Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware causing tabs to open in Chrome and taking up computer memory


  • This topic is locked This topic is locked
24 replies to this topic

#1 wallacefactor

wallacefactor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 02:35 PM

Hi, I have an issue with my computer that has been tough to remove with a plain anti-virus scan.

 

When I leave my computer unattended, a Chrome tab will open automatically with a spammy website. Also when using some programs, the CPU processor utilization is much higher than normal, and sometimes will get up to 100% with nothing too intensive. Posted below are my results from running FRST.

 

If you need more information, the results of the other scans I've done are in this thread: https://www.bleepingcomputer.com/forums/t/656994/anti-virus-cant-detect-infection/

 

Thanks for any help  :)

 

FRST.txt:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02

Ran by William (administrator) on X75A-DS51 (14-09-2017 13:23:10)
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\msbmtvisrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ishelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\William\AppData\Local\winoxjv\winoxjv.exe
() C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
() C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1604.21020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
() C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
() C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2016-08-07] (iSkySoft)
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\RunOnce: [Uninstall C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\MountPoints2: {1fdbbdc6-d64b-11e5-9bca-60a44c773aa1} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\MountPoints2: {83a38fc7-aff9-11e5-9bc1-806e6f6e6963} - "D:\start.exe" 
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lindell.lnk [2017-09-09]
ShortcutTarget: lindell.lnk -> C:\Program Files (x86)\Wrongheaded\taman.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3c1cc1a5-aa4a-4f3a-8d58-9407afc6dbee}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{451350ca-f3c9-4429-8a3b-6794e1b307cb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4cf9d92a-f2a6-47f8-a184-7cf2c0cf11d7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4cf9d92a-f2a6-47f8-a184-7cf2c0cf11d7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{667b0da2-6d1d-48bd-9fcb-702b42858aea}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6D2AC0A9-3C97-4E24-9020-84CB3A1B9984}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6D2AC0A9-3C97-4E24-9020-84CB3A1B9984}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{b4932aff-fc07-4867-861e-cc7d67997696}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b4932aff-fc07-4867-861e-cc7d67997696}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found
FF HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\William\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-09] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3956421128-2008556380-1758096131-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\William\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3956421128-2008556380-1758096131-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\William\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\npGatewayNpapi.dll [2017-05-19] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3956421128-2008556380-1758096131-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\William\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\npGatewayNpapi-x64.dll [2017-05-19] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/","hxxp://www.google.com"
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (Google Slides) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-31]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2017-03-28]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-31]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-31]
CHR Extension: (Honey) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-09]
CHR Extension: (Google Cast) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-30]
CHR Extension: (Adblock Plus) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Alexa Traffic Rank) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2017-09-13]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-05-04]
CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31]
CHR Extension: (Google Sheets) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-31]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Rapportive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2017-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-31]
CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-09]
CHR HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 FOLIKRSV; C:\Users\William\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [8180224 2012-07-02] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-31] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-31] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\Windows\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [101824 2017-09-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-14] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [94144 2017-09-14] (Malwarebytes)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-07-10] (MediaTek Inc.)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [252432 2017-08-13] (QUALCOMM Incorporated)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-12-31] (Ralink Technology, Corp.)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 13:23 - 2017-09-14 13:23 - 000019279 _____ C:\Users\William\Desktop\FRST.txt
2017-09-14 13:23 - 2017-09-14 13:23 - 000000000 ____D C:\FRST
2017-09-14 13:22 - 2017-09-14 13:22 - 002398208 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2017-09-14 13:19 - 2017-09-14 13:19 - 000016148 _____ C:\Windows\system32\X75A-DS51_William_HistoryPrediction.bin
2017-09-14 08:27 - 2017-09-14 08:27 - 000001363 _____ C:\Users\William\Desktop\mwb.txt
2017-09-14 08:22 - 2017-09-14 08:22 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-14 08:22 - 2017-09-14 08:22 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-14 08:22 - 2017-09-14 08:22 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-14 08:22 - 2017-09-14 08:22 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-14 08:22 - 2017-09-14 08:22 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-14 08:22 - 2017-09-14 08:22 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-14 08:22 - 2017-09-14 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-14 08:22 - 2017-09-14 08:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-14 08:22 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-14 08:21 - 2017-09-14 08:21 - 000116048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumehknr.sys
2017-09-14 08:20 - 2017-09-14 08:20 - 066347240 _____ (Malwarebytes ) C:\Users\William\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-09-13 14:59 - 2017-09-13 14:59 - 000000644 _____ C:\Users\William\Desktop\Turn_On_Windows_Defender_Antivirus.reg
2017-09-13 14:57 - 2017-09-13 14:57 - 000002600 _____ C:\Users\William\Desktop\ESETScan.txt
2017-09-13 14:10 - 2017-09-14 08:21 - 000000000 ____D C:\Users\William\AppData\Local\ESET
2017-09-13 14:10 - 2017-09-13 14:10 - 006754944 _____ (ESET spol. s r.o.) C:\Users\William\Desktop\esetonlinescanner_enu.exe
2017-09-13 14:06 - 2017-09-13 14:06 - 001790024 _____ (Malwarebytes) C:\Users\William\Desktop\JRT.exe
2017-09-13 14:06 - 2017-09-13 14:06 - 000000678 _____ C:\Users\William\Desktop\Turn_Off_Windows_Defender_Antivirus.reg
2017-09-13 13:59 - 2017-09-13 14:20 - 000000000 ____D C:\AdwCleaner
2017-09-13 13:52 - 2017-09-13 13:52 - 008182736 _____ (Malwarebytes) C:\Users\William\Desktop\AdwCleaner.exe
2017-09-12 17:01 - 2017-04-18 02:36 - 004922400 _____ (AO Kaspersky Lab) C:\Users\William\Desktop\TDSSKiller.exe
2017-09-12 17:00 - 2017-09-12 17:01 - 004830473 _____ C:\Users\William\Desktop\tdsskiller.zip
2017-09-12 16:59 - 2017-09-12 16:59 - 000031842 _____ C:\Users\William\Desktop\MTB.txt
2017-09-12 16:58 - 2017-09-12 16:58 - 000892416 _____ (Farbar) C:\Users\William\Desktop\MiniToolBox.exe
2017-09-12 14:58 - 2017-09-14 08:26 - 000000000 ____D C:\Users\William\AppData\Local\winoxjv
2017-09-11 22:08 - 2017-09-11 22:08 - 000002862 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-11 22:08 - 2017-09-11 22:08 - 000000000 ____D C:\Program Files\CCleaner
2017-09-11 22:07 - 2017-09-11 22:08 - 009791816 _____ (Piriform Ltd) C:\Users\William\Downloads\ccsetup533.exe
2017-09-11 21:58 - 2017-09-11 22:03 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-11 21:57 - 2017-09-14 08:21 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-09-10 16:10 - 2017-09-10 16:10 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\78FC6115.sys
2017-09-10 15:54 - 2017-09-10 15:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\7A365510.sys
2017-09-10 15:53 - 2017-09-10 15:53 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\119253D4.sys
2017-09-10 15:53 - 2017-09-10 15:53 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\0D7D53E7.sys
2017-09-09 22:33 - 2017-09-09 22:33 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\453C3819.sys
2017-09-09 18:38 - 2017-09-09 18:38 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\7F8703E7.sys
2017-09-09 18:30 - 2017-09-11 21:57 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-09 18:29 - 2017-09-09 18:29 - 000000000 ____D C:\Windows\pss
2017-09-09 18:27 - 2017-09-09 18:27 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\3EC07B86.sys
2017-09-09 18:14 - 2017-09-14 08:22 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-09 17:05 - 2017-09-09 17:06 - 000201172 _____ C:\Users\William\Documents\cc_20170909_170539.reg
2017-09-09 17:00 - 2017-09-11 22:09 - 000000000 ____D C:\Windows\Minidump
2017-09-09 16:36 - 2017-09-09 16:36 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-09 15:58 - 2017-09-09 15:58 - 000003304 _____ C:\Windows\System32\Tasks\{3F00942E-46DD-4D0F-9E8B-FDEEF365E539}
2017-09-09 14:41 - 2017-09-14 13:14 - 000000000 ____D C:\Users\William\AppData\Local\winldin
2017-09-09 14:41 - 2017-09-09 14:41 - 000000000 ____D C:\Users\William\AppData\Local\CEF
2017-09-09 14:35 - 2017-09-09 14:35 - 000000000 ____D C:\Windows\SysWOW64\utctzru
2017-09-09 14:35 - 2017-09-09 14:35 - 000000000 ____D C:\Windows\system32\utctzru
2017-09-09 14:35 - 2017-09-09 14:35 - 000000000 ____D C:\Users\William\AppData\Roaming\et
2017-09-09 00:17 - 2017-09-09 00:17 - 000011776 _____ (Taman) C:\Windows\reproducing.exe
2017-09-08 16:06 - 2017-09-08 16:06 - 000119512 _____ C:\Users\William\Desktop\cfbmodel.xlsx
2017-09-08 16:02 - 2017-09-08 16:02 - 000016138 _____ C:\Users\William\Downloads\cfb_allowables_week1.xlsx
2017-09-08 15:16 - 2017-09-08 15:16 - 000014071 _____ C:\Users\William\Downloads\CFB Platform CPA Allowables.xlsx
2017-09-08 14:14 - 2017-09-08 15:48 - 000000000 ____D C:\Users\William\AppData\LocalLow\WebEx
2017-09-08 14:14 - 2017-09-08 14:14 - 000788135 _____ C:\Users\William\AppData\LocalLow\PreEDF1.tmp
2017-09-08 14:14 - 2017-09-08 14:14 - 000238315 _____ C:\Users\William\AppData\LocalLow\PreF257.tmp
2017-09-08 14:14 - 2017-09-08 14:14 - 000211382 _____ C:\Users\William\AppData\LocalLow\PreEBAE.tmp
2017-09-08 14:14 - 2017-09-08 14:14 - 000000000 ____D C:\Users\William\AppData\Roaming\webex
2017-09-08 14:14 - 2017-09-08 14:14 - 000000000 ____D C:\Users\William\AppData\Local\WebEx
2017-09-08 14:14 - 2017-09-08 14:14 - 000000000 ____D C:\ProgramData\WebEx
2017-09-08 09:09 - 2017-09-08 09:09 - 001849673 _____ C:\Users\William\Downloads\2017 US Mobile App Report_FINAL.PDF
2017-09-07 18:45 - 2017-09-07 19:02 - 000013149 _____ C:\Users\William\Downloads\SLGD - Facebook Concept and Placement Name QA Sheet - EPL - 090717.xlsx
2017-09-07 18:45 - 2017-09-07 19:01 - 000014145 _____ C:\Users\William\Downloads\SLGD - Facebook QA Sheet - 09_07_2017 - EPL Tune-In - KK.xlsx
2017-09-07 18:40 - 2017-09-07 19:02 - 000018921 _____ C:\Users\William\Downloads\090717_EPLtune_wk4_v2.xlsx
2017-09-07 10:25 - 2017-09-07 10:25 - 000077208 _____ (P8SZEQ) C:\Windows\system32\Drivers\71a03c2d921b75e6e3fdeae2a93e0dd2.sys
2017-09-07 10:25 - 2017-09-07 10:25 - 000039816 _____ C:\Windows\uninstaller.dat
2017-09-05 18:39 - 2017-09-05 18:39 - 000049920 _____ C:\Users\William\Downloads\2017-09-05 Snake.xlsx
2017-09-03 14:12 - 2017-09-04 00:57 - 000023180 _____ C:\Users\William\Downloads\export_20170903_1412.csv
2017-09-01 19:46 - 2017-09-01 19:46 - 000112716 _____ C:\Users\William\Downloads\cfbmodel.xlsx
2017-08-31 19:55 - 2017-08-31 19:55 - 000027373 _____ C:\Users\William\Downloads\Sling TV_FB IO_080917.xlsx
2017-08-29 17:52 - 2017-08-29 17:52 - 000011547 _____ C:\Users\William\Downloads\cfb_audsize (1).xlsx
2017-08-29 17:39 - 2017-08-31 19:40 - 000011367 _____ C:\Users\William\Downloads\cfb_audsize.xlsx
2017-08-26 19:45 - 2017-08-26 19:45 - 080131280 _____ C:\Users\William\Downloads\ace-stream-3-1-1-multi-win.exe
2017-08-26 18:51 - 2017-08-26 18:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 12:55 - 2017-03-18 01:39 - 000000000 ____D C:\Users\William\AppData\Local\CrashDumps
2017-09-14 10:06 - 2015-12-31 12:52 - 000004172 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8A00CC9-711C-4503-A34E-6DA8E0ACE5D1}
2017-09-14 08:37 - 2016-03-11 12:24 - 000003280 _____ C:\Windows\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3956421128-2008556380-1758096131-1001
2017-09-14 08:25 - 2015-12-31 14:09 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-14 08:25 - 2015-07-10 05:02 - 000000000 ____D C:\Windows\INF
2017-09-14 08:21 - 2017-04-12 22:10 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-09-14 08:21 - 2015-12-31 13:18 - 000000000 __SHD C:\Users\William\IntelGraphicsProfiles
2017-09-14 08:21 - 2015-07-10 06:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 08:21 - 2015-07-10 03:05 - 012582912 _____ C:\Windows\system32\config\HARDWARE
2017-09-14 08:21 - 2015-07-10 03:05 - 000524288 ___SH C:\Windows\system32\config\BBI
2017-09-14 02:45 - 2015-07-10 05:04 - 000000000 ____D C:\Windows\AppReadiness
2017-09-14 02:00 - 2016-01-05 17:40 - 000000000 ____D C:\Users\William\AppData\Local\Adobe
2017-09-13 22:54 - 2017-05-14 15:33 - 000000000 ____D C:\Users\William\Documents\Sling
2017-09-12 07:43 - 2015-12-31 16:43 - 000000000 ____D C:\Users\William\AppData\Roaming\Follow Liker
2017-09-11 22:19 - 2016-01-05 00:27 - 000000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2017-09-11 22:19 - 2015-12-31 14:09 - 000000000 ___RD C:\Users\William\OneDrive
2017-09-11 22:19 - 2015-12-31 14:08 - 000000000 ____D C:\Users\William\AppData\Local\Packages
2017-09-11 22:19 - 2015-07-10 05:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-11 22:09 - 2015-12-31 14:02 - 000000000 ____D C:\Windows\Panther
2017-09-11 17:56 - 2015-12-31 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Follow Liker
2017-09-10 21:28 - 2017-05-30 22:10 - 000000000 ____D C:\Users\William\Desktop\MedCircle
2017-09-10 21:28 - 2016-04-14 10:05 - 000000000 ____D C:\Users\William\Desktop\Grailed
2017-09-10 16:20 - 2015-07-10 05:04 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-09-10 16:19 - 2015-12-31 14:08 - 000000000 ____D C:\Users\William
2017-09-10 16:14 - 2017-07-11 01:39 - 000000000 ____D C:\$WINDOWS.~BT
2017-09-10 15:54 - 2017-04-11 23:25 - 000067632 _____ (Symantec Corporation) C:\Windows\system32\msln.exe
2017-09-09 16:36 - 2015-12-31 13:06 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-09 16:36 - 2015-12-31 12:59 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-09 16:36 - 2015-12-31 12:59 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-09 16:25 - 2015-07-10 06:20 - 000540960 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-09 16:24 - 2016-03-23 23:59 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-09 15:05 - 2015-12-31 13:21 - 000000000 ____D C:\ProgramData\Symantec
2017-09-09 14:49 - 2017-02-13 14:00 - 000000000 ____D C:\Users\William\AppData\Roaming\Zoom
2017-09-09 14:49 - 2016-11-06 18:56 - 000000000 ____D C:\Windows\system32\appmgmt
2017-09-09 14:48 - 2015-07-10 03:05 - 000032768 ___SH C:\Windows\system32\config\ELAM
2017-09-08 16:28 - 2016-01-07 21:48 - 000000000 ____D C:\Users\William\AppData\Roaming\vlc
2017-09-08 16:25 - 2015-12-31 12:29 - 000000000 ____D C:\Users\William\AppData\Local\Microsoft Help
2017-08-31 22:25 - 2016-08-20 13:51 - 000000000 ____D C:\Users\William\AppData\Roaming\RStudio
2017-08-31 22:25 - 2016-08-19 19:52 - 000000000 ____D C:\Users\William\AppData\Local\RStudio-Desktop
2017-08-31 17:54 - 2016-12-22 23:54 - 000000000 ____D C:\Users\William\Documents\Dysrupted
2017-08-20 09:40 - 2017-05-26 09:38 - 000032768 _____ C:\Users\William\AppData\Local\WebpageIcons.db
2017-08-17 10:35 - 2015-12-31 13:15 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-12-30 14:06 - 2016-12-30 14:09 - 000000600 _____ () C:\Users\William\AppData\Local\PUTTY.RND
2017-05-26 09:38 - 2017-08-20 09:40 - 000032768 _____ () C:\Users\William\AppData\Local\WebpageIcons.db
 
Some files in TEMP:
====================
2017-08-19 21:09 - 2017-09-11 22:34 - 000003584 _____ () C:\Users\William\AppData\Local\Temp\dateinj01.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-13 08:18
 
==================== End of FRST.txt ============================

 

Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02

Ran by William (14-09-2017 13:23:49)
Running from C:\Users\William\Desktop
Windows 10 Enterprise (X64) (2015-12-31 20:07:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3956421128-2008556380-1758096131-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3956421128-2008556380-1758096131-503 - Limited - Disabled)
Guest (S-1-5-21-3956421128-2008556380-1758096131-501 - Limited - Disabled)
William (S-1-5-21-3956421128-2008556380-1758096131-1001 - Administrator - Enabled) => C:\Users\William
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
Follow Liker version 9.2.9 (HKLM-x32\...\{0C42C8A7-894B-49A1-B6EC-FB7FB3C0A193}_is1) (Version: 9.2.9 - Follow Liker)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HL-L2360D series HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Keyword Researcher Pro version 10.84 (HKLM-x32\...\Keyword Researcher Pro_is1) (Version: 10.84 - Clever Gizmos)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
R for Windows 3.4.1 (HKLM\...\R for Windows 3.4.1_is1) (Version: 3.4.1 - R Core Team)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.153 - RStudio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skype Meetings App (HKLM-x32\...\{E8E6D26B-382E-43C8-91BA-AB8DF2CD0C10}) (Version: 16.2.0.194 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SQLyog Community 12.2.5 (64 bit) (HKLM\...\SQLyogCommunity64) (Version: 12.2.5 (64 bit) - Webyog Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-02] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-02] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-02] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-02] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-08-31] (Foxit Software Inc.)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-07] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-07] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-12-31] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-02] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-07] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-07] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BE75211-0A46-4F10-A647-FE9C5A0F666C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-09] (Google Inc.)
Task: {35457566-BAEE-4A01-AAA8-C436CD15E5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-09] (Google Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {5862EEFB-70D1-4B7B-8045-127CF9208B10} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {59521B90-83F4-461C-8B64-187A774398EA} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {5B389F4F-5444-4E53-A9E5-F80A40C6EC84} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {5EBB7E86-C833-43BE-8F74-9302224B21D1} - System32\Tasks\{3F00942E-46DD-4D0F-9E8B-FDEEF365E539} => C:\Windows\system32\pcalua.exe -a C:\Users\William\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe -c /u
Task: {6DD7BCD1-7C89-40C0-A863-9B9E34E575B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {7255ED00-5747-40DD-9CA5-A4C9B684CF13} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {8A723014-91EF-4C8B-874B-1FDE328E1DA0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {8D4FA94F-6081-4F27-ACC0-14632D1E6B2A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3956421128-2008556380-1758096131-1001
Task: {D7D2A9DB-3765-418D-B35E-ECC2FD6ABC88} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-williamzhou90@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated)
Task: {DD1DBE7D-439E-4D8D-9AE2-9F620BA7D86B} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 05:00 - 2015-07-10 05:00 - 000028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-12-31 13:22 - 2015-07-14 20:04 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2016-11-16 10:33 - 2016-10-25 01:15 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 001329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-13 22:20 - 2017-06-03 07:39 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-02 00:18 - 2016-04-02 00:18 - 000426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-31 13:22 - 2015-09-16 23:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-02 00:17 - 2016-04-02 00:17 - 031679664 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-09-14 08:22 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-11 14:47 - 2017-09-11 14:47 - 000914944 _____ () C:\Users\William\AppData\Local\winoxjv\winoxjv.exe
2017-08-20 12:38 - 2017-08-20 12:38 - 001087488 _____ () C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
2017-09-09 16:36 - 2017-09-04 02:12 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libglesv2.dll
2017-09-09 16:36 - 2017-09-04 02:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libegl.dll
2016-07-05 09:59 - 2016-07-05 09:59 - 003621888 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1604.21020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-31 12:44 - 2015-12-31 12:45 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1604.21020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-05-09 21:31 - 2017-04-27 17:44 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-14 06:57 - 2016-11-19 00:06 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-14 06:57 - 2016-11-19 00:13 - 000884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-09 21:30 - 2017-04-27 17:42 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-31 13:22 - 2015-09-16 23:43 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 05:00 - 2015-07-10 07:28 - 000210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-31 13:22 - 2015-07-10 18:56 - 000577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-12-31 13:22 - 2015-07-10 01:57 - 000181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-12-31 13:22 - 2015-07-10 01:57 - 000559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-12-31 13:22 - 2015-07-10 01:57 - 000643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 05:00 - 2015-07-10 07:28 - 000037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-12-14 06:57 - 2016-11-19 00:07 - 000928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2016-12-14 06:57 - 2016-11-19 00:07 - 002028032 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2016-12-14 06:57 - 2016-11-19 00:06 - 000619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2016-04-07 12:44 - 2016-04-07 12:44 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-03-23 22:31 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-03-23 22:31 - 2014-10-31 17:40 - 001498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-29 18:19 - 2016-03-29 18:19 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-03-29 18:19 - 2016-03-29 18:19 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-03-29 18:19 - 2016-03-29 18:19 - 000121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-03-29 18:19 - 2016-03-29 18:19 - 000126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-04-07 12:35 - 2016-04-07 12:35 - 000090304 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-03-29 18:19 - 2016-03-29 18:19 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-06 10:17 - 2016-12-06 10:17 - 000048304 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\William\AppData\Local\winoxjv\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\William\AppData\Local\winoxjv\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\William\AppData\Local\winoxjv\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\William\AppData\Local\winoxjv\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:145c1e178cc779707f5731701bce7e3d [534]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2017-09-09 18:33 - 000001049 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{144712F1-17C8-47C9-B2D2-FCC187AC2248}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{6D8F949D-605E-47A0-8745-9AF747B8B60D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{EE210232-CDF3-4216-8DE9-FA47F33196A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{56A4507B-1C1E-4F1E-B8AE-3D8EB480F374}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EFBC453-EAC5-4A3E-BECD-1DFA944E49F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D14A2838-A17D-4C39-B7BA-CAE6FB421D5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41B43EB9-DF77-4EE3-8A23-C937F2FF442A}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59C15279-E0D0-4DBB-A145-BBFDD1814825}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{06E6B8C5-24DF-4FCE-A9DC-6C15B3D39136}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{490EB7F0-F47B-4669-8823-5A39DB7F17CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9A0E82FC-354A-4728-BC8D-AABB43698984}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{AFD0B77F-365B-4F8A-B19E-6F10FDA1C47C}] => (Allow) C:\Program Files (x86)\Wrongheaded\taman.exe
FirewallRules: [{F3B0A23E-4992-4C14-AF21-166877EB5CC4}] => (Allow) C:\Program Files (x86)\Payload\taman.exe
FirewallRules: [{D96BCCE3-C800-4CDD-9AF5-99878608B2A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2DC668B2-83F0-49B8-9E66-7602D8B173F5}C:\users\william\appdata\roaming\follow liker\folikr.exe] => (Allow) C:\users\william\appdata\roaming\follow liker\folikr.exe
FirewallRules: [UDP Query User{2E7ADC8C-8975-4702-B9A3-98E94560A739}C:\users\william\appdata\roaming\follow liker\folikr.exe] => (Allow) C:\users\william\appdata\roaming\follow liker\folikr.exe
 
==================== Restore Points =========================
 
24-08-2017 23:13:37 Scheduled Checkpoint
03-09-2017 10:37:56 Scheduled Checkpoint
09-09-2017 14:46:41 Removed WeatherBuddy
13-09-2017 09:17:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2017 12:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x2cc
Faulting application start time: 0x01d32d8ad30c3873
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 102a5408-bd1f-4568-ab4c-b82bcb324125
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 12:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x13bc
Faulting application start time: 0x01d32d8a213ba975
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 2c4e7b76-b2bd-4071-9049-2cb9563a92fc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 12:38:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1330
Faulting application start time: 0x01d32d88904c53b8
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 41f0ad88-59c3-43f5-8be2-b530d350d7b0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 12:14:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0xebc
Faulting application start time: 0x01d32d853171dc95
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 87ffeb9a-6ad5-4d8e-b10a-5c389352ea7b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 10:36:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x47c
Faulting application start time: 0x01d32d775671d0ef
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 364ccdcc-410c-4e1a-b79b-e9d6646ec030
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 10:34:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1af8
Faulting application start time: 0x01d32d77265f65a1
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 8c3f02e0-186f-4913-b10c-b5e17fb4dc45
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 10:16:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x510
Faulting application start time: 0x01d32d74cf40f54e
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: a35deafa-bf18-4962-9430-2cf536d91b69
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 09:51:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1a4c
Faulting application start time: 0x01d32d7136ca6313
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: cab07c42-f64d-4e45-b952-17fb01cdfdce
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 09:42:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0xbc0
Faulting application start time: 0x01d32d6fe14db5e9
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: b79d6698-6e10-494e-9b55-2e7295d3b1a9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2017 08:30:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utcxmxp.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0x1e58
Faulting application start time: 0x01d32d65e2ebd0b7
Faulting application path: C:\Users\William\AppData\Local\winoxjv\utcxmxp.exe
Faulting module path: C:\Users\William\AppData\Local\winoxjv\libcef.dll
Report Id: 22d93afa-c6d7-467e-aa84-bfaffcee7ca4
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/14/2017 08:37:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Feature update to Windows 10 Enterprise, version 1703.
 
Error: (09/14/2017 08:21:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/14/2017 08:21:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/14/2017 08:21:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/14/2017 08:21:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/14/2017 08:21:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/13/2017 02:24:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (09/13/2017 02:24:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\William\AppData\Local\Temp\ehdrv.sys
 
Error: (09/13/2017 02:24:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\William\AppData\Local\Temp\ehdrv.sys
 
Error: (09/13/2017 02:24:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
CodeIntegrity:
===================================
  Date: 2017-09-12 17:57:15.722
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-11 18:36:15.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-10 16:39:33.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-09 18:11:14.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 8077.67 MB
Available physical RAM: 4310.31 MB
Total Virtual: 9357.67 MB
Available Virtual: 5763.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:110.65 GB) NTFS
Drive d: (BROTHER) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 03:51 PM

Hi

Welcome :)

I'll be helping you to clean up your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
ShortcutTarget: lindell.lnk -> C:\Program Files (x86)\Wrongheaded\taman.exe (No File)
C:\Users\William\AppData\Local\winoxjv
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin HKU\S-1-5-21-3956421128-2008556380-1758096131-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\William\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 04:05 PM

Hi JSntgRvr, thanks for helping to troubleshoot. Below are my logs.

 

Unfortunately, Junkware Removal Tool could not start, as it said "Could not create file "C:\Users\...\AppData\Local\Temp\jrt\clean_shortcut.vbs" but I was able to do everything else.

 

Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017

Ran by William (14-09-2017 14:54:35) Run:1
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
ShortcutTarget: lindell.lnk -> C:\Program Files (x86)\Wrongheaded\taman.exe (No File)
C:\Users\William\AppData\Local\winoxjv
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin HKU\S-1-5-21-3956421128-2008556380-1758096131-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\William\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\System\CurrentControlSet\Services\EraserSvc11621 => key removed successfully
EraserSvc11621 => service removed successfully
HKLM\System\CurrentControlSet\Services\wfpcapture => key removed successfully
wfpcapture => service removed successfully
C:\Program Files (x86)\Wrongheaded\taman.exe => not found.
 
"C:\Users\William\AppData\Local\winoxjv" folder move:
 
Could not move "C:\Users\William\AppData\Local\winoxjv" => Scheduled to move on reboot.
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\WSISVCUchrome => key removed successfully
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.1 => key removed successfully
C:\Users\William\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iSkysoftVideoConverterFileOpreation => key removed successfully
HKLM\Software\Classes\CLSID\{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3956421128-2008556380-1758096131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{AC75E0CA-EEEF-47BB-A6AC-D4072503117E} canceled.
{A8C9BAA8-D49E-484F-B001-ECD918D05CDC} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19034915 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2704627 B
Edge => 389 B
Chrome => 559958245 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 6354 B
NetworkService => 7362 B
William => 80533854 B
 
RecycleBin => 0 B
EmptyTemp: => 631.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-09-2017 14:57:09)
 
"C:\Users\William\AppData\Local\winoxjv" => Could not move
 
==== End of Fixlog 14:57:11 ====

 

AdwCleaner:

 

 

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 21:01:34 2017

# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Enterprise (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Alexa Traffic Rank - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3523 B] - [2017/9/13 20:18:32]
C:/AdwCleaner/AdwCleaner[C1].txt - [1342 B] - [2017/9/13 20:20:38]
C:/AdwCleaner/AdwCleaner[S0].txt - [3801 B] - [2017/9/13 20:1:13]
C:/AdwCleaner/AdwCleaner[S1].txt - [3868 B] - [2017/9/13 20:16:55]
C:/AdwCleaner/AdwCleaner[S2].txt - [1319 B] - [2017/9/13 20:20:28]
C:/AdwCleaner/AdwCleaner[S3].txt - [1455 B] - [2017/9/14 21:0:59]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 04:32 PM

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file [attachment=197909:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:
  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 05:14 PM

Hi, I saved both Farbar Recovery Scan Tool and Fixlist.txt into a USB drive.

 

I tried all of the possible entry points into WinRE but all of them restart my computer as usual.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 05:46 PM

At an Administrator Command prompt copy and paste the following command and press enter:

bcdedit /set {default} recoveryenabled Yes

 

If successful retry the options above to enter the WinRE.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 06:11 PM

I was able to go into WinRE - txt file below. Unfortunately, now it gives me the prompt "Your PC did not start correctly" and when I try to restart, it loops back to that prompt.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017 01

Ran by SYSTEM (14-09-2017 16:59:15) Run:2
Running from d:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Users\William\AppData\Local\winoxjv
*****************
 
C:\Users\William\AppData\Local\winoxjv => moved successfully
 
==== End of Fixlog 16:59:15 ====


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 06:11 PM

You can also create a recovery media in your computer. See this article.  Do not delete your recovery drive.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 06:13 PM

Great.

 

Retry JRT.

 

Then, 

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg


  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 06:18 PM

Sorry, didn't read your complete post.

 

At the Recovery prompt type the following and press Enter:

 

bcdedit /set {default} recoveryenabled No

 

If successful, restart the computer.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 06:23 PM

It was successful, but when I restarted it said:

 

"Your PC/Device needs to be repaired. The operating system couldn't be loaded because the system registry file is issing or contains errors. File: \Windows\system32\config\system, Error code: 0xc0000225."

 

It gives me three options: 

 

Press Esc for recovery

Press Enter to try again

Press F8 for Startup Settings

 

Thanks for the quick replies!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 06:42 PM

At the Recovery prompt type the following and press Enter:

 

bcdedit /deletevalue {default} recoveryenabled

 

If successful, restart the computer.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 06:46 PM

I chose the recovery prompt, and when I tried to open the command prompt it says:

 

"You need to sign in as an administrator to continue, but there aren't any administrator accounts on this PC"



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:58 PM

Posted 14 September 2017 - 06:53 PM

When you boot, are there other options, like Repair Startup?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 wallacefactor

wallacefactor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 September 2017 - 06:58 PM

Yes, in the Troubleshoot > Advanced options menu, there's System Restore, Command Prompt, System Image Recovery, UEFI Firmware Settings, Startup Repair, and Startup Settings. When I click on Startup Repair, it says the same thing:

 

"You need to sign in as an administrator to continue, but there aren't any administrator accounts on this PC"

 
Under Startup Settings I'm seeing this options - photo below.
 
startup-settings-windows-8-56a6f90f3df78





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users