Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESProtectionDriver? Pop-ups, re-routes, other random & weird issues with my PC


  • Please log in to reply
7 replies to this topic

#1 totallypolluted

totallypolluted

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:02 PM

Posted 14 May 2017 - 07:11 AM

Accept my apologies in advance should I fall short of any guidelines of bleepingcomputer.com site specifics in my mad-dash to access this knowledge base to have this issue posted as quickly as I could since I have wasted much time trying to figure out what/who/? that it is exactly with this sick interest in my computer stuff! (note a brief buffer posted by me in the “Introductions.” I know just enough to be dangerous!!!)   I have downloaded and run all of these lovely tools/gadgets that are said to help with problems such as  Adware, Junkware, Malware, Root kits, System dissector-doctors and so on but I have not a clue what to do with all of this well of information they provide. So here is the skinny!  It all started with AVG about a month ago.

  • I updated virus definitions, then noticed unusual behavior in the AVG user interface and the mouse hanging up every 30 seconds.
  • So,  I ran avg.com/toolsandutilites “update troubleshooter”  but I had to contact AVG  tech support simply to ask what to do with the logs. Brilliance here (me) allowed a “remote session” with an apparent sadist who proceeded to finagle my computer to near death at which point I was told that I would have to “take it to local technician for fix, your hard drive must be replaced!”  Evidently these would be the last words that the AVG tech would sputter because he suddenly lost the ability to speak! Any language!  Leaving a trail of ugly behind him.   (A few hours of uneducated pecking & wild guessing found the device alive and well)
  • Safe-search??? My Google Chrome/default browser was not in the usual state. (IDK exactly, but something was off)
    • Opened Chrome but it was an app and appeared somehow different looking.
    • *Note: AVG Web Tune-up(safe-search)  was NOT enabled, to my knowledge, because when I opened either of my browsers-Firefox or Chrome, the start-up page was not the standard AVG home page as was the case just 2 days prior when this feature was enabled for the same browsers.  Open browser to native home/start page by all appearances. ie: Google, Firefox.  However,  searching from either browser the results came from yahoo and something was just not right to me. 
    • AVG “support” somehow tweaked my network settings in such a way that my internet connectivity was disabled completely, at the exact moment I discovered and disabled the AVG control of my browsers. 
    • No other way to explain the internet connection issue (or at least in simple terms for me ) when right in front of me on the same desk, I  had 2 devices (desktop pc and laptop pc) which were hard-wire connected to the same modem but only one device was able to connect to the internet.  (The device with the search hijacker disabled was not connecting to internet):

 

  • Five days ago I attempted a “clean install” of Windows and surprisingly enough, I am almost certain that I did so successfully despite recent unexplained events. 
  • I have not installed any security programs, until today, other than the free version of Malwarebytes (with serious functionality issues, possibly due to a previous install and unsuccessful uninstall), Microsoft Windows Defender, and Ad-guard.  Plus CCleaner and Revo-Uninstall.

 

  • Windows Updates continue to fail and troubleshooter does not fix. ( I have saved logs if they might be of any value for a person who is more well-versed in this area of expertise than I.  )  
  •  Windows Defender has creeped a slow death over the 5 days and is now completely non-functional.  Updates failed at first, but would install upon retry, then updates failed with notification, and now the update status bar remains blacked out when I attempt to update virus definitions and notification of failure is not even provided anymore. 
  • Browser-Edge, unusual behavior and it seems to just be all over the place. Pop-ups and pages opening randomly as well as downloads running without any input from user (ie: Flash player from an overly obvious invalid download source)
  • While Google Chrome is obviously compromised in some way since the settings fail to remain as they have previously been set, the pop-ups are many, and when I open Google browser the screen is bright white for a period of at least 10-15 seconds before taking me to the Chrome homepage. 
  • Internet Explorer randomly opens links when I have defaults set for Edge and Chrome.
  • At least 5 times now I have uninstalled then reinstalled Chrome and the behavior is the same. 

The random and bizarre continue as of this minute with my computer issue but I will end here and hope to have better days with ya'lls help!  :flowers:

I am attaching the various logs that were not abducted in the missing OneDrive folder I spoke of before.  Hopefully they will be of good insight to anyone out there who knows what they mean! :hysterical: 

Apologies if I was supposed to wait for instructions but I hope that what I am sending will get us off to a great start.  I thank you so much for your time and consideration. 

oh!

Windows 10 Home version 1703

Windows Defender

Adguard

Malwarebytes

Revo-Uninstaller

CCleaner

Hitman Pro

and the 42million utility/tools that I downloaded and ran within the last 24 hours!

 

NEVERMIND, I see that I cannot 'attach' the files so this is a portion of my documentation and I hope it is helpful. Thank you!

 

{I typed up these samples before I became aware that I could attach files instead of include them as part of a post to the forum.}

  1. Hitman Pro -              Suspicious:         ESProtectionDriver
  2. Hitman Pro-    --C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\A8YD36XJ.cookie

----C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookie

      --Forensic Cluster

          0.0s C:\$Recycle.Bin\S-1-5-21-92637911-3555677864-1453432773-1001\$RKHC790.exe

          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\78\

          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\78\78A292EAEBF49BCA.dat

          4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\979D3B8636663F54EC0D0FC3728181E1

 

  1. Example of logged issue- Win32/Bundled.Toolbar.Google.D potentially unsafe application  cleaned by deleting
  2. Entire file folder from my OneDrive disappeared. The folder included all the saved downloads of the tools that I attempted to use for identifying the source of problem today. 
  3.  Eset System Inspector scan produced an enormous amount of information which appears to be quite abnormal even to an amateur like me.  Although I am intrigued by it all, I have no idea how to interpret any portion of it.  Help???
  4. None of the tools that I downloaded to my computer which were designed to detect possible issues with Root Kit completed successfully.  All encountered an error almost immediately after starting the process.
    1. Kasperski TdssKiller and Kido Killer
    2. Malwarebytes Anti-rootkit beta failed to run successfully

 

Network Properties from Windows Settings-Network-Status—Even as this data shows AFTER I ran the MiniToolBar these settings were not in place 2 days ago.  Much more simple. 

 

Name:   Ethernet

Description:       Realtek PCIe FE Family Controller

Physical address (MAC):              7c:05:07:37:89:e6

Status:  Not operational

Maximum transmission unit:     1500

IPv4 address:     169.254.101.233/16

IPv6 address:     fe80::3021:f33c:6647:65e9%8/64

DNS servers:      fec0:0:0:ffff::1%1, fec0:0:0:ffff::2%1, fec0:0:0:ffff::3%1

Connectivity (IPv4/IPv6):            Disconnected

                                                 

                                                 

Name:   Local Area Connection* 1

Description:       Microsoft Wi-Fi Direct Virtual Adapter

Physical address (MAC):              1c:3e:84:ce:5e:a3

Status:  Not operational

Maximum transmission unit:     1500

IPv4 address:     169.254.116.222/16

IPv6 address:     fe80::2920:3867:34f4:74de%9/64

DNS servers:      fec0:0:0:ffff::1%1, fec0:0:0:ffff::2%1, fec0:0:0:ffff::3%1

Connectivity (IPv4/IPv6):            Disconnected

                                                 

                                                 

Name:   Wi-Fi

Description:       Ralink RT5390R 802.11bgn Wi-Fi Adapter

Physical address (MAC):              1c:3e:84:ce:5e:a1

Status:  Operational

Maximum transmission unit:     1500

Link speed (Receive/Transmit): 600/72 (Mbps)

DHCP enabled:  Yes

DHCP servers:   192.168.0.1

DHCP lease obtained:    ‎Sunday, ‎May ‎14, ‎2017 12:09:32 AM

DHCP lease expires:       ‎Monday, ‎May ‎15, ‎2017 12:09:32 AM

IPv4 address:     192.168.0.5/24

IPv6 address:     fe80::c99a:1f06:eac8:e30e%3/64

Default gateway:            192.168.0.1

DNS servers:      192.168.0.1, 205.171.203.226

DNS domain name:        Home

DNS connection suffix: Home

DNS search suffix list:   

Network name:               MainPortal-PsychosisWonderland

Network category:         Public

Connectivity (IPv4/IPv6):            Connected to Internet / Connected to unknown network

                                                 

                                                 

Name:   Teredo Tunneling Pseudo-Interface

Description:       Teredo Tunneling Pseudo-Interface

Physical address (MAC):              00:00:00:00:00:00:00:e0

Status:  Operational

Maximum transmission unit:     1280

IPv6 address:     2001:0:5ef5:79fb:8b2:9fc:3f57:fffa/64, fe80::8b2:9fc:3f57:fffa%7/64

Default gateway:            ::

Connectivity (IPv4/IPv6):            Disconnected

                                                 

 

                                                  

 

HitmanPro 3.7.18.284

www.hitmanpro.com

 

   Computer name . . . . : HOMEDESKTOPPC

   Windows . . . . . . . : 10.0.0.15063.X64/2

   User name . . . . . . : HOMEDESKTOPPC\tarag

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Trial (31 days left)

 

   Scan date . . . . . . : 2017-05-13 13:22:24

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 33m 22s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No

 

   Threats . . . . . . . : 0

   Traces  . . . . . . . : 4

 

   Objects scanned . . . : 1,485,923

   Files scanned . . . . : 20,868

   Remnants scanned  . . : 289,714 files / 1,175,341 keys

 

Suspicious files ____________________________________________________________

 

   C:\$Recycle.Bin\S-1-5-21-92637911-3555677864-1453432773-1001\$RKHC790.exe -> Quarantined

      Size . . . . . . . : 2,429,440 bytes

      Age  . . . . . . . : 0.0 days (2017-05-13 13:18:47)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 896B7B41B936A1A793C6BE0DE9B9857B106FA5EC70D3335E9380744CD09F19F4

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 24.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

      Forensic Cluster

          0.0s C:\$Recycle.Bin\S-1-5-21-92637911-3555677864-1453432773-1001\$RKHC790.exe

          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\78\

          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\78\78A292EAEBF49BCA.dat

          4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\979D3B8636663F54EC0D0FC3728181E1

 

   C:\$Recycle.Bin\S-1-5-21-92637911-3555677864-1453432773-1001\$ROS37R0.exe -> Quarantined

      Size . . . . . . . : 2,429,440 bytes

      Age  . . . . . . . : -0.0 days (2017-05-13 13:30:04)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 896B7B41B936A1A793C6BE0DE9B9857B106FA5EC70D3335E9380744CD09F19F4

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 26.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

 

 

Cookies _____________________________________________________________________

   C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\A8YD36XJ.cookie

   C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookie

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by tarag (administrator) on 14-05-2017 at 03:59:33

Running from "C:\Users\tarag\OneDrive\TaraOneDrvOnline\ComputerBrowsersLinksMisc"

Microsoft Windows 10 Home  (X64)

Model: 20-b010 Manufacturer: Hewlett-Packard

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

========================= IP Configuration: ================================

 

Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)

Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global

set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : HomeDesktopPC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : Home

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 7C-05-07-37-89-E6

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Local Area Connection* 1:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 1C-3E-84-CE-5E-A3

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : Home

   Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter

   Physical Address. . . . . . . . . : 1C-3E-84-CE-5E-A1

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::c99a:1f06:eac8:e30e%3(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Sunday, May 14, 2017 12:09:32 AM

   Lease Expires . . . . . . . . . . : Monday, May 15, 2017 12:09:30 AM

   Default Gateway . . . . . . . . . : 192.168.0.1

   DHCP Server . . . . . . . . . . . : 192.168.0.1

   DHCPv6 IAID . . . . . . . . . . . : 35405444

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-A7-64-D5-7C-05-07-37-89-E6

   DNS Servers . . . . . . . . . . . : 192.168.0.1

                                       205.171.203.226

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8b2:9fc:3f57:fffa(Preferred)

   Link-local IPv6 Address . . . . . : fe80::8b2:9fc:3f57:fffa%7(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 536870912

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-A7-64-D5-7C-05-07-37-89-E6

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  modem.Home

Address:  192.168.0.1

 

Name:    google.com

Addresses:  2607:f8b0:4004:801::200e

                 172.217.7.206

 

 

Pinging google.com [172.217.7.206] with 32 bytes of data:

Reply from 172.217.7.206: bytes=32 time=51ms TTL=56

Reply from 172.217.7.206: bytes=32 time=52ms TTL=56

 

Ping statistics for 172.217.7.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 51ms, Maximum = 52ms, Average = 51ms

Server:  modem.Home

Address:  192.168.0.1

 

Name:    yahoo.com

Addresses:  2001:4998:44:204::a7

                 2001:4998:c:a06::2:4008

                 2001:4998:58:c02::a9

                 98.138.253.109

                 206.190.36.45

                 98.139.183.24

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=119ms TTL=53

Reply from 206.190.36.45: bytes=32 time=120ms TTL=53

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 119ms, Maximum = 120ms, Average = 119ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  8...7c 05 07 37 89 e6 ......Realtek PCIe FE Family Controller

  9...1c 3e 84 ce 5e a3 ......Microsoft Wi-Fi Direct Virtual Adapter

  3...1c 3e 84 ce 5e a1 ......Ralink RT5390R 802.11bgn Wi-Fi Adapter

  1...........................Software Loopback Interface 1

  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     55

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331

      192.168.0.0    255.255.255.0         On-link       192.168.0.5    311

      192.168.0.5  255.255.255.255         On-link       192.168.0.5    311

    192.168.0.255  255.255.255.255         On-link       192.168.0.5    311

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331

        224.0.0.0        240.0.0.0         On-link       192.168.0.5    311

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331

  255.255.255.255  255.255.255.255         On-link       192.168.0.5    311

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  7    331 ::/0                     On-link

  1    331 ::1/128                  On-link

  7    331 2001::/32                On-link

  7    331 2001:0:5ef5:79fb:8b2:9fc:3f57:fffa/128

                                    On-link

  3    311 fe80::/64                On-link

  7    331 fe80::/64                On-link

  7    331 fe80::8b2:9fc:3f57:fffa/128

                                    On-link

  3    311 fe80::c99a:1f06:eac8:e30e/128

                                    On-link

  1    331 ff00::/8                 On-link

  3    311 ff00::/8                 On-link

  7    331 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/14/2017 01:40:13 AM) (Source: Application Error) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.0, time stamp: 0x58ccbae4

Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb

Exception code: 0xcfffffff

Fault offset: 0x00000000000a64c4

Faulting process id: 0x2480

Faulting application start time: 0xMicrosoftEdgeCP.exe0

Faulting application path: MicrosoftEdgeCP.exe1

Faulting module path: MicrosoftEdgeCP.exe2

Report Id: MicrosoftEdgeCP.exe3

Faulting package full name: MicrosoftEdgeCP.exe4

Faulting package-relative application ID: MicrosoftEdgeCP.exe5

 

Error: (05/14/2017 01:23:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOMEDESKTOPPC)

Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (05/14/2017 01:23:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOMEDESKTOPPC)

Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00121401-0002-0000-041f-060000000000} was terminated because it took too long to suspend.

 

Error: (05/14/2017 01:04:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOMEDESKTOPPC)

Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{000d1402-0001-0000-041f-060000000000} was terminated because it took too long to suspend.

 

Error: (05/14/2017 12:17:30 AM) (Source: ESENT) (User: )

Description: DllHost (7864) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery/restore failed with unexpected error -1216.

 

Error: (05/14/2017 12:17:30 AM) (Source: ESENT) (User: )

Description: DllHost (7864) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

 

Error: (05/14/2017 12:16:56 AM) (Source: Application Error) (User: )

Description: Faulting application name: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94

Faulting module name: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94

Exception code: 0x40000015

Fault offset: 0x0014376c

Faulting process id: 0x23a0

Faulting application start time: 0x{22A5FFAA-17AD-4339-A219-D076CE825B11}.exe0

Faulting application path: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe1

Faulting module path: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe2

Report Id: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe3

Faulting package full name: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe4

Faulting package-relative application ID: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe5

 

Error: (05/14/2017 12:15:08 AM) (Source: Application Error) (User: )

Description: Faulting application name: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94

Faulting module name: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94

Exception code: 0x40000015

Fault offset: 0x0014376c

Faulting process id: 0x1618

Faulting application start time: 0x{B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe0

Faulting application path: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe1

Faulting module path: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe2

Report Id: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe3

Faulting package full name: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe4

Faulting package-relative application ID: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe5

 

Error: (05/13/2017 09:52:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOMEDESKTOPPC)

Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

 

Error: (05/13/2017 05:39:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOMEDESKTOPPC)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (05/14/2017 01:23:56 AM) (Source: DCOM) (User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess

 

Error: (05/14/2017 12:09:25 AM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (05/13/2017 07:35:07 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

Error: (05/13/2017 07:35:07 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\tarag\AppData\Local\Temp\ehdrv.sys

 

Error: (05/13/2017 07:35:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

Error: (05/13/2017 07:35:06 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\tarag\AppData\Local\Temp\ehdrv.sys

 

Error: (05/13/2017 07:35:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

Error: (05/13/2017 07:35:06 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\tarag\AppData\Local\Temp\ehdrv.sys

 

Error: (05/13/2017 07:35:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

Error: (05/13/2017 07:35:06 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\tarag\AppData\Local\Temp\ehdrv.sys

 

 

Microsoft Office Sessions:

=========================

Error: (05/14/2017 01:40:13 AM) (Source: Application Error)(User: )

Description: MicrosoftEdgeCP.exe11.0.15063.058ccbae4ntdll.dll10.0.15063.0b79b6ddbcfffffff00000000000a64c4248001d2cc7475eb490bC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exeC:\Windows\SYSTEM32\ntdll.dll322cfd15-b443-4bf5-ad16-b2ad76b0f7feMicrosoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbweContentProcess

 

Error: (05/14/2017 01:23:56 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess-2144927141

 

Error: (05/14/2017 01:23:01 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00121401-0002-0000-041f-060000000000}

 

Error: (05/14/2017 01:04:36 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{000d1402-0001-0000-041f-060000000000}

 

Error: (05/14/2017 12:17:30 AM) (Source: ESENT)(User: )

Description: DllHost7864Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: -1216

 

Error: (05/14/2017 12:17:30 AM) (Source: ESENT)(User: )

Description: DllHost7864Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: -1216C:\Users\tarag\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb

 

Error: (05/14/2017 12:16:56 AM) (Source: Application Error)(User: )

Description: {22A5FFAA-17AD-4339-A219-D076CE825B11}.exe3.1.0.1558f5cf94{22A5FFAA-17AD-4339-A219-D076CE825B11}.exe3.1.0.1558f5cf94400000150014376c23a001d2cc68dac61a06C:\Users\tarag\AppData\Local\Temp\{3EA817C6-04EF-46F6-9155-D35116471149}\{22A5FFAA-17AD-4339-A219-D076CE825B11}.exeC:\Users\tarag\AppData\Local\Temp\{3EA817C6-04EF-46F6-9155-D35116471149}\{22A5FFAA-17AD-4339-A219-D076CE825B11}.exe4c538f82-79f1-4981-8b15-e62fd1f5d63c

 

Error: (05/14/2017 12:15:08 AM) (Source: Application Error)(User: )

Description: {B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe3.1.0.1558f5cf94{B72ED408-2F41-4AC1-8413-3CD1974D5877}.exe3.1.0.1558f5cf94400000150014376c161801d2cc6810e95405C:\Users\tarag\AppData\Local\Temp\{1F516807-83B7-4CDE-9A7B-DA53CEA465E9}\{B72ED408-2F41-4AC1-8413-3CD1974D5877}.exeC:\Users\tarag\AppData\Local\Temp\{1F516807-83B7-4CDE-9A7B-DA53CEA465E9}\{B72ED408-2F41-4AC1-8413-3CD1974D5877}.exec2cb98eb-0bae-468f-a5d5-8cc4f0d08f45

 

Error: (05/13/2017 09:52:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOMEDESKTOPPC)

Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel

 

Error: (05/13/2017 05:39:48 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOMEDESKTOPPC)

Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142

 

 

CodeIntegrity Errors:

===================================

  Date: 2017-05-13 05:07:31.434

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:30.410

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:29.281

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:27.538

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:51:04.094

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:57.677

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:53.077

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:52.004

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:51.277

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:50.269

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

 

=========================== Installed Programs ============================

 

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mozilla Firefox 53.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0.2 (x64 en-US)) (Version: 53.0.2 - Mozilla)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)

 

========================= Devices: ================================

 

Name: HID-compliant system controller

Description: HID-compliant system controller

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Device ID: HID\VID_3938&PID_1032&MI_01&COL03\7&1287E464&0&0002

 

Name: Standard Enhanced PCI to USB Host Controller

Description: Standard Enhanced PCI to USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbehci

Device ID: PCI\VEN_1022&DEV_7808&SUBSYS_2AF0103C&REV_11\3&11583659&0&92

 

Name: Standard Enhanced PCI to USB Host Controller

Description: Standard Enhanced PCI to USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbehci

Device ID: PCI\VEN_1022&DEV_7808&SUBSYS_2AF0103C&REV_11\3&11583659&0&9A

 

Name: System board

Description: System board

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C01\1

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Device ID: USB\VID_3938&PID_1032&MI_01\6&1C900AC3&0&0001

 

Name: HP 1.0MP High Definition Webcam

Description: USB Video Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Device ID: USB\VID_0BDA&PID_58B6&MI_00\6&EF225A4&0&0000

 

Name: Microsoft Print to PDF

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\{8E446D83-9445-4EC2-B968-F2A7939D1763}

 

Name: USB Composite Device

Description: USB Composite Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbccgp

Device ID: USB\VID_3938&PID_1032\5&4FE8397&0&1

 

Name: Root Print Queue

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\PRINTQUEUES

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB\4&5E1D985&0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1719&SUBSYS_00000000&REV_00\3&11583659&0&C7

 

Name: Speakers (Realtek High Definition Audio)

Description: Audio Endpoint

Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}

Manufacturer: Microsoft

Service:

Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{EFEE7BFB-D477-4A4F-B315-12543B958E09}

 

Name: Volume Manager

Description: Volume Manager

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: volmgr

Device ID: ROOT\VOLMGR\0000

 

Name: High precision event timer

Description: High precision event timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0103\2&DABA3FF&0

 

Name: USB Root Hub (USB 3.0)

Description: USB Root Hub (USB 3.0)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB HUBs)

Service: USBHUB3

Device ID: USB\ROOT_HUB30\4&1CB100FC&0&0

 

Name: Microsoft Basic Display Driver

Description: Microsoft Basic Display Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard display types)

Service: BasicDisplay

Device ID: ROOT\BASICDISPLAY\0000

 

Name: HID-compliant device

Description: HID-compliant device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Device ID: HID\VID_3938&PID_1031&COL02\6&2149B10B&0&0001

 

Name: Microphone (Realtek High Definition Audio)

Description: Audio Endpoint

Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}

Manufacturer: Microsoft

Service:

Device ID: SWD\MMDEVAPI\{0.0.1.00000000}.{38420A05-A098-448E-839A-AACFE9618D1A}

 

Name: Microsoft IPv4 IPv6 Transition Adapter Bus

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\IP_TUNNEL_VBUS\IP_TUNNEL_DEVICE_ROOT

 

Name: Canon MX490 series FAX WS

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\WSD-1FD853E1-F119-4375-B117-6A53F47F0EB8.0066

 

Name: HID Keyboard Device

Description: HID Keyboard Device

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: kbdhid

Device ID: HID\VID_3938&PID_1032&MI_00\7&365F2226&0&0000

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Device ID: SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

 

Name: PCI-to-PCI Bridge

Description: PCI-to-PCI Bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: PCI\VEN_1022&DEV_43A0&SUBSYS_00001022&REV_00\3&11583659&0&A8

 

Name: Canon MX490 series Printer WS

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Canon

Service:

Device ID: SWD\PRINTENUM\{392555DD-3123-4B26-9E20-A60FCF951348}

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1716&SUBSYS_00000000&REV_00\3&11583659&0&C6

 

Name: PCI standard ISA bridge

Description: PCI standard ISA bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: msisadrv

Device ID: PCI\VEN_1022&DEV_780E&SUBSYS_2AF0103C&REV_11\3&11583659&0&A3

 

Name: USB Mass Storage Device

Description: USB Mass Storage Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Compatible USB storage device

Service: USBSTOR

Device ID: USB\VID_0951&PID_1666\60A44C413841F07109920094

 

Name: Standard SATA AHCI Controller

Description: Standard SATA AHCI Controller

Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}

Manufacturer: Standard SATA AHCI Controller

Service: storahci

Device ID: PCI\VEN_1022&DEV_7801&SUBSYS_2AF0103C&REV_40\3&11583659&0&88

 

Name: AMD SMBus

Description: AMD SMBus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Advanced Micro Devices, Inc

Service:

Device ID: PCI\VEN_1022&DEV_780B&SUBSYS_2AF0103C&REV_14\3&11583659&0&A0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1702&SUBSYS_00000000&REV_00\3&11583659&0&C2

 

Name: Composite Bus Enumerator

Description: Composite Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: CompositeBus

Device ID: ROOT\COMPOSITEBUS\0000

 

Name: Microsoft Virtual Drive Enumerator

Description: Microsoft Virtual Drive Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vdrvroot

Device ID: ROOT\VDRVROOT\0000

 

Name: MX490 series _0530F8000000

Description: WSD Print Device

Class Guid: {c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}

Manufacturer: CANON INC.

Service: WSDPrintDevice

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:00000000-0000-1000-8000-F80D600530F8/HTTP://SCHEMAS.CANON.COM/PRINTER

 

Name: Send To OneNote 2016

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\{D63CFD3D-0777-439D-87EE-3F89AD91060A}

 

Name: Microsoft Storage Spaces Controller

Description: Microsoft Storage Spaces Controller

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: spaceport

Device ID: ROOT\SPACEPORT\0000

 

Name: Realtek PCIE CardReader

Description: Realtek PCIE CardReader

Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek Semiconduct Corp.

Service: RSPCIESTOR

Device ID: PCI\VEN_10EC&DEV_5209&SUBSYS_2AF0103C&REV_01\4&29478102&0&00AA

 

Name: AMD USB 3.0 eXtensible Host Controller - 0.96 (Microsoft)

Description: USB xHCI Compliant Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Generic USB xHCI Host Controller

Service: USBXHCI

Device ID: PCI\VEN_1022&DEV_7812&SUBSYS_2AF0103C&REV_03\3&11583659&0&80

 

Name: Microsoft Kernel Debug Network Adapter

Description: Microsoft Kernel Debug Network Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: kdnic

Device ID: ROOT\KDNIC\0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{631DF12C-3713-11E7-8C98-806E6F6E6963}#0000000056800000

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT6

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT7

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT8

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT9

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB\4&28B5D74C&0

 

Name: MX490 series _0530F8000000

Description: WSD Scan Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: CANON INC.

Service: WSDScan

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:00000000-0000-1000-8000-F80D600530F8/HTTP://SCHEMAS.CANON.COM/SCANNER

 

Name: System CMOS/real time clock

Description: System CMOS/real time clock

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0B00\4&3473B483&0

 

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Device ID: PCI\VEN_1022&DEV_7807&SUBSYS_2AF0103C&REV_11\3&11583659&0&90

 

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Device ID: PCI\VEN_1022&DEV_7807&SUBSYS_2AF0103C&REV_11\3&11583659&0&98

 

Name: Wi-Fi

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\RADIO\{34C6F091-6B51-4CDE-96CC-A2A6681FDAB2}

 

Name: AMD Radeon HD 7310 Graphics

Description: AMD Radeon HD 7310 Graphics

Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}

Manufacturer: Advanced Micro Devices, Inc.

Service: amdkmdap

Device ID: PCI\VEN_1002&DEV_9809&SUBSYS_2AF0103C&REV_00\3&11583659&0&08

 

Name: HID-compliant device

Description: HID-compliant device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Device ID: HID\VID_3938&PID_1032&MI_01&COL05\7&1287E464&0&0004

 

Name: Programmable interrupt controller

Description: Programmable interrupt controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0000\4&3473B483&0

 

Name: Realtek PCIe FE Family Controller

Description: Realtek PCIe FE Family Controller

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: rt640x64

Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AF0103C&REV_05\4&4E7D078&0&00A8

 

Name: PCI-to-PCI Bridge

Description: PCI-to-PCI Bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: PCI\VEN_1022&DEV_43A2&SUBSYS_00001022&REV_00\3&11583659&0&AA

 

Name: UMBus Root Bus Enumerator

Description: UMBus Root Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: umbus

Device ID: ROOT\UMBUS\0000

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1718&SUBSYS_00000000&REV_00\3&11583659&0&C5

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB20\4&1F8D2EA5&0

 

Name: Microsoft Radio Device Enumeration Bus

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\RADIO\{3DB5895D-CC28-44B3-AD3D-6F01A782B8D2}

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT10

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT11

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT12

 

Name: System board

Description: System board

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C01\C8

 

Name: Microsoft Device Association Root Enumerator

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

 

Name: ACPI x64-based PC

Description: ACPI x64-based PC

Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard computers)

Service: \Driver\ACPI_HAL

Device ID: ROOT\ACPI_HAL\0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{631DF12C-3713-11E7-8C98-806E6F6E6963}#0000000000100000

 

Name: PCI Express Root Complex

Description: PCI Express Root Complex

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: ACPI\PNP0A08\0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1704&SUBSYS_00000000&REV_00\3&11583659&0&C4

 

Name: Direct memory access controller

Description: Direct memory access controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0200\4&3473B483&0

 

Name: Microsoft ACPI-Compliant System

Description: Microsoft ACPI-Compliant System

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: ACPI

Device ID: ACPI_HAL\PNP0C08\0

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Device ID: HTREE\ROOT\0

 

Name: Microsoft Basic Render Driver

Description: Microsoft Basic Render Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: BasicRender

Device ID: ROOT\BASICRENDER\0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_#60A44C413841F07109920094&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

 

Name: Generic PnP Monitor

Description: Generic PnP Monitor

Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard monitor types)

Service: monitor

Device ID: DISPLAY\HWP421A\4&9B6C8E1&0&UID256

 

Name: Microsoft Wi-Fi Direct Virtual Adapter

Description: Microsoft Wi-Fi Direct Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3B49E8C5&0&11

 

Name: High Definition Audio Controller

Description: High Definition Audio Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HDAudBus

Device ID: PCI\VEN_1022&DEV_780D&SUBSYS_2AF0103C&REV_01\3&11583659&0&A2

 

Name: HID-compliant mouse

Description: HID-compliant mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: mouhid

Device ID: HID\VID_3938&PID_1032&MI_01&COL01\7&1287E464&0&0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{631DF12C-3713-11E7-8C98-806E6F6E6963}#0000006F49E00000

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1701&SUBSYS_00000000&REV_00\3&11583659&0&C1

 

Name: FileHistory

Description: DataTraveler 3.0

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Kingston

Service: WUDFWpdFs

Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_#60A44C413841F07109920094&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

 

Name: ACPI Fixed Feature Button

Description: ACPI Fixed Feature Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&0

 

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Device ID: PCI\VEN_1022&DEV_7809&SUBSYS_2AF0103C&REV_11\3&11583659&0&A5

 

Name: Kingston DataTraveler 3.0 USB Device

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Device ID: USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_\60A44C413841F07109920094&0

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\10

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\14

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\99

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB\4&7143B41&0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1510&SUBSYS_2AF0103C&REV_00\3&11583659&0&00

 

Name: Numeric data processor

Description: Numeric data processor

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C04\4&3473B483&0

 

Name: PCI-to-PCI Bridge

Description: PCI-to-PCI Bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: PCI\VEN_1022&DEV_780F&SUBSYS_00000000&REV_40\3&11583659&0&A4

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB20\4&386E8850&0

 

Name: Microsoft GS Wavetable Synth

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service:

Device ID: SWD\MMDEVAPI\MICROSOFTGSWAVETABLESYNTH

 

Name: ACPI Power Button

Description: ACPI Power Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C0C\AA

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Device ID: USB\VID_3938&PID_1031\5&4FE8397&0&2

 

Name: AMD E1-1200 APU with Radeon™ HD Graphics

Description: AMD Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Advanced Micro Devices

Service: AmdPPM

Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON™_HD_GRAPHICS\_1

 

Name: AMD E1-1200 APU with Radeon™ HD Graphics

Description: AMD Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Advanced Micro Devices

Service: AmdPPM

Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON™_HD_GRAPHICS\_2

 

Name: Microsoft XPS Document Writer

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\{A09B4690-B607-437B-A56C-E7F7D9FA6792}

 

Name: NDIS Virtual Network Adapter Enumerator

Description: NDIS Virtual Network Adapter Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisVirtualBus

Device ID: ROOT\NDISVIRTUALBUS\0000

 

Name: HID-compliant consumer control device

Description: HID-compliant consumer control device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: Microsoft

Service:

Device ID: HID\VID_3938&PID_1032&MI_01&COL02\7&1287E464&0&0001

 

Name: MX490 series _0530F8000000

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: CANON INC.

Service:

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:00000000-0000-1000-8000-F80D600530F8

 

Name: PCI-to-PCI Bridge

Description: PCI-to-PCI Bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: PCI\VEN_1022&DEV_43A1&SUBSYS_00001022&REV_00\3&11583659&0&A9

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Device ID: USB\VID_3938&PID_1032&MI_00\6&1C900AC3&0&0000

 

Name: ST500DM002-1BD142

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Device ID: SCSI\DISK&VEN_&PROD_ST500DM002-1BD14\4&28F92D0C&0&000000

 

Name: System speaker

Description: System speaker

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0800\4&3473B483&0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1700&SUBSYS_00000000&REV_43\3&11583659&0&C0

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\111

 

Name: MX490 series _0530F8000000

Description: WSD Print Device

Class Guid: {c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}

Manufacturer: CANON INC.

Service: WSDPrintDevice

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:00000000-0000-1000-8000-F80D600530F8/HTTP://SCHEMAS.CANON.COM/FAX

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\700

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{631DF12C-3713-11E7-8C98-806E6F6E6963}#000000005E800000

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: PCI\VEN_1022&DEV_1703&SUBSYS_00000000&REV_00\3&11583659&0&C3

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0C02\E11

 

Name: Microsoft System Management BIOS Driver

Description: Microsoft System Management BIOS Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: mssmbios

Device ID: ROOT\MSSMBIOS\0000

 

Name: Ralink RT5390R 802.11bgn Wi-Fi Adapter

Description: Ralink RT5390R 802.11bgn Wi-Fi Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Ralink Technology, Corp.

Service: netr28x

Device ID: PCI\VEN_1814&DEV_539B&SUBSYS_18ED103C&REV_00\4&32D88900&0&00A9

 

Name: Plug and Play Software Device Enumerator

Description: Plug and Play Software Device Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: swenum

Device ID: ROOT\SYSTEM\0000

 

Name: Realtek High Definition Audio

Description: Realtek High Definition Audio

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: IntcAzAudAddService

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_103C2AF0&REV_1002\4&3C3108E&0&0001

 

Name: USB Composite Device

Description: USB Composite Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbccgp

Device ID: USB\VID_0BDA&PID_58B6\201203140001

 

Name: HID-compliant mouse

Description: HID-compliant mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: mouhid

Device ID: HID\VID_3938&PID_1031&COL01\6&2149B10B&0&0000

 

Name: Remote Desktop Device Redirector Bus

Description: Remote Desktop Device Redirector Bus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: rdpbus

Device ID: ROOT\RDPBUS\0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{631DF12C-3713-11E7-8C98-806E6F6E6963}#0000000040000000

 

Name: System timer

Description: System timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Device ID: ACPI\PNP0100\4&3473B483&0

 

Name: PCI-to-PCI Bridge

Description: PCI-to-PCI Bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: PCI\VEN_1022&DEV_1512&SUBSYS_2AF0103C&REV_00\3&11583659&0&20

 

Name: Canon MX490 series Printer

Description: Canon MX490 series Printer

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: Canon

Service:

Device ID: SWD\PRINTENUM\WSD-49A99B80-CF3E-4773-9905-B2F9BBEBA276.0060

 

Name: Fax

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service:

Device ID: SWD\PRINTENUM\{1AEA3A3E-D8AC-4D64-A682-CF497D8A6D9C}

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 49%

Total physical RAM: 3667.87 MB

Available physical RAM: 1836.62 MB

Total Virtual: 5075.87 MB

Available Virtual: 2632.46 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:443.68 GB) (Free:406.52 GB) NTFS

2 Drive d: (FileHistory) (Removable) (Total:14.41 GB) (Free:14 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\HOMEDESKTOPPC

 

Administrator            DefaultAccount           Guest                   

tarag                   

 

========================= Minidump Files ==================================

 

No minidump file found

 

========================= Restore Points ==================================

 

12-05-2017 18:03:51 WindowsInstall may12

13-05-2017 06:20:25 JRT Pre-Junkware Removal

13-05-2017 06:48:49 cleaned c:drive

 

**** End of log ****

 


Edited by hamluis, 14 May 2017 - 07:19 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:02 PM

Posted 15 May 2017 - 01:17 PM

:welcome: to the forums!

 

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!


Edited by iMacg3, 15 May 2017 - 01:19 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 totallypolluted

totallypolluted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:02 PM

Posted 17 May 2017 - 05:16 AM

I hope this is all correctly completed for you.  Please advise if additional steps are necessary. Thank you so very much for your help! :thumbup2: 

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by tarag (administrator) on 17-05-2017 at 01:47:54

Running from "C:\Users\tarag\Desktop"

Microsoft Windows 10 Home  (X64)

Model: 20-b010 Manufacturer: Hewlett-Packard

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

========================= Hosts content: =================================

========================= IP Configuration: ================================

 

Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)

Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global

set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 10" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : HomeDesktopPC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : Home

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 7C-05-07-37-89-E6

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Local Area Connection* 1:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 1C-3E-84-CE-5E-A3

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : Home

   Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter

   Physical Address. . . . . . . . . : 1C-3E-84-CE-5E-A1

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::c99a:1f06:eac8:e30e%3(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, May 17, 2017 12:48:56 AM

   Lease Expires . . . . . . . . . . : Thursday, May 18, 2017 12:48:56 AM

   Default Gateway . . . . . . . . . : 192.168.0.1

   DHCP Server . . . . . . . . . . . : 192.168.0.1

   DHCPv6 IAID . . . . . . . . . . . : 35405444

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-A7-64-D5-7C-05-07-37-89-E6

   DNS Servers . . . . . . . . . . . : 192.168.0.1

                                       205.171.203.226

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:427:17cb:bcb2:7e93(Preferred)

   Link-local IPv6 Address . . . . . : fe80::427:17cb:bcb2:7e93%7(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 536870912

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-A7-64-D5-7C-05-07-37-89-E6

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  modem.Home

Address:  192.168.0.1

 

Name:    google.com

Addresses:  2607:f8b0:4004:801::200e

                 172.217.7.206

 

 

Pinging google.com [172.217.7.206] with 32 bytes of data:

Reply from 172.217.7.206: bytes=32 time=56ms TTL=56

Reply from 172.217.7.206: bytes=32 time=53ms TTL=56

 

Ping statistics for 172.217.7.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 53ms, Maximum = 56ms, Average = 54ms

Server:  modem.Home

Address:  192.168.0.1

 

Name:    yahoo.com

Addresses:  2001:4998:58:c02::a9

                 2001:4998:44:204::a7

                 2001:4998:c:a06::2:4008

                 98.138.253.109

                 206.190.36.45

                 98.139.183.24

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=119ms TTL=53

Reply from 206.190.36.45: bytes=32 time=120ms TTL=53

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 119ms, Maximum = 120ms, Average = 119ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  8...7c 05 07 37 89 e6 ......Realtek PCIe FE Family Controller

  9...1c 3e 84 ce 5e a3 ......Microsoft Wi-Fi Direct Virtual Adapter

  3...1c 3e 84 ce 5e a1 ......Ralink RT5390R 802.11bgn Wi-Fi Adapter

  1...........................Software Loopback Interface 1

  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     55

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331

      192.168.0.0    255.255.255.0         On-link       192.168.0.5    311

      192.168.0.5  255.255.255.255         On-link       192.168.0.5    311

    192.168.0.255  255.255.255.255         On-link       192.168.0.5    311

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331

        224.0.0.0        240.0.0.0         On-link       192.168.0.5    311

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331

  255.255.255.255  255.255.255.255         On-link       192.168.0.5    311

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  7    331 ::/0                     On-link

  1    331 ::1/128                  On-link

  7    331 2001::/32                On-link

  7    331 2001:0:5ef5:79fb:427:17cb:bcb2:7e93/128

                                    On-link

  3    311 fe80::/64                On-link

  7    331 fe80::/64                On-link

  7    331 fe80::427:17cb:bcb2:7e93/128

                                    On-link

  3    311 fe80::c99a:1f06:eac8:e30e/128

                                    On-link

  1    331 ff00::/8                 On-link

  3    311 ff00::/8                 On-link

  7    331 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/17/2017 01:40:48 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (05/17/2017 01:39:55 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {db0de20b-000c-47ae-84af-2765f4df06d2}

 

Error: (05/17/2017 12:53:05 AM) (Source: Perflib) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (05/17/2017 12:50:26 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/16/2017 04:27:30 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/16/2017 04:16:27 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/16/2017 03:37:44 PM) (Source: Application Error) (User: )

Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.0, time stamp: 0x72781892

Exception code: 0xc0000005

Fault offset: 0x0000000000084e4f

Faulting process id: 0x1578

Faulting application start time: 0xShellExperienceHost.exe0

Faulting application path: ShellExperienceHost.exe1

Faulting module path: ShellExperienceHost.exe2

Report Id: ShellExperienceHost.exe3

Faulting package full name: ShellExperienceHost.exe4

Faulting package-relative application ID: ShellExperienceHost.exe5

 

Error: (05/16/2017 03:13:35 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/16/2017 01:09:11 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (05/16/2017 01:03:31 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

System errors:

=============

Error: (05/17/2017 12:48:50 AM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (05/16/2017 03:08:01 PM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (05/15/2017 11:31:22 PM) (Source: DCOM) (User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess

 

Error: (05/15/2017 10:25:44 PM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (05/14/2017 11:04:08 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/14/2017 01:23:56 AM) (Source: DCOM) (User: HOMEDESKTOPPC)

Description: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess

 

Error: (05/14/2017 12:09:25 AM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (05/13/2017 07:35:07 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

Error: (05/13/2017 07:35:07 PM) (Source: Application Popup) (User: )

Description: \??\C:\Users\tarag\AppData\Local\Temp\ehdrv.sys

 

Error: (05/13/2017 07:35:06 PM) (Source: Service Control Manager) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

 

 

 

Microsoft Office Sessions:

=========================

Error: (05/17/2017 01:40:48 AM) (Source: VSS)(User: )

Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (05/17/2017 01:39:55 AM) (Source: VSS)(User: )

Description: 0x80070005, Access is denied.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {db0de20b-000c-47ae-84af-2765f4df06d2}

 

Error: (05/17/2017 12:53:05 AM) (Source: Perflib)(User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (05/17/2017 12:50:26 AM) (Source: SideBySide)(User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

 

Error: (05/16/2017 04:27:30 PM) (Source: SideBySide)(User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

 

Error: (05/16/2017 04:16:27 PM) (Source: SideBySide)(User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

 

Error: (05/16/2017 03:37:44 PM) (Source: Application Error)(User: )

Description: ShellExperienceHost.exe10.0.15063.058ccbd2eWindows.UI.Xaml.dll10.0.15063.072781892c00000050000000000084e4f157801d2ce77df85b98eC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\Windows.UI.Xaml.dllc1fad0b6-169c-4050-902a-7fc8fac830b8Microsoft.Windows.ShellExperienceHost_10.0.15063.296_neutral_neutral_cw5n1h2txyewyApp

 

Error: (05/16/2017 03:13:35 PM) (Source: SideBySide)(User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

 

Error: (05/16/2017 01:09:11 AM) (Source: VSS)(User: )

Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (05/16/2017 01:03:31 AM) (Source: VSS)(User: )

Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

CodeIntegrity Errors:

===================================

  Date: 2017-05-13 05:07:31.434

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:30.410

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:29.281

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 05:07:27.538

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:51:04.094

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:57.677

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:53.077

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:52.004

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:51.277

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

  Date: 2017-05-13 04:50:50.269

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

 

 

=========================== Installed Programs ============================

 

AMD Catalyst Control Center (HKLM-x32\...\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}) (Version:  - )

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)

Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)

Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 55%

Total physical RAM: 3667.87 MB

Available physical RAM: 1632.52 MB

Total Virtual: 5075.87 MB

Available Virtual: 2585.73 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:443.68 GB) (Free:402.84 GB) NTFS

2 Drive d: (FileHistory) (Removable) (Total:14.41 GB) (Free:13.79 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\HOMEDESKTOPPC

 

Administrator            DefaultAccount           Guest                   

tarag                   

 

========================= Restore Points ==================================

 

12-05-2017 18:03:51 WindowsInstall may12

13-05-2017 06:20:25 JRT Pre-Junkware Removal

13-05-2017 06:48:49 cleaned c:drive

14-05-2017 15:31:56 Installed Sophos Virus Removal Tool.

16-05-2017 04:27:04 Removed CCC Help French

16-05-2017 04:49:01 Removed Sophos Virus Removal Tool.

 


**** End of log ****

 

Results of screen317's Security Check version 1.014 --- 12/23/15 

   x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Windows Defender MSASCuiL.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

 


Results of screen317's Security Check version 1.014 --- 12/23/15 

   x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Windows Defender MSASCuiL.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

Results of screen317's Security Check version 1.014 --- 12/23/15 

   x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Windows Defender MSASCuiL.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %


````````````````````End of Log``````````````````````

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 5/17/17

Scan Time: 2:44 AM

Log File: MB scan 051717.txt

Administrator: Yes

 

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.122

Update Package Version: 1.0.1958

License: Trial

 

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: HOMEDESKTOPPC\tarag

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 341522

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 14 min, 31 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)


 

C:\Users\tarag\OneDrive\TaraOneDrvOnline\ComputerBrowsersLinksMisc\spsetup130.exe     Win32/Bundled.Toolbar.Google.D potentially unsafe application    


 

 

ll 2.8.4 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2017 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 05/17/2017 06:11:17 AM in x64 mode.

Windows Version: Windows 10 Home

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

 

Backup Registry file created at:

 C:\Users\tarag\Desktop\rkill\rkill-05-17-2017-06-11-33.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity:

 

 * agp440 [Missing Service]

 * DcpSvc [Missing Service]

 * gagp30kx [Missing Service]

 * IEEtwCollectorService [Missing Service]

 * IoQos [Missing Service]

 * nv_agp [Missing Service]

 * TimeBroker [Missing Service]

 * uagp35 [Missing Service]

 * uliagpkx [Missing Service]

 * WcsPlugInService [Missing Service]

 * wpcfltr [Missing Service]

 * WSService [Missing Service]

 

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]

 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]

 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * No issues found.

 

Program finished at: 05/17/2017 06:12:50 AM

Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s)



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:02 PM

Posted 17 May 2017 - 09:24 AM

Any improvements?

 

 

Download FSS (Farbar Service Scanner) and save it to your desktop.

 

1. Right-click the program file and select Run as Administrator.

2. Make sure the following options are selected:

 

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

 

3. Click Scan and wait until the scan is complete.

 

A logfile called FSS.txt will be on your desktop.

Paste the contents into a post.

 

 

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.

 

 

 

 

 

 

 

 

 

Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)

  1. Double-click on the Hitman Pro EXE file on your desktop.

  2. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 

  3. Click OK, then click Next.

  4. Select No, I only want to perform a one time scan the click Next.

  5. HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the file and click OK to the self-extracting popup prompt.

  2. Click Next, then click Update to upgrade MBAR to the newest version of malware definitions.

  3. Once the update has been completed click Next, then Scan.

  4. If rootkits were detected, click all the check boxes for each item and select Cleanup. Restart the PC

  5. Open the MBAR folder on your desktop and paste both these logs into a post:

    mbar-log-{date} (xx-xx-xx).txt     system-log.txt
     


Edited by iMacg3, 17 May 2017 - 09:24 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 totallypolluted

totallypolluted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:02 PM

Posted 17 May 2017 - 11:19 PM

Any improvements?

 Download FSS (Farbar Service Scanner) and save it to your desktop.

 

Hello and thank you very much for your time.  I truly appreciate it!    :flowers:  Nothing noticed here.  But I thought it might be important to tell you yesterday, when I opened my email to your first set of instructions for me and I copy/pasted the link provided there for the Farbar Mini Toolbox I was redirected to this strange yahoo page. I got the same result when I pasted the link in Edge and in Firefox.  For whatever reason, after a couple of hours I was able to reach the download with issue. I do not know how to include the image within this post of the screenshot of the redirect.   Included below is the Farbar.  I will send the others shortly.  Thanks again! 😊_

Farbar Service Scanner Version: 27-01-2016

Ran by tarag (administrator) on 17-05-2017 at 23:43:04

Running from "C:\Users\tarag\OneDrive\TaraOneDrvOnline\ComputerBrowsersLinksMisc"

Microsoft Windows 10 Home  (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Policy:

========================

 

 

Security Center:

============

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****



#6 totallypolluted

totallypolluted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:02 PM

Posted 18 May 2017 - 12:19 AM

Hello again!  :busy:  I am experiencing roughly the same issues on my laptop as I am on the desktop pc (this one that you are working with) so should I begin the same steps in the process you have provided?  Please advise.  Thanks so much!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.3 (04.10.2017)

Operating System: Windows 10 Home x64

Ran by tarag (Administrator) on Thu 05/18/2017 at  0:32:31.69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 4

 

Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-92637911-3555677864-1453432773-1001 (Task)

Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)

Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-92637911-3555677864-1453432773-1001.job (Task)

Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/18/2017 at  0:37:28.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 totallypolluted

totallypolluted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:02 PM

Posted 18 May 2017 - 12:45 AM

Download AdwCleaner and save it to your desktop.

1.     Click on the file you downloaded.

2.     Click Scan to start AdwCleaner's scanning process.

3.     Once done, make sure to delete all found threats.

4.     Open the “Logfile” and paste its contents into a post.

# AdwCleaner v6.046 - Logfile created 18/05/2017 at 01:43:14

# Updated on 24/04/2017 by Malwarebytes

# Database : 2017-05-17.1 [Server]

# Operating System : Windows 10 Home  (X64)

# Username : tarag - HOMEDESKTOPPC

# Running from : G:\ComputerHelpDownloads\Downloads&Installs 5-14+\AdwCleaner.exe

# Mode: Scan

# Support : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

No malicious services found.

 

 

***** [ Folders ] *****

 

No malicious folders found.

 

 

***** [ Files ] *****

 

No malicious files found.

 

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

 

***** [ WMI ] *****

 

No malicious keys found.

 

 

***** [ Shortcuts ] *****

 

No infected shortcut found.

 

 

***** [ Scheduled Tasks ] *****

 

No malicious task found.

 

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

 

***** [ Web browsers ] *****

 

No malicious Firefox based browser items found.

No malicious Chromium based browser items found.

 

*************************

 

C:\AdwCleaner\AdwCleaner[S0].txt - [1016 Bytes] - [18/05/2017 01:43:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1089 Bytes] ##########



#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,064 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:02 PM

Posted 18 May 2017 - 09:05 AM

Is your laptop experiencing the exact same symptom as your desktop?

Did all these symptoms start only after speaking with the AVG tech support representative?

 

Please take a screenshot of both the redirects and Chrome (you state it's an app, not a program) with Snipping Tool (search for it in the start menu). Drag and drop the image into Pasteboard, and provide a link to the screenshot.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users