Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender took 4 days to scan, everything is running very slowly.


  • Please log in to reply
26 replies to this topic

#1 azeri

azeri

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 06 November 2017 - 11:46 PM

Hello,
My HP laptop is taking an unusually long time to startup, google chrome is slow to open. Windows Defender took 4 days to scan. Your assistance to determine what is the problem will be greatly appreciated. Thank you!

BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 07 November 2017 - 09:51 AM

Greetings azeri and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Now that you have already started a topic please follow the steps as outlined here. Make sure to copy and paste both logs in your reply. If you receive an error message the content is too long simply post each report in a separate reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 07 November 2017 - 11:13 PM

Hello Gary,

I'd like to thank you very much for your time and assistance.

 

I've gone to your link and tried to follow the various suggestions. I'm getting confused at how to proceed with running system file checker using elevated command prompts (I hope I stated that correctly). After "Windows resource protection found corrupt files but was unable to fix some of them....", I followed the instructions and typed "Dism /Online /Cleanup-Image /RestoreHealth". I don't know how to interpret what appeared on the screen. Also, I am unable to copy and paste what I see.



#4 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 07 November 2017 - 11:52 PM

Gary,

I spoke too soon. The operation has completed: "The restore operation completed successfully. The component store corruption was repaired."

 

Should I shut down and restart after doing this? I think I am currently in safe mode. If I am to restart do I go into safe mode?

 

I've read through all the remaining suggestions and don't see anything else that I should try. You mentioned that I should "copy and paste both logs". I don't see any logs, what are you referring to?

 

Thank you.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 08 November 2017 - 12:00 PM

Greetings.

Regarding the logs, please do this. Also, describe the issues you are currently having.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Addition log
  • Issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#6 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 08 November 2017 - 01:43 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by jk (08-11-2017 11:27:42)
Running from C:\Users\jk\Downloads
Windows 8.1 (Update) (X64) (2016-09-14 12:50:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-55595808-3091521971-254164671-500 - Administrator - Disabled)
Guest (S-1-5-21-55595808-3091521971-254164671-501 - Limited - Disabled)
jk (S-1-5-21-55595808-3091521971-254164671-1002 - Administrator - Enabled) => C:\Users\jk
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AuthenTec TrueAPI 64-bit (HKLM\...\{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}) (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Drive Manager (HKLM-x32\...\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology) Hidden
Drive Manager (HKLM-x32\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
E-Z Contact Book version 3.0.4.4 (HKLM-x32\...\{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1) (Version: 3.0.4.4 - Dmitri Karshakevich)
Free VPN version 3.0 (HKLM-x32\...\{353EDE50-22AA-419E-8D7B-2012134CF56E}_is1) (Version: 3.0 - VPNMaster Inc.)
Garmin Training Center (HKLM-x32\...\{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}) (Version: 3.4.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.16.0.7881 (HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\GoToMeeting) (Version: 8.16.0.7881 - LogMeIn, Inc.)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP AC Power Control (HKLM-x32\...\{03E3548E-8B2E-4F8E-8222-63CA135B54EF}) (Version: 1.0.6 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.23 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.8.37.11 - HP Inc.)
HP USB Docking Video (HKLM\...\{5954B537-883E-4266-8E3B-B1E5F6EB67FA}) (Version: 7.2.47873.0 - Hewlett-Packard)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HydraVision (HKLM-x32\...\{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxis Broadband (HKLM-x32\...\Maxis Broadband) (Version: 16.001.06.10.99 - Huawei Technologies Co.,Ltd)
MeadCo ScriptX (v7.1.0.60 (x86)) (HKLM-x32\...\{BC15EFA7-97B7-43A3-A293-5117EC3C1A86}) (Version: 7.1.0 - Mead & Co Ltd.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\OneDriveSetup.exe) (Version: 17.3.7101.1018 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{E7E058CF-4638-49D4-936D-AC6DAE3B002E}) (Version: 1.1.1 - Hewlett-Packard)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
PandaPow 2.3.8 (HKLM-x32\...\PandaPow) (Version: 2.3.8 - )
PPTV V3.5.0.0032 (HKLM-x32\...\PPLive) (Version: 3.5.0 - PPLive Corporation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Reviewer (HKLM-x32\...\{02338B81-427D-4DE4-BFAA-28F3327EE4D7}) (Version: 1.11.39.0 - Sorna Corporation)
RogueKiller version 12.10.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.3.0 - Adlice Software)
Scanner Mouse (HKLM-x32\...\{77113497-B67B-415A-8621-C94E6FF3F037}) (Version: 1.6.1 - Dacuda)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoftPaq (HKLM-x32\...\SoftPaq) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-55595808-3091521971-254164671-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.7010.0912\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-55595808-3091521971-254164671-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jk\AppData\Local\Citrix\GoToMeeting\6519\G2MOutlookAddin64.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-05] (Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers1: [{4C5A0DA6-C2DA-422D-89E1-457978AB87B5}] -> {4C5A0DA6-C2DA-422D-89E1-457978AB87B5} => C:\Windows\system32\shellfire.dll [2014-01-25] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-05] (Cyberlink)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BD8E8D2-967B-43F4-84BD-FDF46F8E0ADC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-27] ()
Task: {0CD28AD6-2B90-4148-B2E1-7DC8286E5C04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {16C6CD28-7C1E-4055-92EC-59D591F60A35} - System32\Tasks\G2MUploadTask-S-1-5-21-55595808-3091521971-254164671-1002 => C:\Users\jk\AppData\Local\GoToMeeting\7881\g2mupload.exe [2017-11-07] (LogMeIn, Inc.)
Task: {1C0646F2-9ADB-4E65-AB1B-C21814AB4398} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {1C1702FB-DB0A-442C-96D2-E5AF5096695A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.)
Task: {37CB75C4-5DAA-4186-A9A8-91257406E72E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {38000404-7B96-439B-B833-86AFA4EC89A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {3C4AE493-96BE-46C5-966F-86C8B20658F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {42D442E0-9FC1-4BB2-8B5B-884275A602B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {456B2F14-4EF6-4E99-A995-6A9FB34D958E} - System32\Tasks\G2MUpdateTask-S-1-5-21-55595808-3091521971-254164671-1002 => C:\Users\jk\AppData\Local\GoToMeeting\7881\g2mupdate.exe [2017-11-07] (LogMeIn, Inc.)
Task: {4DCBD95C-A351-411C-B985-649028CC5A8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5748FF71-41BB-4220-A925-E66FFE3C093F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {653E6DF0-8E99-4458-9228-94AEFF85D197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {66B003E8-8CD1-4D3C-929D-641786C120DF} - System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\HP Games\Uninstall.exe"
Task: {673D8318-E26F-4101-993A-BCD57159970E} - System32\Tasks\HPCeeScheduleForjk => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {678D2F39-B1C4-481A-A078-21005BF2EEED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-23] (Synaptics Incorporated)
Task: {6DFB7040-ACA5-42D6-AB36-65FC76FA4C10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2C5CXK3G => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {734F5F34-73C5-4158-A0FD-DF2EA98C62E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {858DAF6F-2021-4F79-878C-548651A13667} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {8DDE6357-C038-4577-A51E-2789BF77ED09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {96206C7F-84B7-40DC-9559-DAA1108A4F26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {96BD26BD-4776-4ACE-BC7A-1CB073BA3541} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9739EE87-694B-4290-B2EC-C0EAE37D59B0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-27] ()
Task: {A247C145-101D-4FAC-8471-380C1C16702D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A9ADA062-E41E-4E1A-A50B-86077C63EA13} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-10-31] (Hewlett-Packard Development Company, L.P.)
Task: {ABAAD3A6-EB56-4CF9-A96C-87F468D8A450} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {AD7441FA-31C7-4C8D-B7B4-BF2D37305E5C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {BD5D1729-1E3E-4E2C-9F49-338BAED4804B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {C080243C-C93E-41F3-9521-664470218802} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-06] (Microsoft Corporation)
Task: {C7FDB8E3-C486-4569-9E98-012B6AFEEC40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {D1B2084A-2737-40DC-B5E2-A85B6F2C6126} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Users\jk\Desktop\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {E2C2B7E0-D54A-46BA-A592-12727490BF39} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-27] (Adobe Systems Incorporated)
Task: {E5244147-AB92-4CC7-951E-244C168DC16C} - System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-55595808-3091521971-254164671-1002.job => C:\Users\jk\AppData\Local\GoToMeeting\7881\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-55595808-3091521971-254164671-1002.job => C:\Users\jk\AppData\Local\GoToMeeting\7881\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForjk.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\hkjc on www.racing.scmp.com\target.lnk -> hxxp://www.racing.scmp.com/news/hkj
 
ShortcutWithArgument: C:\Users\Public\Desktop\PPGame.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://tj.g.pptv.com/click.php?t=cms&cid=71
ShortcutWithArgument: C:\Users\Public\Desktop\PPShow.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://tj.g.pptv.com/s.php?cid=2&go=http%3A%2F%2Fshow.pptv.com%2F
ShortcutWithArgument: C:\Users\Public\Desktop\PPTV Online Video.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://www.pptv.com/?rcc_id=d7ff9d0c59ed065e257390a84dd5831b
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-17 19:29 - 2014-04-17 19:29 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-11-16 23:28 - 2016-11-16 23:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 18:50 - 2017-07-13 18:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-06 02:47 - 2012-09-06 02:47 - 000028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2017-03-29 09:58 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-09-19 15:37 - 2012-09-19 15:37 - 000017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 15:37 - 2012-09-19 15:37 - 000029960 _____ () C:\Windows\system32\BsTrace.dll
2017-06-22 13:34 - 2017-10-19 08:21 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-02-07 06:19 - 2013-02-07 06:19 - 004073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2017-10-07 14:01 - 2017-09-21 00:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-07 14:01 - 2017-09-21 00:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-02-07 06:19 - 2013-02-07 06:19 - 000019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2016-09-13 16:22 - 2013-08-05 00:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 12:48 - 2013-08-05 12:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 000255336 _____ () C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\incompasssolutions.com -> hxxps://rto.incompasssolutions.com
IE trusted site: HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\sharepoint.com -> hxxps://titansbrevardcc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2017-04-17 18:42 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "PPTV.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "basicsmssmenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\StartupFolder: => "Scanner Mouse.lnk"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "gStart"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "PPAP"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "Power2GoExpress8"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F49AC1B9-AB15-45B8-B3BC-9B894459EF1C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2C37AC5C-E18A-40E3-BE5B-3238FB10FCF9}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{98DE1B39-E895-41CC-8EA2-23DB7BC2FA43}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{AD8BA99C-408E-4165-9AA9-81A6B9EBC109}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE3EA5AE-8795-488A-98C6-41F64DD337BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{148F7750-71B2-4C90-A5FD-9CDB7F248858}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5028BEF6-D892-4C2C-AB4E-9EE6A6232AA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{37A34000-5A64-4330-BA31-A9F66DFD9F13}] => (Allow) LPort=2869
FirewallRules: [{C7517D51-2718-45CA-B78A-7BC0EE9925D7}] => (Allow) LPort=2869
FirewallRules: [{C0ABFB9A-10F6-49BB-A07F-1B8092714B37}] => (Allow) LPort=1900
FirewallRules: [{8000DCD4-6CB2-411A-89EC-D365CF7AFD66}] => (Allow) LPort=1900
FirewallRules: [{90DD3823-C9E3-4A2A-AF98-AEEDBFC76409}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0B82D96F-4FA2-4A26-8A9C-EEF9BF8A2FAF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F2E3E704-8F0E-4FB6-B0B4-FC4909801552}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{ADDA7542-8727-4915-B81A-0EAC9B426D7C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2825C326-4847-4D37-B7F7-003FDF5ED0C5}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\PluginInstaller.exe
FirewallRules: [{38D6AB97-E41C-4C0A-862A-5F52520581E7}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\PluginInstaller.exe
FirewallRules: [UDP Query User{8EA1650A-FF44-49DE-85C8-E3A1D85B9CF6}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Allow) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [TCP Query User{6404AE39-6D78-45F7-A84A-696D3AA25EB1}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Allow) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [{03DC0127-596C-47DF-AABA-E92B59886EC5}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{D861D442-B8DB-4898-A874-937E7F363D2F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{F502A1E9-041D-43F3-8C64-BD2D5CDD7A54}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\crashreporter.exe
FirewallRules: [{DCFD706B-7794-44F7-94AF-0AC679278967}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\crashreporter.exe
FirewallRules: [{AD6B68E6-00DC-489B-8CB8-E116B1217B1B}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\RepairSetup.exe
FirewallRules: [{48B52F45-376A-4BCA-84F4-59E1A7F42737}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\RepairSetup.exe
FirewallRules: [{6D118651-D4D2-4DCA-9C98-9819DB02DE08}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\PPLiveU.exe
FirewallRules: [{4E00EA96-4CA8-4130-AF68-B4A3FAAF9032}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\PPLiveU.exe
FirewallRules: [{960C672D-C3C7-4AC3-A405-8084DCCDFE89}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{63800891-145E-4836-9818-7105F5A60C93}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{5751AA4E-EFBD-40F6-BA56-2A0116363F8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3DC6463E-9D3E-46A0-A7B8-615C408BECE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6C223ECA-53B5-449F-9F08-790EDCDBB806}] => (Allow) LPort=1900
FirewallRules: [{F15DE162-7FC0-400C-900A-A55034F8700F}] => (Allow) LPort=2869
FirewallRules: [{C2E3CB1D-B01E-486C-A839-70C842691A90}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C48EF4F-B6BF-4D0B-A75A-6EFDF09EE1C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3E6D8F02-A405-4C56-97AC-20D0258EA0A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{18D7E246-1820-46A3-B23F-0FF3C9B87CB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BE75EBB7-23C3-4822-B3B2-7E0E42873687}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AEB24280-D3B4-466C-87CC-3ACCA480AD9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7BBF0931-A012-4EEA-A238-C830EBADA0AF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{15E2640C-A44B-4E33-B9E4-2791DCAE8FEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-10-2017 13:43:18 Scheduled Checkpoint
07-11-2017 20:05:24 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/08/2017 11:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1903891
 
Error: (11/08/2017 11:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1903891
 
Error: (11/08/2017 11:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/08/2017 10:39:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3344
 
Error: (11/08/2017 10:39:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3344
 
Error: (11/08/2017 10:39:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/08/2017 09:46:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39301547
 
Error: (11/08/2017 09:46:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39301547
 
Error: (11/08/2017 09:46:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/07/2017 07:41:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78684641
 
 
System errors:
=============
Error: (11/08/2017 11:15:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (11/08/2017 11:14:58 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (11/07/2017 10:00:37 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (11/07/2017 09:33:26 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (11/07/2017 08:10:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (11/06/2017 09:28:18 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (11/06/2017 09:27:48 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (11/06/2017 08:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (11/06/2017 08:49:03 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (11/06/2017 08:45:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-06 21:32:05.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-20 05:03:32.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-16 20:01:20.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-11 09:20:00.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-03 08:48:01.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-14 09:39:43.538
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-19 14:31:41.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-27 12:51:53.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-16 09:00:23.552
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-03 05:12:24.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 33%
Total physical RAM: 5596.26 MB
Available physical RAM: 3698.29 MB
Total Virtual: 6428.26 MB
Available Virtual: 4565.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:670.28 GB) (Free:546.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.15 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 08 November 2017 - 01:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by jk (administrator) on HP (08-11-2017 11:25:28)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Tweaking.com) C:\Users\jk\Desktop\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-23] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-04-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-13] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-11-08]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-11-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-08] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
S3 RTL8187; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [340992 2007-12-25] (NETGEAR Inc.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-23] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-08 11:25 - 2017-11-08 11:26 - 000019057 _____ C:\Users\jk\Downloads\FRST.txt
2017-11-08 11:23 - 2017-11-08 11:23 - 002403328 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-11-07 19:52 - 2017-11-07 19:52 - 000001079 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2017-11-07 19:52 - 2017-11-07 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2017-11-07 19:52 - 2017-11-07 19:52 - 000000000 ____D C:\Program Files (x86)\Runtime Software
2017-11-07 19:50 - 2017-11-07 19:50 - 002023440 _____ C:\Users\jk\Downloads\dixmlsetup.exe
2017-11-06 20:51 - 2017-11-08 11:15 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-06 20:51 - 2017-11-08 11:15 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-06 20:51 - 2017-11-06 20:51 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-06 20:51 - 2017-11-06 20:51 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-06 20:51 - 2017-11-06 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-06 20:06 - 2017-11-06 20:06 - 000000000 ____D C:\Users\jk\Downloads\Autoruns (3)
2017-11-06 20:04 - 2017-11-06 20:13 - 000411117 _____ C:\Users\jk\Downloads\Autoruns (3).zip
2017-11-06 20:04 - 2017-11-06 20:05 - 001306150 _____ C:\Users\jk\Downloads\Autoruns.zip
2017-11-06 20:04 - 2017-11-06 20:05 - 001306150 _____ C:\Users\jk\Downloads\Autoruns (2).zip
2017-11-06 20:04 - 2017-11-06 20:05 - 001306150 _____ C:\Users\jk\Downloads\Autoruns (1).zip
2017-11-06 20:04 - 2017-11-06 20:04 - 000114446 _____ C:\Users\jk\Downloads\Unconfirmed 817915.crdownload
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-08 11:26 - 2017-03-30 09:11 - 000051758 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-08 11:26 - 2017-03-30 09:11 - 000022282 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-08 11:25 - 2017-03-30 13:03 - 000000000 ____D C:\FRST
2017-11-08 11:20 - 2013-03-16 01:12 - 000003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-11-08 11:19 - 2014-11-21 01:44 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-08 11:19 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-08 11:15 - 2013-03-16 01:03 - 000000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-11-08 11:15 - 2012-09-26 06:53 - 000000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-11-08 11:14 - 2016-09-13 19:20 - 000000000 ____D C:\Users\jk
2017-11-08 11:14 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-08 11:14 - 2013-08-22 06:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-11-08 10:31 - 2017-04-25 09:06 - 000000522 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-55595808-3091521971-254164671-1002.job
2017-11-08 10:28 - 2017-04-25 09:06 - 000000618 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-55595808-3091521971-254164671-1002.job
2017-11-07 21:30 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-07 20:31 - 2017-07-10 17:42 - 000000000 ____D C:\Users\jk\AppData\Local\GoToMeeting
2017-11-07 20:10 - 2017-04-25 09:06 - 000003600 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-55595808-3091521971-254164671-1002
2017-11-07 20:10 - 2017-04-25 09:06 - 000003504 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-55595808-3091521971-254164671-1002
2017-11-06 21:25 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-06 21:22 - 2012-08-16 23:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-06 20:24 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-06 20:24 - 2013-03-16 01:03 - 000000000 ____D C:\Users\jk\AppData\Local\Packages
2017-11-06 19:58 - 2017-06-30 14:25 - 000003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-11-06 19:58 - 2017-01-10 16:07 - 000002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-10-27 08:22 - 2017-01-02 17:24 - 000000000 ____D C:\Users\jk\Documents\2017
2017-10-24 06:10 - 2016-05-11 18:28 - 000000000 ____D C:\Users\jk\Documents\Trainers Test
2017-10-20 08:23 - 2013-06-05 16:41 - 000000000 ____D C:\Users\jk\Documents\Employment
2017-10-19 17:12 - 2017-08-13 09:33 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-19 17:12 - 2013-01-22 18:28 - 000220895 ____N C:\WINDOWS\Minidump\101917-37312-01.dmp
2017-10-19 17:01 - 2017-04-04 14:27 - 000000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-10-19 17:01 - 2015-12-15 11:49 - 000003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-10-19 16:11 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== Files in the root of some directories =======
 
2015-01-20 23:14 - 2015-01-20 23:14 - 000023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 04:55 - 2014-08-07 06:40 - 000000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-20 23:27 - 2015-01-20 23:27 - 000023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 09:22 - 2017-03-17 09:22 - 001033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 09:24 - 2017-03-17 09:24 - 000956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 10:43 - 2017-03-08 10:43 - 000005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 08:45 - 2017-03-17 08:45 - 000000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 09:04 - 2017-03-17 09:04 - 000000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-04-02 15:12 - 2017-05-14 11:06 - 001737600 _____ (Microsoft Corporation) C:\Users\jk\AppData\Local\Temp\dllnt_dump.dll
2017-04-26 15:25 - 2017-03-29 10:30 - 011581544 _____ (SurfRight B.V.) C:\Users\jk\AppData\Local\Temp\HitmanPro.exe
2017-05-10 21:00 - 2017-05-10 21:00 - 000739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-13 13:08 - 2017-08-13 13:08 - 000740416 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u144-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-06 21:27
 
==================== End of FRST.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 08 November 2017 - 04:17 PM

Greetings and thank you for the logs.

Not seeing anything of real concern.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/
CustomCLSID: HKU\S-1-5-21-55595808-3091521971-254164671-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.7010.0912\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-55595808-3091521971-254164671-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jk\AppData\Local\Citrix\GoToMeeting\6519\G2MOutlookAddin64.dll => No File
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Please boot into Safe Mode and report your computer performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Safe Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#9 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 08 November 2017 - 10:08 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by jk (08-11-2017 19:56:07) Run:2
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
Task: {1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} - System32\Tasks\AVAST Software\Avast upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe [2016-03-28] (AVAST Software)
Task: {A32929A3-F9E7-469B-AE04-387746B0FD87} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
FirewallRules: [{784C0D0F-A9E5-45A4-8ADF-D64CA21C5A28}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{29F4A800-924F-443C-AB93-0EA7E947E690}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4C595842-5B01-448B-8366-5CD64AB661DB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F39F6B21-798A-4F26-9831-09A4E4D8D45F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "AdAwareTray" /f
Reg: reg delete HKLM\...\StartupApproved\Run /v "AdAwareTray" /f
cmd: dir /a d:\a7f0a964feafc9d9c8486234427a150b
cmd: type C:\Users\jk\Desktop\AdwCleaner[C2].txt
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\Software\Classes\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\Software\Classes\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} => key not found. 
HKLM\Software\Classes\CLSID\{D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found. 
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@pptv.com/plugin => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
C:\WINDOWS\Tasks\HPCeeScheduleForjk.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} => key not found. 
C:\WINDOWS\System32\Tasks\AVAST Software\Avast upgrade utility => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast upgrade utility => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32929A3-F9E7-469B-AE04-387746B0FD87} => key not found. 
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{784C0D0F-A9E5-45A4-8ADF-D64CA21C5A28} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29F4A800-924F-443C-AB93-0EA7E947E690} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C595842-5B01-448B-8366-5CD64AB661DB} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F39F6B21-798A-4F26-9831-09A4E4D8D45F} => value not found.
 
========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "AdAwareTray" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\...\StartupApproved\Run /v "AdAwareTray" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= dir /a d:\a7f0a964feafc9d9c8486234427a150b =========
 
 Volume in drive D is RECOVERY
 Volume Serial Number is 627B-D60A
 
 Directory of d:\
 
File Not Found
 
========= End of CMD: =========
 
 
========= type C:\Users\jk\Desktop\AdwCleaner[C2].txt =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14821088 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1285489020 B
Edge => 0 B
Chrome => 365814980 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 9620 B
NetworkService => 326338 B
jk => 785240921 B
 
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:58:38 ====


#10 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 08 November 2017 - 10:16 PM

Your instructions stated to open FRST, then control "c" the text provided. There were no instructions to control "v" anywhere, so I did not paste. Was that correct?

 

One of the main issues why I contacted bleepingcomputer was because a Windows Defender scan took about 4 days to complete. In order for me to answer your question as to what issues I may still be having, I would have to do a Windows Defender scan again. Would you like me to do the WIndows Defender scan or adwcleaner?

 

Thanks again!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 08 November 2017 - 10:16 PM

The fixlist you ran is not what I provided. Can you explain what happened?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#12 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 08 November 2017 - 11:10 PM

This is what I wrote to you:

"Your instructions stated to open FRST, then control "c" the text provided.   There were no instructions to control "v" anywhere, so I did not paste. Was that correct?"

  

I believe my reply may explain what happened. That is the best answer I can provide as I am not an IT expert.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 09 November 2017 - 10:07 AM

It doesn't make sense but OK.

Please test Windows Defender.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#14 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 10 November 2017 - 12:06 AM

I have started the Windows Defender scan.

 

I read through my previous forum discussion with bleepingcomputer. One of the things mentioned was the location of the FRST download and logs. The previous FRST download is still on my computer. Some logs were in the download folder and some on the desktop. Could this be the explanation that you were looking for?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,499 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 10 November 2017 - 09:49 AM

Yes, that explains it. I would like you to run the fixlist again that I posted here. If you follow the steps exactly as they are listed it will work. It is not necessary to paste the information because when you copy it, it is saved to the clipboard and then FRST automatically pulls the information from the clipboard to complete the fix.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users