Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Hunter informs that infected with Trojan Horse TR/CRYPT.XPACK.Gen3


  • This topic is locked This topic is locked
8 replies to this topic

#1 Lintle1234

Lintle1234

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 15 February 2018 - 11:19 AM

Hi,

 

I was informed by a piece of scanning software called Malware Hunter (part of the Glarysoft suite) that my computer was infected with Trojan Horse TR/Rootkit.Gen and TR/CRYPT.XPACK.Gen3. The files affected were all in the C:\Windows\System32 folder. The sub-folder strings are a bit long to put here (can be supplied, if necessary) but here is a list of supposedly affected files: vrd.sys, dusmtask.exe, FXSCOVER.exe, ChsIME.exe, audit.exe, UserOOBEBroker.exe, SpeechUXWiz.exe, TieringEngineService.exe and UpgradeResultsUI.exe.

 

I have regularly scanned my system with Malwarebytes and Windows Defender and these have never reported any problems. The computer also does not show any symtoms of infection.

 

I entered a post and was replied to by boopme. I ran all the scans suggested by him, namely tdsskiller, AdwCleaner.exe, EmsisoftAntiMalwareSetup_bc.exe, esetonlinescanner_enu.exe, mbar_1.10.3.1001.exe and MiniToolBox.exe with nothing found.

 

I suspect my computer to be clean but would like to be absolutely sure so boopme suggested opening a final post here having run the FRST scanner.

 

Here are the two text file results from this run. Thank you very much for your help.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12.02.2018
Ran by Eric (administrator) on ERIC (15-02-2018 15:27:48)
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric & Guest & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1709 16299.214 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Ralink) C:\Program Files\Ralink\Common\RaMediaServer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
Failed to access process -> RaMediaServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTE.EXE
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.212_none_baeaf0f8799f9529\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [MalTray] => C:\Program Files\Glarysoft\Malware Hunter\mhtray.exe [980984 2018-01-08] (Glarysoft Ltd)
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2018-02-02] (Glarysoft Ltd)
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIHTE.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIHTE.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\Run: [FlickrUploadr] => C:\Users\Eric\AppData\Local\FlickrUploadrWindows\Update.exe [1498608 2016-03-16] (Paul Betts)
BootExecute: autocheck autochk * 
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9fa26ba2-ccce-4a00-95ec-4c82977ac541}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d857a757-2f1a-40ef-bc95-43a006a68499}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-30] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-30] (Google Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://www.wix.com/favicon.ico
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-19]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-06]
CHR Extension: (My Account | Wix.com) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbknidljipcgfgdcadnnempkgealgdj [2018-01-15]
CHR Extension: (Sheets) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-19]
CHR Extension: (Self Publishing | Amazon Kindle Direc...) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkopibggmalefhmchjndlemgemolccd [2017-11-11]
CHR Extension: (Google Docs) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbkfobekhmcefihagohoakacmbgchii [2017-10-24]
CHR Extension: (Bike hire in Milton Keynes | Santande...) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbojdeibcpglfonldkflhfkfhilpncg [2017-06-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-15]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-12]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-354478703-3514034584-2126732561-1155\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [684032 2008-06-03] (ATI Technologies Inc.) [File not signed]
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-24] (SEIKO EPSON CORPORATION)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498096 2017-09-20] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [383280 2013-03-27] (Ralink Technology, Corp.)
U2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [279264 2018-01-22] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [86552 2018-01-22] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\system32\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\system32\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-04-18] (Glarysoft Ltd)
S3 GUMHFilters; C:\Program Files\Glarysoft\Malware Hunter\Native\winxp_x86\GUMHFilter.sys [41008 2017-10-25] (Glarysoft Ltd)
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [17472 2018-01-02] (Glarysoft Ltd)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2018-01-28] (Malwarebytes)
R1 MpKslb021a15f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7800C60-6B93-45B8-9E0C-09AE1D1559F5}\MpKslb021a15f.sys [49504 2018-02-15] (Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [15360 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38904 2018-01-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [238160 2018-01-22] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [93776 2018-01-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)
U2 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-15 15:27 - 2018-02-15 15:29 - 000013006 _____ C:\Users\Eric\Desktop\FRST.txt
2018-02-15 15:09 - 2018-02-15 15:27 - 000000000 ____D C:\FRST
2018-02-15 15:07 - 2018-02-15 15:06 - 001764352 _____ (Farbar) C:\Users\Eric\Desktop\FRST.exe
2018-02-15 15:06 - 2018-02-15 15:06 - 001764352 _____ (Farbar) C:\Users\Eric\Downloads\FRST.exe
2018-02-07 10:27 - 2018-02-07 10:28 - 049803880 _____ (Google Inc.) C:\Users\Eric\Downloads\Google_Chrome_(32bit)_v64.0.3282.119.exe
2018-02-07 10:18 - 2018-02-07 10:21 - 017183648 _____ C:\Users\Eric\Downloads\Glary_Utilities_v5.92.0.114.exe
2018-02-07 10:15 - 2018-02-07 10:15 - 001754192 _____ (CPUID, Inc. ) C:\Users\Eric\Downloads\CPU_Z_v1.83.exe
2018-02-05 14:14 - 2018-02-05 14:15 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Eric\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-02-05 13:20 - 2018-02-05 13:20 - 000222648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\444E7373.sys
2018-02-05 12:59 - 2018-02-05 13:50 - 000000000 ____D C:\Users\Eric\Desktop\mbar
2018-02-05 12:59 - 2018-02-05 13:50 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-05 12:59 - 2018-02-05 13:18 - 000166848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-02-05 12:56 - 2018-02-05 12:57 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Eric\Downloads\mbar-1.10.3.1001.exe
2018-02-04 13:11 - 2018-02-15 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-04 12:59 - 2018-01-17 21:19 - 000915320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-04 12:59 - 2018-01-17 21:19 - 000799592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-04 12:59 - 2018-01-17 21:16 - 006413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-04 12:59 - 2018-01-17 21:16 - 001627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-04 12:59 - 2018-01-17 21:16 - 001116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-04 12:59 - 2018-01-17 21:16 - 000975216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-04 12:59 - 2018-01-17 21:13 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-04 12:59 - 2018-01-17 21:13 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-02-04 12:59 - 2018-01-17 21:12 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-04 12:59 - 2018-01-17 21:10 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-04 12:59 - 2018-01-17 21:10 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-04 12:59 - 2018-01-17 21:10 - 002338784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-04 12:59 - 2018-01-17 21:10 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-04 12:59 - 2018-01-17 21:10 - 002117536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-04 12:59 - 2018-01-17 21:09 - 001852312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-04 12:59 - 2018-01-17 21:09 - 000538760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-04 12:59 - 2018-01-17 21:09 - 000534432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-04 12:59 - 2018-01-17 21:09 - 000434080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-04 12:59 - 2018-01-17 21:09 - 000414832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-04 12:59 - 2018-01-17 21:09 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 006479560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 000982536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 000662216 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-04 12:59 - 2018-01-17 21:07 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-04 12:59 - 2018-01-17 21:06 - 001149280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-04 12:59 - 2018-01-17 21:06 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-04 12:59 - 2018-01-17 21:06 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-04 12:59 - 2018-01-17 21:04 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-04 12:59 - 2018-01-17 20:48 - 013703680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-04 12:59 - 2018-01-17 20:44 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-04 12:59 - 2018-01-17 20:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-04 12:59 - 2018-01-17 20:43 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-04 12:59 - 2018-01-17 20:42 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-04 12:59 - 2018-01-17 20:42 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2018-02-04 12:59 - 2018-01-17 20:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-04 12:59 - 2018-01-17 20:40 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-04 12:59 - 2018-01-17 20:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-04 12:59 - 2018-01-17 20:39 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-04 12:59 - 2018-01-17 20:39 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-04 12:59 - 2018-01-17 20:39 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-04 12:59 - 2018-01-17 20:39 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-04 12:59 - 2018-01-17 20:38 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-04 12:59 - 2018-01-17 20:38 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-04 12:59 - 2018-01-17 20:37 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-04 12:59 - 2018-01-17 20:37 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-02-04 12:59 - 2018-01-17 20:37 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-04 12:59 - 2018-01-17 20:37 - 001771520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-04 12:59 - 2018-01-17 20:37 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-04 12:59 - 2018-01-17 20:36 - 002650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-04 12:59 - 2018-01-17 20:36 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-04 12:59 - 2018-01-17 20:36 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-04 12:59 - 2018-01-17 20:36 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 001623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-04 12:59 - 2018-01-17 20:35 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-02-04 12:59 - 2018-01-17 20:34 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-04 12:59 - 2018-01-17 20:34 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-02-04 12:59 - 2018-01-17 20:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-04 12:59 - 2018-01-17 20:33 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-04 12:59 - 2018-01-11 00:05 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2018-02-04 12:59 - 2018-01-11 00:05 - 000358816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-04 12:58 - 2018-01-17 21:46 - 000239000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-04 12:58 - 2018-01-17 21:19 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-04 12:58 - 2018-01-17 21:16 - 002255120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-04 12:58 - 2018-01-17 21:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-04 12:58 - 2018-01-17 21:13 - 004382040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-04 12:58 - 2018-01-17 21:13 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-04 12:58 - 2018-01-17 21:10 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-04 12:58 - 2018-01-17 21:10 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-04 12:58 - 2018-01-17 21:10 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-04 12:58 - 2018-01-17 21:10 - 000339360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-04 12:58 - 2018-01-17 21:09 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-04 12:58 - 2018-01-17 21:09 - 000718488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-04 12:58 - 2018-01-17 21:09 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-04 12:58 - 2018-01-17 21:09 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-04 12:58 - 2018-01-17 21:09 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-04 12:58 - 2018-01-17 21:09 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-04 12:58 - 2018-01-17 21:08 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-04 12:58 - 2018-01-17 21:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-04 12:58 - 2018-01-17 21:08 - 000083224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-04 12:58 - 2018-01-17 21:08 - 000076184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-04 12:58 - 2018-01-17 21:08 - 000040856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-04 12:58 - 2018-01-17 21:07 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-04 12:58 - 2018-01-17 21:07 - 000225176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-04 12:58 - 2018-01-17 21:07 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-04 12:58 - 2018-01-17 21:06 - 001006192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-04 12:58 - 2018-01-17 21:06 - 000386432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-04 12:58 - 2018-01-17 21:06 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-02-04 12:58 - 2018-01-17 21:04 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-04 12:58 - 2018-01-17 20:46 - 018921984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-04 12:58 - 2018-01-17 20:44 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-04 12:58 - 2018-01-17 20:44 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-04 12:58 - 2018-01-17 20:44 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-04 12:58 - 2018-01-17 20:44 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-04 12:58 - 2018-01-17 20:42 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-04 12:58 - 2018-01-17 20:42 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-04 12:58 - 2018-01-17 20:42 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-04 12:58 - 2018-01-17 20:41 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-04 12:58 - 2018-01-17 20:40 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-04 12:58 - 2018-01-17 20:40 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-04 12:58 - 2018-01-17 20:40 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-04 12:58 - 2018-01-17 20:40 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-02-04 12:58 - 2018-01-17 20:39 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-04 12:58 - 2018-01-17 20:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-02-04 12:58 - 2018-01-17 20:38 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-04 12:58 - 2018-01-17 20:38 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 003227648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-02-04 12:58 - 2018-01-17 20:37 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
2018-02-04 12:58 - 2018-01-17 20:36 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-04 12:58 - 2018-01-17 20:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-04 12:58 - 2018-01-17 20:36 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-02-04 12:58 - 2018-01-17 20:36 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-02-04 12:58 - 2018-01-17 20:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-02-04 12:58 - 2018-01-17 20:36 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-04 12:58 - 2018-01-17 20:36 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-04 12:58 - 2018-01-17 20:35 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 001352192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000973312 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-02-04 12:58 - 2018-01-17 20:35 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-02-04 12:58 - 2018-01-17 20:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-04 12:58 - 2018-01-17 20:34 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-02-04 12:58 - 2018-01-17 20:34 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-04 12:58 - 2018-01-17 20:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-04 12:58 - 2018-01-17 20:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-04 12:58 - 2018-01-17 20:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-04 12:58 - 2018-01-17 20:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-04 12:58 - 2018-01-17 20:32 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-04 12:58 - 2018-01-17 20:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-04 12:58 - 2018-01-17 20:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-04 12:58 - 2018-01-17 20:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-04 12:58 - 2018-01-17 20:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-02-04 12:58 - 2018-01-17 20:31 - 001104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-02-04 12:58 - 2018-01-17 20:31 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-02-04 12:58 - 2018-01-17 20:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-02-04 12:58 - 2018-01-17 20:31 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-02-04 12:58 - 2018-01-17 18:45 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-01-31 14:07 - 2018-01-31 14:08 - 000332658 _____ C:\TDSSKiller.3.1.0.16_31.01.2018_14.07.06_log.txt
2018-01-31 11:26 - 2018-02-04 13:11 - 000000000 ____D C:\Users\Eric\AppData\Local\ESET
2018-01-31 11:25 - 2018-01-31 11:25 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Eric\Downloads\esetonlinescanner_enu.exe
2018-01-31 11:05 - 2018-01-31 11:17 - 000000000 ____D C:\AdwCleaner
2018-01-31 11:03 - 2018-01-31 11:03 - 008206624 _____ (Malwarebytes) C:\Users\Eric\Downloads\AdwCleaner.exe
2018-01-31 11:00 - 2018-02-05 14:16 - 000000000 ____D C:\Users\Eric\Desktop\BCDisinfection Kit
2018-01-31 10:57 - 2018-01-31 11:00 - 000259436 _____ C:\TDSSKiller.3.1.0.16_31.01.2018_10.57.49_log.txt
2018-01-31 10:54 - 2018-01-31 10:54 - 004853348 _____ C:\Users\Eric\Downloads\tdsskiller.zip
2018-01-31 10:50 - 2018-02-04 12:23 - 000000000 ____D C:\Users\Eric\Desktop\BleepingComputer
2018-01-31 10:45 - 2018-01-31 10:45 - 000892416 _____ (Farbar) C:\Users\Eric\Downloads\MiniToolBox.exe
2018-01-28 18:22 - 2018-01-28 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-01-28 18:22 - 2018-01-28 18:22 - 000000000 ____D C:\Program Files\EPSON Software
2018-01-28 18:19 - 2018-01-28 18:20 - 005967872 _____ C:\Users\Eric\Downloads\epson628188eu.exe
2018-01-28 18:16 - 2018-01-28 18:16 - 000000000 ____D C:\Users\Eric\Downloads\Manual
2018-01-28 18:16 - 2018-01-28 18:16 - 000000000 ____D C:\Users\Eric\Downloads\_model
2018-01-28 18:16 - 2018-01-28 18:16 - 000000000 ____D C:\Users\Eric\Downloads\_cdres
2018-01-28 18:16 - 2011-08-11 20:20 - 000883848 _____ (Seiko Epson Corporation) C:\Users\Eric\Downloads\InstallNavi.exe
2018-01-28 18:16 - 2005-09-24 01:28 - 001638400 _____ (Microsoft Corporation) C:\Users\Eric\Downloads\gdiplus.dll
2018-01-28 18:15 - 2018-01-28 18:15 - 006160656 _____ (SEIKO EPSON CORPORATION) C:\Users\Eric\Downloads\epson377528eu.exe
2018-01-28 16:10 - 2018-01-28 16:11 - 000041987 _____ C:\Users\Eric\Desktop\Google Email.html
2018-01-16 15:08 - 2018-01-28 15:06 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-16 15:07 - 2018-01-16 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-16 15:07 - 2018-01-16 15:07 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-16 11:00 - 2018-01-16 11:00 - 021830890 _____ C:\Users\Eric\Downloads\windows10.0-kb4056887-x64_9dc45f5aab4a44ce99c4ce914f26983ed4cc65ac.msu
2018-01-16 10:59 - 2018-01-16 10:59 - 010667981 _____ C:\Users\Eric\Downloads\windows10.0-kb4056887-x86_01fc44db1abb9121ecb894f961fe47af3e6e679f (1).msu
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-15 15:22 - 2017-09-29 11:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-15 15:20 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-15 15:17 - 2013-05-01 08:38 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-15 15:05 - 2016-06-12 17:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 15:02 - 2017-09-29 11:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-15 15:02 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-15 14:54 - 2014-08-25 13:05 - 000000000 ____D C:\Program Files\Glary Utilities 5
2018-02-11 11:26 - 2017-12-26 20:34 - 001043734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-11 11:23 - 2017-09-29 11:52 - 000000000 ____D C:\WINDOWS\INF
2018-02-07 13:51 - 2017-12-26 20:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-07 10:26 - 2014-08-25 13:06 - 000001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-02-07 10:02 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-06 02:49 - 2017-09-29 11:57 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-02-06 02:49 - 2017-09-29 11:57 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-02-05 13:54 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\rescache
2018-02-05 13:20 - 2016-04-18 22:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-04 13:17 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-04 13:15 - 2017-12-14 18:12 - 000000000 ___RD C:\Users\Eric\3D Objects
2018-02-04 13:15 - 2016-04-27 04:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-04 13:13 - 2017-12-26 20:30 - 000246656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-04 13:11 - 2017-12-26 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-04 13:10 - 2017-09-29 05:31 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-02-04 13:09 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-04 13:09 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-04 13:09 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-04 13:09 - 2017-09-29 11:55 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-04 13:02 - 2017-09-29 11:49 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-01-31 11:27 - 2017-01-27 12:28 - 000002394 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 11:27 - 2016-04-18 18:07 - 000000000 ___RD C:\Users\Eric\OneDrive
2018-01-28 18:23 - 2014-09-07 13:07 - 000000000 ____D C:\ProgramData\EPSON
2018-01-27 10:17 - 2013-04-25 15:13 - 000456864 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-16 10:57 - 2018-01-02 10:52 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk
==================== Files in the root of some directories =======
2016-04-18 15:07 - 2017-02-04 12:29 - 000007622 _____ () C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
2016-06-02 10:50 - 2016-06-02 10:50 - 000000000 _____ () C:\Users\Eric\AppData\Local\{2998C05D-7574-4B6F-8FFA-F783332A864A}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 13:33
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12.02.2018
Ran by Eric (15-02-2018 15:31:52)
Running from C:\Users\Eric\Desktop
Microsoft Windows 10 Home Version 1709 16299.214 (X86) (2017-12-26 21:08:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-354478703-3514034584-2126732561-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-354478703-3514034584-2126732561-503 - Limited - Disabled)
Eric (S-1-5-21-354478703-3514034584-2126732561-1155 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-354478703-3514034584-2126732561-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-354478703-3514034584-2126732561-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-354478703-3514034584-2126732561-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Belarc Advisor 8.5c (HKLM\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPUID CPU-Z 1.83 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.83 - CPUID, Inc.)
EaseUS Partition Master 11.9 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Epson Software Updater (HKLM\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON SX535WD Series Printer Uninstall (HKLM\...\EPSON SX535WD Series) (Version:  - SEIKO EPSON Corporation)
Flickr Uploadr for Windows (HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\FlickrUploadrWindows) (Version: 1.0.1.292 - Flickr)
Free BMP To PDF Converter (HKLM\...\{E6D45571-E9A6-4856-B184-9177B27C70C8}) (Version: 1.0.0 - Free PDF Solutions)
GameShadow (HKLM\...\{000A4757-A5A0-4B41-8C78-702E1A4F49ED}) (Version: 2.02.0000 - GameShadow Ltd)
Glary Utilities 5.92 (HKLM\...\Glary Utilities 5) (Version: 5.92.0.114 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HPDiagnosticAlert (HKLM\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Kindle Previewer 3 (HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\Kindle Previewer 3) (Version: 3.15.0 - Amazon)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malware Hunter 1.51.0.481 (HKLM\...\Malware Hunter) (Version: 1.51.0.481 - Glarysoft Ltd)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MergeModule_x86 (HKLM\...\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}) (Version: 10.5.00 - Sony Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.4 (HKLM\...\{43D0929E-E6D1-40A9-81C5-2073F995A95D}) (Version: 4.14.9788 - Apache Software Foundation)
Photo Transfer App (HKLM\...\com.erclab.air.phototransferapp) (Version: 2.7.1 - UNKNOWN)
PlayMemories Home (HKLM\...\{D3981248-DBE7-4050-B666-A7FE5AFFC62C}) (Version: 5.5.00.09202 - Sony Corporation)
PMB_ModeEditor (HKLM\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM\...\{7D3A0097-9E0E-4073-801C-295BBDAEAED8}) (Version: 10.5.00 - Sony Corporation) Hidden
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - Ralink)
TomTom MyDrive Connect 4.1.6.3253 (HKLM\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WD Backup (HKLM\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
XnView 2.43 (HKLM\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files\Glarysoft\Malware Hunter\MHContextHandler.dll [2017-06-29] (Glarysoft Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files\Glarysoft\Malware Hunter\MHContextHandler.dll [2017-06-29] (Glarysoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files\Glarysoft\Malware Hunter\MHContextHandler.dll [2017-06-29] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {052839D7-802E-4D17-A165-19CA5D1C891E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {15B961EE-8A72-4D9C-8878-3C31D5FB2D1C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {177F0839-642E-4421-A771-A04CCCC71639} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1A4BF19B-69EA-459B-BDDE-3C2CB788161B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2492533D-AA0C-4519-A7D3-A0DC1D76EFFA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {28116D1E-B8B5-4088-BC63-086E31AF8B93} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {2B890FFE-3CB0-41B4-BB93-D0D157E88A28} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2DA7D036-D029-4759-863E-F167CA259EDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {314F4A0B-5FFC-49F8-8806-A2BE7E01DB71} - System32\Tasks\AVAST Software\Avast upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe [2016-04-16] (AVAST Software)
Task: {37048E39-0D14-47DE-9CB4-1CE8E6ED0339} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3D0F8E8C-00E2-4786-B5B6-EA5DEECE8910} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {4430627F-D1E0-49B4-922E-3D339FD15E7D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4519D46B-976A-4D58-81D5-990F6F985DF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {48865981-0D30-4993-932F-1EAE8BB99EE8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4A0F0F66-678D-425F-A05F-8711724E90F2} - System32\Tasks\SafeZone scheduled Autoupdate 1465750745 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {4E122D25-9C93-45BC-A4C1-162E387B46B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4ED074C1-C059-4D5B-8280-F1736BE8A3A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53601068-4AEC-4EFA-BFDC-40BE4AEC1DC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55D93247-A4BD-42C5-BB2C-2EAFD575DFA7} - System32\Tasks\GMHSkipUAC => C:\Program Files\Glarysoft\Malware Hunter\MalwareHunter.exe [2018-01-08] (Glarysoft Ltd)
Task: {597298F8-EF68-4A78-B136-250DB0B00E3A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5CE57E95-A5CF-4C8E-8CEA-7091F56984C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {66399870-F2C3-4D43-A0EA-3CF5DB25A7B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-22] (Microsoft Corporation)
Task: {6725D2F1-AFF2-432A-8CC2-E42EFAC251D5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6750FAD0-E761-4A5A-BA37-E1FE23A5DE74} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C6F1078-77BF-4A43-AE78-925B197BA333} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {752DCE7F-D372-495A-85EE-05CBE1390FFD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7560F51F-75DC-40C8-B6AD-EC078E207359} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2018-02-02] (Glarysoft Ltd)
Task: {7AB2B24C-A244-4A86-A2F3-F486B4D87282} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-22] (Microsoft Corporation)
Task: {7FEBF396-02F1-4343-AEF9-D50566EDDC35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {828E47F6-6E5F-4747-9A73-5B630F48B4E2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9122FD3A-66FD-4AEB-AA40-7CFC1DD586D1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {91C1F92C-59D1-4B34-BF35-810FF0043413} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9509D3AB-E1B3-4A0D-9633-1ADA2F9BF334} - System32\Tasks\Microsoft\Windows\PLA\System\{CC2685FB-9722-4172-9208-AF628EC3A0A2}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {9509D3AB-E1B3-4A0D-9633-1ADA2F9BF334} - System32\Tasks\Microsoft\Windows\PLA\System\{CC2685FB-9722-4172-9208-AF628EC3A0A2}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{CC2685FB-9722-4172-9208-AF628EC3A0A2}_System Diagnostics"
Task: {969A4AAF-153A-4847-8B9C-BB553E7D0966} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2018-02-02] (Glarysoft Ltd)
Task: {A428F9BB-3E8C-4F16-B765-AD4D61804AC4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A4CEA1A4-D065-4E32-A969-D0798114C4AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-22] (Microsoft Corporation)
Task: {A5FAD3DC-99B0-4F80-BCEF-7EFC64083509} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {A82F5254-5622-4A1F-9738-4E62E6800F1F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {AA99F338-16F4-47AD-96AB-C8DA2CCBECE3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AC0DBAEE-72C5-4398-A165-797A5298A252} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD18DEC8-8551-4D8B-8A51-052C9E5B6E14} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B76A4B28-E601-4D10-830E-739F7A12E599} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB3E324B-39FB-4166-BE58-65538B620D27} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C39ABF87-A8B4-4D91-979B-989C6503EF8C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-22] (Microsoft Corporation)
Task: {C839257D-BB67-4453-8A69-F718234A1D7C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C94AD5FC-7CC0-4738-994B-9CB0333783D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {CEFC7B05-91D5-4657-9808-EFB874CA192E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0A71E20-0B38-484B-B821-0F1F1F4586EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D2986000-4B89-4A8D-8D4D-067A84BFD5E4} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {DBD66A83-8A7E-4040-8F5F-B6F154144763} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68CD29C-2928-4439-B014-5EA567B8BD43} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EBE5D98A-E797-4997-B1DB-70FC07BF8344} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F11DE6E3-2A67-4D72-8384-6982E5900E4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8869553-F796-4FB0-AD06-6056D725D4F2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-09] (AVAST Software)
Task: {FAA91D66-FE94-442F-932A-CFD30D04F84F} - System32\Tasks\{15A19195-F01A-402E-BD12-6121C915DC7D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Eric\Desktop\Google Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hgbkfobekhmcefihagohoakacmbgchii
ShortcutWithArgument: C:\Users\Eric\Desktop\My Account _ Wix.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cmbknidljipcgfgdcadnnempkgealgdj
ShortcutWithArgument: C:\Users\Eric\Desktop\Self Publishing _ Amazon Kindle Direc.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=glkopibggmalefhmchjndlemgemolccd
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bike hire in Milton Keynes _ Santande.._ (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=lbbojdeibcpglfonldkflhfkfhilpncg
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bike hire in Milton Keynes _ Santande.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=lbbojdeibcpglfonldkflhfkfhilpncg
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hgbkfobekhmcefihagohoakacmbgchii
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\My Account _ Wix.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cmbknidljipcgfgdcadnnempkgealgdj
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Self Publishing _ Amazon Kindle Direc.._.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=glkopibggmalefhmchjndlemgemolccd
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 11:49 - 2017-09-29 11:49 - 000149840 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-04 12:59 - 2018-01-17 20:40 - 007817728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-04 12:59 - 2018-01-17 20:35 - 001518592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-21 12:30 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe
2016-11-21 12:30 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\traynet.dll
2016-11-21 12:30 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\libcurl.dll
2016-11-21 12:30 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\zlib1.dll
2016-11-21 12:30 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\uexper.dll
2018-02-02 06:30 - 2018-02-02 06:30 - 000087032 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2017-09-20 18:22 - 2017-09-20 18:22 - 000696240 _____ () C:\Program Files\Sony\PlayMemories Home\XMPCore.dll
2017-09-20 18:22 - 2017-09-20 18:22 - 000747952 _____ () C:\Program Files\Sony\PlayMemories Home\XMPFiles.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [146]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:04 - 2009-06-10 21:39 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: EPLTarget =>
HKLM\...\StartupApproved\Run: => "MalTray"
HKLM\...\StartupApproved\Run: => "5KPlayer.exe"
HKLM\...\StartupApproved\Run: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run: => "PMBVolumeWatcher"
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\StartupApproved\Run: => "5KPlayer"
HKU\S-1-5-21-354478703-3514034584-2126732561-1155\...\StartupApproved\Run: => "FlickrUploadr"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{00B8A21D-2C2F-48FD-A656-3EBC196DABA7}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{580F03A8-E23B-4338-84EB-E98210A8D2ED}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{C010ACE5-9D77-4FDE-9F34-B445A8E5B29E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F4B7186-5927-47C1-BF5E-6227010EEA63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0BFC6890-0CA7-4B1E-9603-1546402E63B8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8AF74C8C-C708-49CE-A9BD-8A25F2E62356}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{A11328AF-C625-4CBC-9EDA-89BB5EDD47A0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3414A7BC-3D09-44C4-86B1-10F1CF921DF8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6DFA0AF0-CA0A-4751-A8AD-5DB0BE1D2003}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{CB40E26B-029C-4D7B-A25E-B3315B1BA06F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B4BA5295-7FBD-4CA8-932B-E2C913A01CF2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{8E81C944-9031-433C-9D43-79CC9293B988}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4A75EF78-8827-4A1C-8F98-C27D896BD51B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A69F6270-59FD-4955-A002-881C93DC2E70}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1241C3F5-DB90-4A29-94DE-8D5B958242B4}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D12CB570-4A57-4730-A920-089B0BA470D5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{35A89996-2777-443F-BA14-89B52E3D478A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2E48E775-AD14-4F91-9A2D-FB9910E0A9E3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A2B714FA-39F3-4452-AE1E-3403DCA362AD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{98A5ED8D-6420-4A29-8DC0-55770BDF4C48}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{C848FA5B-899A-42B6-963D-5A7C1921B108}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{2D618FFB-A8B8-40DB-85D4-9049D2C559EB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0A24E2FD-8EC7-4155-A27E-A18354E2293F}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{65C86971-4861-45E6-BE6C-C7FE16481C77}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{364FC83C-25ED-44B1-9F64-F4D1CCA02220}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{4DC76B70-4E12-4C92-8775-48B4F8844B5A}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{9D53462A-B946-4D6A-884D-514CB7107CAB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{84989399-428F-4E5C-8E2C-661221345463}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{CE2283C5-1D73-48F1-BFA2-8D2A57EC1FC3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{486944A1-5D0B-4139-B441-C1E97DC93912}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{73BB9A20-AE49-4D65-95B5-F9F546218970}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{08253178-62E4-45E5-B8C6-F2DEF79BB2CF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A5A63DC9-E5ED-45B0-B2EF-A7C71ECC96BD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{96D553F5-A873-419B-8014-E762A934BBF9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B8EA1C2D-6D45-41B5-AF00-448B97D04C3E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5AC9039B-B3B8-497D-9CC9-511F8D35A620}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{52B39ADC-9DC3-4164-B871-F26BA6743FC5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E75248A6-76AA-4FD9-BB4D-C6BC98E77A6C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{687DBA5D-D3F6-481E-B205-C4246178A22E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{2D1654B5-DDE5-4B99-B986-90FC955F4395}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F802A83D-EC22-4495-BED5-D4A32B0ECEAD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ADACDD37-0981-4A11-8A0B-6538437A7CB8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{148188F5-654B-45CE-B1F0-44A70DCD3E96}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{E2741F9D-7DA8-48EF-B04E-F8E99C1428AE}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9EDFC330-2A8F-469A-B1F4-A47EAAE3D4DE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{58E91360-A305-461D-8612-A6D3B6A6D035}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{84B1A880-B4D3-43FD-A01D-9C14D2DB8DD9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7F4B7437-FED2-4345-8F64-4E4BC15F57D0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2D87DF5D-683B-4043-80FE-A342712B348B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{1B98E016-10CF-4B3C-AB28-214EC86837EF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F19EB972-D137-4875-B344-3871A0C667D3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{8B1BED16-D9D7-4ADE-BAAA-1CB16D8FEC07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{1B85EF85-82E0-4E20-AB7B-9A04324A608D}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{759B7FD3-CC72-4ED3-873D-281B7105F01B}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{0F8F1EE1-4834-40A8-AAEC-AAF29056666C}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F5864153-CB34-4F75-87DD-640FA1871E6E}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{E5A9FCB4-8CA4-4BCE-B6B2-F6339E61FC5E}C:\program files\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files\glarysoft\software update pro\softwareupdatepro.exe
FirewallRules: [UDP Query User{3986EBF1-FB99-489A-86E7-D51CA0180EED}C:\program files\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files\glarysoft\software update pro\softwareupdatepro.exe
FirewallRules: [TCP Query User{0C97FD39-35AA-4DAC-BDFC-8FA6C69569DB}C:\program files\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files\erclab\phototransferapp\phototransferapp\phototransferapp.exe
FirewallRules: [UDP Query User{B75A46DE-1F60-4A63-80F3-9B2B6C9F7BE2}C:\program files\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files\erclab\phototransferapp\phototransferapp\phototransferapp.exe
FirewallRules: [{8C997622-4798-49E4-AD4E-E0035B1783A9}] => (Allow) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{CCBC2DB3-B97C-4EBE-A2A8-F60AF4F4B0A8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
27-01-2018 12:22:28 Scheduled Checkpoint
28-01-2018 18:21:27 Installed Epson Software Updater
04-02-2018 12:57:34 Windows Update
15-02-2018 15:19:55 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2018 03:20:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/07/2018 10:03:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ERIC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (02/05/2018 02:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15672
Error: (02/05/2018 02:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15672
Error: (02/05/2018 02:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/05/2018 12:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RaMediaServer.exe, version: 1.0.0.2, time stamp: 0x4ff6bc03
Faulting module name: RaMediaServer.exe, version: 1.0.0.2, time stamp: 0x4ff6bc03
Exception code: 0xc0000005
Fault offset: 0x000dafdf
Faulting process id: 0x950
Faulting application start time: 0x01d39db9ae67d137
Faulting application path: C:\Program Files\Ralink\Common\RaMediaServer.exe
Faulting module path: C:\Program Files\Ralink\Common\RaMediaServer.exe
Report Id: 3fabd649-2f2f-4247-9fbd-c006120d96e4
Faulting package full name:
Faulting package-relative application ID:
Error: (02/04/2018 12:57:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/31/2018 11:37:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda307
Faulting module name: edgehtml.dll, version: 11.0.16299.192, time stamp: 0x23641bc9
Exception code: 0xcfffffff
Fault offset: 0x004bacf9
Faulting process id: 0xe00
Faulting application start time: 0x01d39a85f36ee16e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: 6aadae0d-f550-4f21-80de-2f33b49b78e6
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

System errors:
=============
Error: (02/11/2018 11:23:57 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TomTom, {B1158297-DE06-4893-9CFF-07486EC0EBA9}, had event 76
Error: (02/07/2018 10:36:24 AM) (Source: DCOM) (EventID: 10016) (User: ERIC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ERIC\Eric SID (S-1-5-21-354478703-3514034584-2126732561-1155) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/07/2018 10:31:08 AM) (Source: DCOM) (EventID: 10016) (User: ERIC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ERIC\Eric SID (S-1-5-21-354478703-3514034584-2126732561-1155) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/07/2018 10:15:40 AM) (Source: DCOM) (EventID: 10016) (User: ERIC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ERIC\Eric SID (S-1-5-21-354478703-3514034584-2126732561-1155) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/04/2018 01:12:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/04/2018 01:12:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
Error: (02/04/2018 01:12:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/04/2018 01:12:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetTcpPortSharing service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Windows Defender:
===================================
Date: 2018-02-05 13:49:33.527
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {437F5CB7-821E-4A96-AF10-664F45FF3BC7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===================================
Date: 2018-02-15 15:23:07.271
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:23:07.263
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:20:31.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:20:31.689
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:19:56.121
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:19:56.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:07:39.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-15 15:07:39.116
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 68%
Total physical RAM: 1790.55 MB
Available physical RAM: 563.53 MB
Total Virtual: 4475.55 MB
Available Virtual: 3193.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.51 GB) (Free:64.13 GB) NTFS
\\?\Volume{5ffceed9-ab44-11e2-99d3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{ace22e9e-0000-0000-0000-f02625000000}\ () (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 AM

Posted 15 February 2018 - 01:53 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found on this computer.

This is the cleaning fix you have requested.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
U2 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {15B961EE-8A72-4D9C-8878-3C31D5FB2D1C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {177F0839-642E-4421-A771-A04CCCC71639} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1A4BF19B-69EA-459B-BDDE-3C2CB788161B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2B890FFE-3CB0-41B4-BB93-D0D157E88A28} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2DA7D036-D029-4759-863E-F167CA259EDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4E122D25-9C93-45BC-A4C1-162E387B46B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {597298F8-EF68-4A78-B136-250DB0B00E3A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7FEBF396-02F1-4343-AEF9-D50566EDDC35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A428F9BB-3E8C-4F16-B765-AD4D61804AC4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C839257D-BB67-4453-8A69-F718234A1D7C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D0A71E20-0B38-484B-B821-0F1F1F4586EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E68CD29C-2928-4439-B014-5EA567B8BD43} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F11DE6E3-2A67-4D72-8384-6982E5900E4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [146]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Lintle1234

Lintle1234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 February 2018 - 06:02 AM

Hi Nasdaq,

 

I apologise for delay in replying. I have not been available.

Please don't take offense but when I joined I read of a list of members who I was informed were safe to follows instructions from, and you don't appear on that list. Is it possible to have boopme confirm it is ok to go ahead?

 

Thank you - and I hope you understand my caution, especially as I doubt that my PC is infected and it doesn't show any signs of infection on day to day running.



#4 Lintle1234

Lintle1234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 February 2018 - 06:46 AM

Hi Nasdaq,

 

My apologies - again. Please disregard my previous message, Ive just seen your profile name is in my safe list! I'm now following instructions. Incidentally, my PC tries to block FRST and its folder - I think it did the same first time I ran it - but it still goes ahead and runs! This time Ive changed my App & Browser Control (Check Apps and Files) in Windows Defender Security from WRN to OFF. I will turn it back to warn after.

 

Regards



#5 Lintle1234

Lintle1234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 February 2018 - 07:16 AM

Hi Nasdaq,

 

OK, the problem with the program not wanting to run appears to be because I put it in a folder on the Desktop (trying to keep things neat). I moved FRST back onto the Desktop and it appeared to run OK.

 

Please see the results posted below:

 

 

  

Fix result of Farbar Recovery Scan Tool (x86) Version: 17.02.2018
Ran by Eric (19-02-2018 12:00:12) Run:1
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
U2 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {15B961EE-8A72-4D9C-8878-3C31D5FB2D1C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {177F0839-642E-4421-A771-A04CCCC71639} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1A4BF19B-69EA-459B-BDDE-3C2CB788161B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2B890FFE-3CB0-41B4-BB93-D0D157E88A28} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2DA7D036-D029-4759-863E-F167CA259EDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4E122D25-9C93-45BC-A4C1-162E387B46B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {597298F8-EF68-4A78-B136-250DB0B00E3A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7FEBF396-02F1-4343-AEF9-D50566EDDC35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A428F9BB-3E8C-4F16-B765-AD4D61804AC4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C839257D-BB67-4453-8A69-F718234A1D7C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D0A71E20-0B38-484B-B821-0F1F1F4586EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E68CD29C-2928-4439-B014-5EA567B8BD43} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F11DE6E3-2A67-4D72-8384-6982E5900E4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [146]
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => removed successfully.
HKLM\Software\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => not found
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully.
idsvc => service removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15B961EE-8A72-4D9C-8878-3C31D5FB2D1C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15B961EE-8A72-4D9C-8878-3C31D5FB2D1C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{177F0839-642E-4421-A771-A04CCCC71639} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177F0839-642E-4421-A771-A04CCCC71639} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A4BF19B-69EA-459B-BDDE-3C2CB788161B} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4BF19B-69EA-459B-BDDE-3C2CB788161B} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B890FFE-3CB0-41B4-BB93-D0D157E88A28} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B890FFE-3CB0-41B4-BB93-D0D157E88A28} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DA7D036-D029-4759-863E-F167CA259EDA} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA7D036-D029-4759-863E-F167CA259EDA} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E122D25-9C93-45BC-A4C1-162E387B46B5} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E122D25-9C93-45BC-A4C1-162E387B46B5} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{597298F8-EF68-4A78-B136-250DB0B00E3A} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597298F8-EF68-4A78-B136-250DB0B00E3A} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEBF396-02F1-4343-AEF9-D50566EDDC35} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEBF396-02F1-4343-AEF9-D50566EDDC35} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A428F9BB-3E8C-4F16-B765-AD4D61804AC4} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A428F9BB-3E8C-4F16-B765-AD4D61804AC4} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C839257D-BB67-4453-8A69-F718234A1D7C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C839257D-BB67-4453-8A69-F718234A1D7C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0A71E20-0B38-484B-B821-0F1F1F4586EA} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0A71E20-0B38-484B-B821-0F1F1F4586EA} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E68CD29C-2928-4439-B014-5EA567B8BD43} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E68CD29C-2928-4439-B014-5EA567B8BD43} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F11DE6E3-2A67-4D72-8384-6982E5900E4D} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F11DE6E3-2A67-4D72-8384-6982E5900E4D} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => could not remove. ErrorCode1: 0x00000002
C:\ProgramData\TEMP => ":31D9EFCC" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34293383 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5785966 B
Edge => 61027707 B
Chrome => 432373566 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 88506 B
Eric => 90463121 B
Guest => 59503 B
DefaultAppPool => 0 B
RecycleBin => 90 B
EmptyTemp: => 602.7 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-02-2018 12:10:27)

Result of scheduled keys to remove after reboot:
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15B961EE-8A72-4D9C-8878-3C31D5FB2D1C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15B961EE-8A72-4D9C-8878-3C31D5FB2D1C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{177F0839-642E-4421-A771-A04CCCC71639}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177F0839-642E-4421-A771-A04CCCC71639}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A4BF19B-69EA-459B-BDDE-3C2CB788161B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4BF19B-69EA-459B-BDDE-3C2CB788161B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B890FFE-3CB0-41B4-BB93-D0D157E88A28}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B890FFE-3CB0-41B4-BB93-D0D157E88A28}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DA7D036-D029-4759-863E-F167CA259EDA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA7D036-D029-4759-863E-F167CA259EDA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3904BF4D-E6C3-4DEC-9944-9BA2C9D5F8C4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E122D25-9C93-45BC-A4C1-162E387B46B5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E122D25-9C93-45BC-A4C1-162E387B46B5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{597298F8-EF68-4A78-B136-250DB0B00E3A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597298F8-EF68-4A78-B136-250DB0B00E3A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEBF396-02F1-4343-AEF9-D50566EDDC35}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEBF396-02F1-4343-AEF9-D50566EDDC35}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A428F9BB-3E8C-4F16-B765-AD4D61804AC4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A428F9BB-3E8C-4F16-B765-AD4D61804AC4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F2046B-ED5E-4D43-876C-9D34FF2C7EBB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C839257D-BB67-4453-8A69-F718234A1D7C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C839257D-BB67-4453-8A69-F718234A1D7C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0A71E20-0B38-484B-B821-0F1F1F4586EA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0A71E20-0B38-484B-B821-0F1F1F4586EA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E68CD29C-2928-4439-B014-5EA567B8BD43}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E68CD29C-2928-4439-B014-5EA567B8BD43}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED5ADB7A-4D8F-4E8E-9C3E-9F6F522DCE52}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F11DE6E3-2A67-4D72-8384-6982E5900E4D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F11DE6E3-2A67-4D72-8384-6982E5900E4D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
==== End of Fixlog 12:10:39 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 AM

Posted 19 February 2018 - 08:25 AM

Hi,

Is everything OK now?

#7 Lintle1234

Lintle1234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 February 2018 - 09:26 AM

Hi Nasdaq,

 

Everything has always seemed OK. What started this all off was that a piece of malware scanning software I used​ to use kept flagging up that my PC was infected with a Trojan Horse. I was sceptical as my PC showed no signs of infection and both Malwarebytes and Windows Defender always pronounced my PC clean.

However, to be sure I posted on Bleeping.com and received excellent and speedy support. And for that I would like to thank both yourself, boopme and the general ethos and setup of Bleeping.com.

So, I can assume all is OK... and always was so.

Before I go, is there any "cleaning" software that I can regularly use, downloadable from Bleeping.com?

 

Thanks again 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 AM

Posted 19 February 2018 - 01:13 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
==

#9 Lintle1234

Lintle1234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 20 February 2018 - 11:35 AM

Hi Nasdaq,

Thank you for the links and your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users