL SCSI Disk Device +++++
--- User ---
[MBR] ec9f54de4403dc5fc83b2e554e207a39
[BSP] d24ff9ff2eb7def7280aea60db4e3246 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907728 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )



#9 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2017 - 02:19 PM

Rkill log

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/21/2017 12:18:35 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/21/2017 12:18:42 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
 



#10 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2017 - 02:24 PM

Junkware Removal Tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Tim & Dixie (Administrator) on 21-Apr-17 at 12:19:47.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Tim & Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\mqywbkio.default-1492638223166\Invalidprefs.js (File)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-Apr-17 at 12:22:40.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 22 April 2017 - 08:03 PM

Have there been any improvements in Internet speed?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#12 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 22 April 2017 - 09:13 PM

Nope. Phones and other devices are running around normal, 50+ on speed tests, PC still running about 2-5 up and around 10 down. Is there anything troubling or questionable in the logs? Would wiping the OS and starting over from scratch feasibly fix anything?


Edited by Nimdok, 22 April 2017 - 09:14 PM.


#13 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 23 April 2017 - 05:32 PM

Back up ALL the data you want to save from your computer to a USB flash drive, external hard drive, or DVD/CD.

 

Go to Settings > Recovery. Click "Get Started" under the Reset Your PC option.

Important: Make sure all your files you want to save are safely stored on another storage device!

Click on Remove Everything, then go through the screens to reset your computer. If your computer has an option of Restore Factory Settings, use that.

Warning: This will remove all programs and files from your computer!

Wait for your PC to reset, and then restore your files to the PC from the storage media.

 

There should be no slow internet now!


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#14 Nimdok

Nimdok
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 26 April 2017 - 06:02 PM

Well, here I am.

 

Restoring the machine didn't fix the problem, didn't even seem to make a difference. I had planned on restoring it, anyway, so it's not a loss but it's still frustrating.



#15 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:09 AM

Posted 26 April 2017 - 06:15 PM

Did your PC have an option of  Restore Factory Settings?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users