Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My pc is much slower than normal and I'd like to check for viruses pls.


  • Please log in to reply
17 replies to this topic

#1 1Steven

1Steven

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 14 November 2017 - 11:36 PM

Bit Defender, Malwarebytes, and Kaspersky didn't turn any thing up.  I wonder if this is something leftover from my last virus.  Many files in different areas have the square black box in the read-only checkbox.  Also I think I am seeing the results of something changing file, folder permissions.  Also, ready-boost cache on usb is being accessed very frequently, but luckily there is plenty of space and memory.
 
Thanks for the help.

Edited by Platypus, 14 November 2017 - 11:45 PM.
Moved from Logs forum, no logs posted.


BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:24 PM

Posted 16 November 2017 - 01:45 PM

Hello Steven,

 

 

I need to advise you due to the Forum Rules that I am NOT a Qualified Malware Removal Expert. I am a member just like you. I have been working with and on computers since the late 1970s though.

 

 

Have you tried running RKill prior to running your Malwarebytes, Kaspersky and Bit Defender Scans?

 

 

If not you might want to try the following steps that will at least allow us to get started:

 

 

:idea:Please try to paste in the reports in the order they're run and leave a few spaces between each. :idea:

 

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run.

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

 

 


Click Go and post the result

 

 

icon1337347931.png

 

  • Download RKill  (Courtesy of Bleeping Computer.com) Here: RKill

  • Save it to your Desktop so you can find it easily.
  • Be patient as it can take a little while to finish.
  • A Black Screen with text on it will pop up while RKill runs.
  • Once it's finished running a Report should Open in Notepad.
  • It should stop most Malware processes so the other tools can run more effectively.
  • When its finished it will create a report on your Desktop.
  • Do NOT Re-Boot your computer before running the below scans.
  • Copy and paste the results into your reply as plain text.

 

NEXT:

 

 

Please download   AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  •  
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

Note: The contents of the AdwCleaner log file might be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.  (Thanks to BRONI for these instructions.)

 

 

NEXT:

 

 

If AdwCleaner required a Reboot, please RE-RUN RKill.

 

 

 

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run.
  • Click Next.
  • Accept the terms in the License Agreement, then click Next Twice.
  • Click Install.
  • Click Finish to launch the program.
  • Once the virus database has been updated automatically click Start Scanning.
  • This Scan can Take Quite Some Time to Complete.
  • If any threats are found click Details, then View log file... (bottom left hand corner.)
  • Copy and Paste the Results in your Reply.
  • Close the Notepad document, close the Threat Details screen, then click on Start cleanup.
  • Note: There shouldn't be a Report if No Threat was found.

Click Exit to shutdown the Sophos Virus Removal Tool.​

 

 

If you encouncounter ANY problems carrying out the above steps, please reply

 

Please don't run any other tools for the time being.

 

Also, note that I'm running on Australian Time so my responses may take a little while.

 

 

Do not Edit Your Post to Reply. Create a New Reply or I won't know you've responded.

 

 

(My personal thanks to BRONI for providing most of the instruction lists used here)


Edited by Unworn_Kilt, 16 November 2017 - 01:50 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 17 November 2017 - 04:46 AM

Thanks for the help with this. I ran the security check program and it came out ok except that PC health did not show a number, just a percent sign.  It looked ok though.

 

I will continue working on this process tonight.



#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:24 PM

Posted 17 November 2017 - 06:51 AM

Great,

 

 

Please feel free to post each log as you complete the scans. That way I can start to have a look at things.

 

 

Good luck.

 

 

Kilt.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 19 November 2017 - 01:09 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Windows Defender                         
Bitdefender Antivirus Free Antimalware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Wise Disk Cleaner 9.5.7  
 Java 8 Update 144  
 Java version 32-bit out of Date! 
 Adobe Flash Player 27.0.0.187  
 Mozilla Firefox (55.0.3) 
 Google Chrome (62.0.3202.94) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
 Bitdefender Antivirus Free vsserv.exe   
 Bitdefender Antivirus Free updatesrv.exe   
 Bitdefender Antivirus Free bdagent.exe   
 Bitdefender Agent ProductAgentService.exe   
 Kaspersky Lab Kaspersky Security Scan kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 19 November 2017 - 01:11 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Steven (administrator) on 19-11-2017 at 13:01:56
Running from "C:\Users\Steven\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#7 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:24 PM

Posted 19 November 2017 - 02:19 PM

Hi Steven,

 

 

I'd suggest downloading Secunia Personal Software Inspector v3.0 from:   HERE

 

When we're done. It will help keep your software up to date and reduce the chances of vulnerabilities.

 

It updates most software automatically, occasionally though it will advise you that there's an update that needs to be

manually performed.

 

I just noticed that your Java is out of date,

 

You can manually update it from the manufacturer at this link: https://www.java.com/en/download/help/java_update.xml

 

 

How are you getting on with those scans?


Edited by Unworn_Kilt, 19 November 2017 - 02:52 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#8 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 21 November 2017 - 04:05 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Steven (administrator) on 21-11-2017 at 03:52:22
Running from "C:\Users\Steven\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Studio XPS 435MT Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us0-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS ge4dklrtgixdemrrfyzdinzdge2dsnrxga3tembq.cd-n.net:443';}"
"network.proxy.autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us0-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS ge4dklrtgixdemrrfyzdinzdge2dsnrxga3tembq.cd-n.net:443';}"
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® 82567LF-2 Gigabit Network Connection = My Li'l Ethernet Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="My Li'l Ethernet Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Aphrodite
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.
 
Ethernet adapter My Li'l Ethernet Connection:
 
   Connection-specific DNS Suffix  . : hsd1.ma.comcast.net.
   Description . . . . . . . . . . . : Intel® 82567LF-2 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-24-E8-20-1F-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:19b:a00:7e30:6881:dcc3:e606:7346(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:19b:a00:7e30:5d49:fa32:faff:ef81(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::6881:dcc3:e606:7346%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 19, 2017 7:01:45 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 28, 2017 3:41:06 AM
   Default Gateway . . . . . . . . . : fe80::200:caff:fe11:2233%3
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 184558824
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-C2-31-5D-00-24-E8-20-1F-64
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       156.154.70.22
                                       156.154.71.22
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10b6:396d:f5ff:fffd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::10b6:396d:f5ff:fffd%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 268435456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-C2-31-5D-00-24-E8-20-1F-64
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4006:805::200e
  172.217.6.206
 
 
Pinging google.com [2607:f8b0:4006:810::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:810::200e: time=17ms 
Reply from 2607:f8b0:4006:810::200e: time=17ms 
 
Ping statistics for 2607:f8b0:4006:810::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 17ms, Average = 17ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
  2001:4998:58:2201::73
  2001:4998:44:204::100d
  98.139.180.180
  206.190.39.42
  98.138.252.38
 
 
Pinging yahoo.com [2001:4998:c:e33::53] with 32 bytes of data:
Reply from 2001:4998:c:e33::53: time=89ms 
Reply from 2001:4998:c:e33::53: time=87ms 
 
Ping statistics for 2001:4998:c:e33::53:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 89ms, Average = 88ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...00 24 e8 20 1f 64 ......Intel® 82567LF-2 Gigabit Network Connection
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.2     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    281
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    281 ::/0                     fe80::200:caff:fe11:2233
  1    331 ::1/128                  On-link
  8    331 2001::/32                On-link
  8    331 2001:0:5ef5:79fb:10b6:396d:f5ff:fffd/128
                                    On-link
  3    281 2601:19b:a00:7e30::/64   On-link
  3    281 2601:19b:a00:7e30:5d49:fa32:faff:ef81/128
                                    On-link
  3    281 2601:19b:a00:7e30:6881:dcc3:e606:7346/128
                                    On-link
  3    281 fe80::/64                On-link
  8    331 fe80::/64                On-link
  8    331 fe80::10b6:396d:f5ff:fffd/128
                                    On-link
  3    281 fe80::6881:dcc3:e606:7346/128
                                    On-link
  1    331 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  8    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/21/2017 03:51:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 10:23:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 10:23:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:55:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:55:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:54:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:54:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:38:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:38:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
Error: (11/19/2017 07:24:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.
 
 
System errors:
=============
Error: (11/20/2017 03:18:32 AM) (Source: DCOM) (User: APHRODITE)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}APHRODITEStevenS-1-5-21-707114421-107573440-2922507842-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/19/2017 10:00:19 PM) (Source: DCOM) (User: APHRODITE)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}APHRODITEStevenS-1-5-21-707114421-107573440-2922507842-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/19/2017 07:54:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRDTBJJ-Microsoft.Getstarted.
 
Error: (11/19/2017 07:23:08 PM) (Source: Service Control Manager) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (11/19/2017 07:22:26 PM) (Source: Service Control Manager) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/19/2017 07:15:17 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (11/19/2017 07:10:57 PM) (Source: WinRM) (User: )
Description: *HTTP
 
Error: (11/19/2017 07:02:31 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IObitUnSvr service to connect.
 
Error: (11/19/2017 07:01:06 PM) (Source: amdkmdag) (User: )
Description: EDID contain an error in the RangeLimit field
 
Error: (11/19/2017 06:59:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
Microsoft Office Sessions:
=========================
Error: (11/21/2017 03:51:29 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 10:23:07 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 10:23:07 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:55:44 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:55:29 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:54:31 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:54:13 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:38:12 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:38:12 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
Error: (11/19/2017 07:24:43 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifestC:\Program Files (x86)\Audacity\audacity.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-11-21 03:51:24.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:51:24.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:51:13.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:51:13.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:58.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:58.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:47.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:47.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:43.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-21 03:50:43.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
========================= Devices: ================================
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#9 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 21 November 2017 - 04:10 AM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/21/2017 04:07:51 AM in x64 mode.
Windows Version: Windows 10 Home
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000


#10 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 21 November 2017 - 04:21 AM

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 21 09:17:47 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 10-28-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare, C:\Users\Steven\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Users\Steven\AppData\Roaming\Wise Euask
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1373 B] - [2017/10/17 11:22:44]
C:/AdwCleaner/AdwCleaner[C1].txt - [1449 B] - [2017/10/20 2:17:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1584 B] - [2017/10/20 3:8:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [1263 B] - [2017/10/17 11:21:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [1141 B] - [2017/10/18 7:14:38]
C:/AdwCleaner/AdwCleaner[S2].txt - [1209 B] - [2017/10/19 16:9:42]
C:/AdwCleaner/AdwCleaner[S3].txt - [1277 B] - [2017/10/20 2:13:44]
C:/AdwCleaner/AdwCleaner[S4].txt - [1413 B] - [2017/10/20 3:6:24]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########


#11 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 21 November 2017 - 04:45 AM

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 21 09:35:52 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\Steven\AppData\Roaming\Wise Euask
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1373 B] - [2017/10/17 11:22:44]
C:/AdwCleaner/AdwCleaner[C1].txt - [1449 B] - [2017/10/20 2:17:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1584 B] - [2017/10/20 3:8:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [1263 B] - [2017/10/17 11:21:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [1141 B] - [2017/10/18 7:14:38]
C:/AdwCleaner/AdwCleaner[S2].txt - [1209 B] - [2017/10/19 16:9:42]
C:/AdwCleaner/AdwCleaner[S3].txt - [1277 B] - [2017/10/20 2:13:44]
C:/AdwCleaner/AdwCleaner[S4].txt - [1413 B] - [2017/10/20 3:6:24]
C:/AdwCleaner/AdwCleaner[S5].txt - [1619 B] - [2017/11/21 9:17:47]
C:/AdwCleaner/AdwCleaner[S6].txt - [1595 B] - [2017/11/21 9:29:37]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########


#12 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:24 PM

Posted 21 November 2017 - 11:50 AM

G'day again Steven,

 

 

Thank you for the reports.

 

 

I'd like you to download the latest version of MalwareBytes (3.3.1.2183) and Install it.

 

 

You can get it:   HERE

 

 

Please download it to your Desktop and Run through the Installer then click Finish.

If the Program doesn't Automatically Update, please Update it. (There should be a link on the Right Side.)

.

Once it's installed, click on Settings then Protection.

  1. Enable Scan For Rootkits.
  2. Enable Scan Within Archives.
  3. Enable Self Protection.
  4. Enable Start Module.
  5. Enable Self Protection Module Early Start (If able.)

If you're unable to start any of these, please skip them but let me know in your reply.

 

Return to the Main Screen(Dashboard) and select CLICK SCAN NOW.

Note: The program may Update again whilst the SCAN is starting.

 

Once the computer has restarted, return to MalwareBytes and GO TO REPORTS.

Please PASTE IN your scan/cleaning results to your next reply.

 

 

I'm likely to be away for a couple of days. If you get into trouble please contact one of the Moderators.

 

 

Good luck with the scan.

 

 

Cheers,

 

 

 

Kilt.

  •  

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#13 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 23 November 2017 - 09:26 PM

MalwareBytes scan result:  0 threats found.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:24 AM

Posted 24 November 2017 - 10:39 AM

Hello, I'd like to do this and see how it is after.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 1Steven

1Steven
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 24 November 2017 - 06:14 PM

 Tweaking.com - Windows Repair 2018 (v4.0.10)

--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.16299.64
OS Service Pack: 
Computer Name: APHRODITE
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Steven
Current Profile SID: S-1-5-21-707114421-107573440-2922507842-1001
Current Profile Classes: S-1-5-21-707114421-107573440-2922507842-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Steven\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:58:56
 
Process Count: 128
Commit Total: 4.32 GB
Commit Limit: 7.61 GB
Commit Peak: 6.49 GB
Handle Count: 46177
Kernel Total: 476.92 MB
Kernel Paged: 374.35 MB
Kernel Non Paged: 102.57 MB
System Cache: 2.50 GB
Thread Count: 1550
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.99 GB
Memory Used: 3.57 GB(59.6014%)
Memory Avail.: 2.42 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.99 GB
Memory Used: 3.19 GB(53.2461%)
Memory Avail.: 2.80 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (11/24/2017 12:21:17 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 74
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (11/24/2017 12:21:23 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.59 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  7.4 seconds.
 
   Running Repair Under System Account
   Done (11/24/2017 12:23:02 PM)
 
02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (11/24/2017 12:23:02 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done,  0.35 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done,  0.74 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done,  2.27 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done,  0.37 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done,  1.1 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done,  7.2 seconds.
 
   Running Repair Under System Account
   Done (11/24/2017 12:50:43 PM)
 
03 - Reset Service Permissions
   Start (11/24/2017 12:50:44 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 12:51:22 PM)
 
04 - Register System Files
   Start (11/24/2017 12:51:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 12:56:03 PM)
 
05 - Repair WMI
   Start (11/24/2017 12:56:03 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Windows Defender Exported.
   Bitdefender Antivirus Free Antimalware Exported.
 
   Exporting AntiSpyware Info...
   Bitdefender Antivirus Free Antimalware Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   COMODO Firewall Exported.
 
   Running Repair Under Current User Account
   Done (11/24/2017 1:14:51 PM)
 
06 - Repair Windows Firewall
   Start (11/24/2017 1:14:51 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  1.03 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:15:30 PM)
 
07 - Repair Internet Explorer
   Start (11/24/2017 1:15:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:16:35 PM)
 
08 - Repair MDAC/MS Jet
   Start (11/24/2017 1:16:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:17:21 PM)
 
09 - Repair Hosts File
   Start (11/24/2017 1:17:21 PM)
   Running Repair Under System Account
   Done (11/24/2017 1:17:23 PM)
 
10 - Remove Policies Set By Infections
   Start (11/24/2017 1:17:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:17:33 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (11/24/2017 1:17:33 PM)
   Running Repair Under System Account
   Done (11/24/2017 1:17:35 PM)
 
12 - Repair Icons
   Start (11/24/2017 1:17:35 PM)
   Running Repair Under Current User Account
   Done (11/24/2017 1:22:35 PM)
 
13 - Repair Network
   Start (11/24/2017 1:22:35 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.48 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:23:57 PM)
 
14 - Remove Temp Files
   Start (11/24/2017 1:23:57 PM)
   Running Repair Under System Account
   Done (11/24/2017 1:23:59 PM)
 
15 - Repair Proxy Settings
   Start (11/24/2017 1:23:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:24:03 PM)
 
16 - Repair Windows Updates
   Start (11/24/2017 1:24:03 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.27 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
 
The current repair has failed to start for over 30 sec.
Trying Again....
 
   Running Repair Under System Account
 
The current repair has failed to start for over 30 sec.
Trying Again....
 
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (11/24/2017 1:26:33 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (11/24/2017 1:26:33 PM)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (11/24/2017 1:26:33 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (11/24/2017 1:26:33 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.24 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:27:39 PM)
 
19 - Repair Windows Sidebar/Gadgets
   Start (11/24/2017 1:27:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:27:46 PM)
 
20 - Repair MSI (Windows Installer)
   Start (11/24/2017 1:27:46 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.97 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:21 PM)
 
21 - Repair Windows Snipping Tool
   Start (11/24/2017 1:28:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:24 PM)
 
22.01 - Repair bat Association
   Start (11/24/2017 1:28:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:26 PM)
 
22.02 - Repair cmd Association
   Start (11/24/2017 1:28:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:29 PM)
 
22.03 - Repair com Association
   Start (11/24/2017 1:28:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:32 PM)
 
22.04 - Repair Directory Association
   Start (11/24/2017 1:28:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:35 PM)
 
22.05 - Repair Drive Association
   Start (11/24/2017 1:28:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:37 PM)
 
22.06 - Repair exe Association
   Start (11/24/2017 1:28:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:40 PM)
 
22.07 - Repair Folder Association
   Start (11/24/2017 1:28:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:43 PM)
 
22.08 - Repair inf Association
   Start (11/24/2017 1:28:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:45 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (11/24/2017 1:28:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:49 PM)
 
22.10 - Repair msc Association
   Start (11/24/2017 1:28:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:51 PM)
 
22.11 - Repair reg Association
   Start (11/24/2017 1:28:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:53 PM)
 
22.12 - Repair scr Association
   Start (11/24/2017 1:28:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:28:58 PM)
 
23 - Repair Windows Safe Mode
   Start (11/24/2017 1:28:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:29:00 PM)
 
24 - Repair Print Spooler
   Start (11/24/2017 1:29:00 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.29 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 1:29:30 PM)
 
25 - Restore Important Windows Services
   Skipping Repair.
   This repair is currently being updated to support the Windows 10 Fall Update
 
26 - Set Windows Services To Default Startup
   Skipping Repair.
   This repair is currently being updated to support the Windows 10 Fall Update
 
27.01 - Repair Windows 8/10 App Store
   Start (11/24/2017 1:29:31 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.47 seconds.
 
   Running Repair Under Current User Account
   Done (11/24/2017 1:42:23 PM)
 
28 - Repair Windows 8/10 Component Store
   Start (11/24/2017 1:42:23 PM)
   Running Repair Under Current User Account
   Done (11/24/2017 2:39:05 PM)
 
29 - Restore Windows 8/10 COM+ Unmarshalers
   Start (11/24/2017 2:39:05 PM)
   Running Repair Under System Account
[X] -----Job Complete-----         Items Done: 1      
   Done (11/24/2017 2:39:13 PM)
 
30 - Repair Windows 'New' Submenu
   Start (11/24/2017 2:39:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 2:39:15 PM)
 
31 - Restore UAC (User Account Control) Settings
   Start (11/24/2017 2:39:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/24/2017 2:39:18 PM)
 
32 - Repair Performance Counters
   Start (11/24/2017 2:39:18 PM)
   Running Repair Under Current User Account
   Done (11/24/2017 2:39:23 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (11/24/2017 2:39:24 PM)
   Total Repair Time: 02:18:09
 
 
...YOU MUST RESTART YOUR SYSTEM...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users