Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on laptop


  • Please log in to reply
10 replies to this topic

#1 sfmurphy

sfmurphy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 March 2018 - 08:11 AM

Windows 10 laptop

 

Have a malware infection which is throwing up ads especially on YT. Also new tabs keep opening by themselves. Some Russian (no joke) ads and pop-ups also.

 

Have run Malwarebytes and Zemana Antimalware to no avail.

 

Looking for help before med exams! 

 

Thanks


Edited by hamluis, 15 March 2018 - 08:16 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 15 March 2018 - 09:03 AM

hello, also do these....

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sfmurphy

sfmurphy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 March 2018 - 05:39 PM

Logs of scans:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Stephen (administrator) on 15-03-2018 at 14:12:12
Running from "C:\Users\Stephen\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 80WG Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3165 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LAPTOP-HVBI1QMK
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 7C-67-A2-5A-A0-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
   Physical Address. . . . . . . . . : 7C-67-A2-5A-A0-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::31fb:1009:36b8:9e9a%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.13(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday 14 March 2018 16:05:26
   Lease Expires . . . . . . . . . . : Sunday 18 March 2018 14:10:17
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 58484642
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-C3-F9-AA-38-4B-76-F0-0B-47
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 7C-67-A2-5A-A0-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:78cf:cb6:3684:3f57:fef2(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::cb6:3684:3f57:fef2%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-C3-F9-AA-38-4B-76-F0-0B-47
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2a00:1450:4009:802::200e
  216.58.198.110
 
 
Pinging google.com [216.58.198.110] with 32 bytes of data:
Reply from 216.58.198.110: bytes=32 time=380ms TTL=54
Reply from 216.58.198.110: bytes=32 time=93ms TTL=54
 
Ping statistics for 216.58.198.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 380ms, Average = 236ms
Server:  UnKnown
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:58:2201::73
  2001:4998:c:e33::53
  98.139.180.180
  206.190.39.42
 
 
Pinging yahoo.com [98.139.180.180] with 32 bytes of data:
Reply from 98.139.180.180: bytes=32 time=377ms TTL=48
Reply from 98.139.180.180: bytes=32 time=97ms TTL=48
 
Ping statistics for 98.139.180.180:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 97ms, Maximum = 377ms, Average = 237ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
  8...7c 67 a2 5a a0 5b ......Microsoft Wi-Fi Direct Virtual Adapter
  3...7c 67 a2 5a a0 5a ......Intel® Dual Band Wireless-AC 3165
 14...7c 67 a2 5a a0 5e ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.13     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.13    311
     192.168.1.13  255.255.255.255         On-link      192.168.1.13    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.13    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.13    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.13    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  5    331 2001::/32                On-link
  5    331 2001:0:9d38:78cf:cb6:3684:3f57:fef2/128
                                    On-link
  3    311 fe80::/64                On-link
  5    331 fe80::/64                On-link
  5    331 fe80::cb6:3684:3f57:fef2/128
                                    On-link
  3    311 fe80::31fb:1009:36b8:9e9a/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    331 ff00::/8                 On-link
  3    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/15/2018 01:33:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-HVBI1QMK)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/15/2018 01:33:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-HVBI1QMK)
Description: App Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen did not launch within its allotted time.
 
Error: (03/15/2018 01:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-HVBI1QMK)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/14/2018 04:45:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/14/2018 04:12:30 PM) (Source: Microsoft-Windows-RestartManager) (User: LAPTOP-HVBI1QMK)
Description: Application or service 'Google Chrome' could not be shut down.
 
Error: (03/14/2018 03:46:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-HVBI1QMK)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/14/2018 03:30:36 PM) (Source: COM) (User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 03:30:36 PM) (Source: COM) (User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 03:30:35 PM) (Source: COM) (User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 02:58:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-HVBI1QMK)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (03/15/2018 01:12:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/15/2018 12:45:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/15/2018 12:45:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/15/2018 12:44:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/15/2018 12:10:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/14/2018 06:15:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/14/2018 04:04:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (03/14/2018 04:04:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (03/14/2018 04:04:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (03/14/2018 03:30:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (03/15/2018 01:33:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-HVBI1QMK)
Description: Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen-2144927142
 
Error: (03/15/2018 01:33:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-HVBI1QMK)
Description: Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen
 
Error: (03/15/2018 01:03:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-HVBI1QMK)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2144927142
 
Error: (03/14/2018 04:45:06 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
 
Error: (03/14/2018 04:12:30 PM) (Source: Microsoft-Windows-RestartManager)(User: LAPTOP-HVBI1QMK)
Description: 1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeGoogle Chrome0211752880
 
Error: (03/14/2018 03:46:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-HVBI1QMK)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2147023170
 
Error: (03/14/2018 03:30:36 PM) (Source: COM)(User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 03:30:36 PM) (Source: COM)(User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 03:30:35 PM) (Source: COM)(User: )
Description: {F6C29334-47DC-4397-9150-F549CF1D4861}
 
Error: (03/14/2018 02:58:14 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-HVBI1QMK)
Description: Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen-2144927142
 
 
CodeIntegrity Errors:
===================================
  Date: 2018-03-14 14:03:30.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-03-01 21:23:09.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-03-01 21:23:09.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-19 21:03:48.244
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-19 21:03:48.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-01 18:33:17.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKslab9600c8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-01 18:33:16.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F14A32C-9D73-4B3C-B826-C75C92555B26}\MpKslbaf3c1f4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-01 11:36:31.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl0b6dc8b6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-01 11:36:29.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BA89602-0DCA-4D13-A671-FF0948EB81FB}\MpKsl7fdb7a31.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 17:15:04.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl934781d2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
FMW 1 (HKLM\...\{273A8690-0AA7-4325-95ED-238F69490C0E}) (Version: 1.227.9 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo App Explorer (HKCU\...\Host App Service) (Version: 0.273.2.540 - SweetLabs for Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{BF492E7F-BD3F-4F33-932A-1DD0891968B0}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 80%
Total physical RAM: 1901.04 MB
Available physical RAM: 366.92 MB
Total Virtual: 5005.65 MB
Available Virtual: 683.06 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:27.88 GB) (Free:1.72 GB) NTFS
2 Drive d: (USB2) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT
 
========================= Users: ========================================
 
User accounts for \\LAPTOP-HVBI1QMK
 
Administrator            DefaultAccount           defaultuser0             
Guest                    Stephen                  
 
 
**** End of log ****
 
 
 
 
 
 
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 15 14:50:58 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-14.3
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki, C:\ProgramData\Host App Service
Adware.pokki, C:\ProgramData\Application Data\Host App Service
Adware.pokki, C:\Users\All Users\Host App Service
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\defaultuser0\AppData\Local\Host App Service
Adware.pokki, C:\Users\Stephen\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy, App Explorer
 
 
***** [ Registry ] *****
 
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03152018124830508\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03152018124830508\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03152018124830652\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03152018124830652\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
 
 
 
 
 
 
22:11:57.0110 0x2518  TDSS rootkit removing tool 3.1.0.16 Jan 24 2018 17:27:43
22:11:57.0110 0x2518  UEFI system
22:12:05.0004 0x2518  ============================================================
22:12:05.0004 0x2518  Current date / time: 2018/03/15 22:12:05.0004
22:12:05.0004 0x2518  SystemInfo:
22:12:05.0004 0x2518  
22:12:05.0004 0x2518  OS Version: 10.0.14393 ServicePack: 0.0
22:12:05.0004 0x2518  Product type: Workstation
22:12:05.0004 0x2518  ComputerName: LAPTOP-HVBI1QMK
22:12:05.0004 0x2518  UserName: Stephen
22:12:05.0004 0x2518  Windows directory: C:\Windows
22:12:05.0004 0x2518  System windows directory: C:\Windows
22:12:05.0004 0x2518  Running under WOW64
22:12:05.0004 0x2518  Processor architecture: Intel x64
22:12:05.0004 0x2518  Number of processors: 2
22:12:05.0004 0x2518  Page size: 0x1000
22:12:05.0004 0x2518  Boot type: Normal boot
22:12:05.0004 0x2518  CodeIntegrityOptions = 0x0000C001
22:12:05.0004 0x2518  ============================================================
22:12:05.0200 0x2518  KLMD registered as C:\Windows\system32\drivers\15996118.sys
22:12:05.0200 0x2518  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.2068, osProperties = 0x19
22:12:05.0655 0x2518  System UUID: {30E4C50D-E760-C2DD-E61A-C594C7FB5610}
22:12:06.0559 0x2518  !crdlk
22:12:06.0595 0x2518  Drive \Device\Harddisk0\DR0 - Size: 0x748000000 ( 29.13 Gb ), SectorSize: 0x200, Cylinders: 0xEDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:12:06.0599 0x2518  ============================================================
22:12:06.0599 0x2518  \Device\Harddisk0\DR0:
22:12:06.0599 0x2518  Can't read MBR
22:12:06.0599 0x2518  Initialize success
22:12:06.0599 0x2518  ============================================================
22:12:09.0517 0x25a4  ============================================================
22:12:09.0517 0x25a4  Scan started
22:12:09.0517 0x25a4  Mode: Manual; 
22:12:09.0517 0x25a4  ============================================================
22:12:09.0517 0x25a4  KSN ping started
22:12:10.0006 0x25a4  KSN ping finished: true
22:12:19.0821 0x25a4  ================ Scan system memory ========================
22:12:19.0821 0x25a4  System memory - ok
22:12:19.0825 0x25a4  ================ Scan services =============================
22:12:19.0869 0x25a4  1394ohci - ok
22:12:19.0877 0x25a4  3ware - ok
22:12:19.0889 0x25a4  ACPI - ok
22:12:19.0901 0x25a4  AcpiDev - ok
22:12:19.0913 0x25a4  acpiex - ok
22:12:19.0921 0x25a4  acpipagr - ok
22:12:19.0933 0x25a4  AcpiPmi - ok
22:12:19.0945 0x25a4  acpitime - ok
22:12:19.0957 0x25a4  ACPIVPC - ok
22:12:19.0977 0x25a4  ADP80XX - ok
22:12:19.0993 0x25a4  AFD - ok
22:12:20.0005 0x25a4  ahcache - ok
22:12:20.0017 0x25a4  AJRouter - ok
22:12:20.0029 0x25a4  ALG - ok
22:12:20.0041 0x25a4  AmdK8 - ok
22:12:20.0053 0x25a4  AmdPPM - ok
22:12:20.0061 0x25a4  amdsata - ok
22:12:20.0073 0x25a4  amdsbs - ok
22:12:20.0085 0x25a4  amdxata - ok
22:12:20.0097 0x25a4  AppID - ok
22:12:20.0109 0x25a4  AppIDSvc - ok
22:12:20.0117 0x25a4  Appinfo - ok
22:12:20.0129 0x25a4  applockerfltr - ok
22:12:20.0141 0x25a4  AppReadiness - ok
22:12:20.0153 0x25a4  AppXSvc - ok
22:12:20.0165 0x25a4  arcsas - ok
22:12:20.0181 0x25a4  AsyncMac - ok
22:12:20.0193 0x25a4  atapi - ok
22:12:20.0205 0x25a4  AudioEndpointBuilder - ok
22:12:20.0213 0x25a4  Audiosrv - ok
22:12:20.0225 0x25a4  AVG Antivirus - ok
22:12:20.0237 0x25a4  AVG Firewall - ok
22:12:20.0249 0x25a4  avgArPot - ok
22:12:20.0257 0x25a4  avgbdisk - ok
22:12:20.0269 0x25a4  avgbIDSAgent - ok
22:12:20.0393 0x25a4  avgbidsdriver - ok
22:12:20.0405 0x25a4  avgbidsh - ok
22:12:20.0417 0x25a4  avgblog - ok
22:12:20.0433 0x25a4  avgbuniv - ok
22:12:20.0441 0x25a4  avgHwid - ok
22:12:20.0453 0x25a4  avgMonFlt - ok
22:12:20.0465 0x25a4  avgNetSec - ok
22:12:20.0473 0x25a4  avgRdr - ok
22:12:20.0485 0x25a4  avgRvrt - ok
22:12:20.0497 0x25a4  avgSnx - ok
22:12:20.0509 0x25a4  avgSP - ok
22:12:20.0521 0x25a4  avgStm - ok
22:12:20.0529 0x25a4  avgsvc - ok
22:12:20.0545 0x25a4  avgVmm - ok
22:12:20.0561 0x25a4  AX88772 - ok
22:12:20.0573 0x25a4  AxInstSV - ok
22:12:20.0581 0x25a4  b06bdrv - ok
22:12:20.0593 0x25a4  BasicDisplay - ok
22:12:20.0605 0x25a4  BasicRender - ok
22:12:20.0621 0x25a4  bcmfn - ok
22:12:20.0637 0x25a4  bcmfn2 - ok
22:12:20.0649 0x25a4  BDESVC - ok
22:12:20.0661 0x25a4  Beep - ok
22:12:20.0673 0x25a4  BFE - ok
22:12:20.0685 0x25a4  BITS - ok
22:12:20.0697 0x25a4  bowser - ok
22:12:20.0705 0x25a4  BrokerInfrastructure - ok
22:12:20.0717 0x25a4  Browser - ok
22:12:20.0725 0x25a4  BthAvrcpTg - ok
22:12:20.0737 0x25a4  BthEnum - ok
22:12:20.0745 0x25a4  BthHFEnum - ok
22:12:20.0757 0x25a4  bthhfhid - ok
22:12:20.0773 0x25a4  BthHFSrv - ok
22:12:20.0781 0x25a4  BthLEEnum - ok
22:12:20.0793 0x25a4  BTHMODEM - ok
22:12:20.0805 0x25a4  BthPan - ok
22:12:20.0821 0x25a4  BTHPORT - ok
22:12:20.0829 0x25a4  bthserv - ok
22:12:20.0841 0x25a4  BTHUSB - ok
22:12:20.0853 0x25a4  buttonconverter - ok
22:12:20.0865 0x25a4  CapImg - ok
22:12:20.0877 0x25a4  CCSDK - ok
22:12:20.0889 0x25a4  cdfs - ok
22:12:20.0901 0x25a4  CDPSvc - ok
22:12:20.0913 0x25a4  CDPUserSvc - ok
22:12:20.0933 0x25a4  cdrom - ok
22:12:20.0945 0x25a4  CertPropSvc - ok
22:12:20.0961 0x25a4  cht4iscsi - ok
22:12:20.0973 0x25a4  cht4vbd - ok
22:12:20.0989 0x25a4  circlass - ok
22:12:20.0997 0x25a4  CLFS - ok
22:12:21.0009 0x25a4  ClickToRunSvc - ok
22:12:21.0021 0x25a4  ClipSVC - ok
22:12:21.0033 0x25a4  clreg - ok
22:12:21.0065 0x25a4  CmBatt - ok
22:12:21.0077 0x25a4  CNG - ok
22:12:21.0089 0x25a4  cnghwassist - ok
22:12:21.0101 0x25a4  CompositeBus - ok
22:12:21.0113 0x25a4  COMSysApp - ok
22:12:21.0125 0x25a4  condrv - ok
22:12:21.0141 0x25a4  CoreMessagingRegistrar - ok
22:12:21.0157 0x25a4  cphs - ok
22:12:21.0173 0x25a4  CryptSvc - ok
22:12:21.0185 0x25a4  dam - ok
22:12:21.0201 0x25a4  DcomLaunch - ok
22:12:21.0213 0x25a4  DcpSvc - ok
22:12:21.0221 0x25a4  defragsvc - ok
22:12:21.0233 0x25a4  DeviceAssociationService - ok
22:12:21.0245 0x25a4  DeviceInstall - ok
22:12:21.0257 0x25a4  DevQueryBroker - ok
22:12:21.0269 0x25a4  Dfsc - ok
22:12:21.0281 0x25a4  Dhcp - ok
22:12:21.0293 0x25a4  diagnosticshub.standardcollector.service - ok
22:12:21.0301 0x25a4  DiagTrack - ok
22:12:21.0313 0x25a4  disk - ok
22:12:21.0325 0x25a4  DmEnrollmentSvc - ok
22:12:21.0337 0x25a4  dmvsc - ok
22:12:21.0349 0x25a4  dmwappushservice - ok
22:12:21.0361 0x25a4  Dnscache - ok
22:12:21.0377 0x25a4  dot3svc - ok
22:12:21.0393 0x25a4  DPS - ok
22:12:21.0401 0x25a4  dptf_acpi - ok
22:12:21.0413 0x25a4  dptf_cpu - ok
22:12:21.0425 0x25a4  drmkaud - ok
22:12:21.0437 0x25a4  DsmSvc - ok
22:12:21.0445 0x25a4  DsSvc - ok
22:12:21.0457 0x25a4  DXGKrnl - ok
22:12:21.0469 0x25a4  e1iexpress - ok
22:12:21.0481 0x25a4  EapHost - ok
22:12:21.0493 0x25a4  ebdrv - ok
22:12:21.0505 0x25a4  EFS - ok
22:12:21.0521 0x25a4  EhStorClass - ok
22:12:21.0533 0x25a4  EhStorTcgDrv - ok
22:12:21.0549 0x25a4  embeddedmode - ok
22:12:21.0557 0x25a4  EntAppSvc - ok
22:12:21.0569 0x25a4  ErrDev - ok
22:12:21.0589 0x25a4  esifsvc - ok
22:12:21.0601 0x25a4  esif_lf - ok
22:12:21.0609 0x25a4  ESProtectionDriver - ok
22:12:21.0621 0x25a4  ETD - ok
22:12:21.0637 0x25a4  ETDService - ok
22:12:21.0653 0x25a4  EventSystem - ok
22:12:21.0661 0x25a4  exfat - ok
22:12:21.0673 0x25a4  fastfat - ok
22:12:21.0681 0x25a4  Fax - ok
22:12:21.0693 0x25a4  fdc - ok
22:12:21.0705 0x25a4  fdPHost - ok
22:12:21.0717 0x25a4  FDResPub - ok
22:12:21.0729 0x25a4  fhsvc - ok
22:12:21.0741 0x25a4  FileCrypt - ok
22:12:21.0753 0x25a4  FileInfo - ok
22:12:21.0761 0x25a4  Filetrace - ok
22:12:21.0773 0x25a4  flpydisk - ok
22:12:21.0785 0x25a4  FltMgr - ok
22:12:21.0797 0x25a4  FontCache - ok
22:12:21.0809 0x25a4  FontCache3.0.0.0 - ok
22:12:21.0821 0x25a4  FrameServer - ok
22:12:21.0833 0x25a4  FsDepends - ok
22:12:21.0845 0x25a4  Fs_Rec - ok
22:12:21.0857 0x25a4  fvevol - ok
22:12:21.0869 0x25a4  gencounter - ok
22:12:21.0877 0x25a4  genericusbfn - ok
22:12:21.0889 0x25a4  GPIOClx0101 - ok
22:12:21.0901 0x25a4  gpsvc - ok
22:12:21.0913 0x25a4  GpuEnergyDrv - ok
22:12:21.0925 0x25a4  gupdate - ok
22:12:21.0937 0x25a4  gupdatem - ok
22:12:21.0953 0x25a4  HdAudAddService - ok
22:12:21.0965 0x25a4  HDAudBus - ok
22:12:21.0973 0x25a4  HidBatt - ok
22:12:21.0985 0x25a4  HidBth - ok
22:12:22.0001 0x25a4  hidi2c - ok
22:12:22.0009 0x25a4  hidinterrupt - ok
22:12:22.0021 0x25a4  HidIr - ok
22:12:22.0033 0x25a4  hidserv - ok
22:12:22.0045 0x25a4  HidUsb - ok
22:12:22.0057 0x25a4  HomeGroupListener - ok
22:12:22.0069 0x25a4  HomeGroupProvider - ok
22:12:22.0077 0x25a4  HpSAMD - ok
22:12:22.0089 0x25a4  HTTP - ok
22:12:22.0101 0x25a4  HvHost - ok
22:12:22.0121 0x25a4  hvservice - ok
22:12:22.0129 0x25a4  hwpolicy - ok
22:12:22.0141 0x25a4  hyperkbd - ok
22:12:22.0153 0x25a4  i8042prt - ok
22:12:22.0161 0x25a4  iagpio - ok
22:12:22.0173 0x25a4  iai2c - ok
22:12:22.0185 0x25a4  iaLPSS2i_GPIO2 - ok
22:12:22.0197 0x25a4  iaLPSS2i_I2C - ok
22:12:22.0209 0x25a4  iaLPSSi_GPIO - ok
22:12:22.0221 0x25a4  iaLPSSi_I2C - ok
22:12:22.0229 0x25a4  iaStorAV - ok
22:12:22.0241 0x25a4  iaStorV - ok
22:12:22.0253 0x25a4  ibbus - ok
22:12:22.0261 0x25a4  ibtsiva - ok
22:12:22.0273 0x25a4  ibtusb - ok
22:12:22.0289 0x25a4  icssvc - ok
22:12:22.0297 0x25a4  igfxCUIService2.0.0.0 - ok
22:12:22.0309 0x25a4  igfxLP - ok
22:12:22.0325 0x25a4  IKEEXT - ok
22:12:22.0337 0x25a4  ImControllerService - ok
22:12:22.0349 0x25a4  IndirectKmd - ok
22:12:22.0365 0x25a4  IntcAzAudAddService - ok
22:12:22.0377 0x25a4  IntcDAud - ok
22:12:22.0389 0x25a4  Intel® Capability Licensing Service TCP IP Interface - ok
22:12:22.0401 0x25a4  Intel® Security Assist - ok
22:12:22.0413 0x25a4  intelide - ok
22:12:22.0429 0x25a4  intelpep - ok
22:12:22.0441 0x25a4  intelppm - ok
22:12:22.0453 0x25a4  iorate - ok
22:12:22.0465 0x25a4  IpFilterDriver - ok
22:12:22.0477 0x25a4  iphlpsvc - ok
22:12:22.0489 0x25a4  IPMIDRV - ok
22:12:22.0501 0x25a4  IPNAT - ok
22:12:22.0513 0x25a4  irda - ok
22:12:22.0525 0x25a4  IRENUM - ok
22:12:22.0537 0x25a4  irmon - ok
22:12:22.0549 0x25a4  isaHelperSvc - ok
22:12:22.0561 0x25a4  isapnp - ok
22:12:22.0573 0x25a4  iScsiPrt - ok
22:12:22.0581 0x25a4  jhi_service - ok
22:12:22.0593 0x25a4  kbdclass - ok
22:12:22.0605 0x25a4  kbdhid - ok
22:12:22.0617 0x25a4  kdnic - ok
22:12:22.0637 0x25a4  KeyIso - ok
22:12:22.0645 0x25a4  KSecDD - ok
22:12:22.0657 0x25a4  KSecPkg - ok
22:12:22.0669 0x25a4  ksthunk - ok
22:12:22.0681 0x25a4  KtmRm - ok
22:12:22.0689 0x25a4  LanmanServer - ok
22:12:22.0701 0x25a4  LanmanWorkstation - ok
22:12:22.0721 0x25a4  lfsvc - ok
22:12:22.0733 0x25a4  LicenseManager - ok
22:12:22.0741 0x25a4  lltdio - ok
22:12:22.0753 0x25a4  lltdsvc - ok
22:12:22.0765 0x25a4  lmhosts - ok
22:12:22.0781 0x25a4  LSI_SAS - ok
22:12:22.0793 0x25a4  LSI_SAS2i - ok
22:12:22.0805 0x25a4  LSI_SAS3i - ok
22:12:22.0817 0x25a4  LSI_SSS - ok
22:12:22.0829 0x25a4  LSM - ok
22:12:22.0841 0x25a4  luafv - ok
22:12:22.0853 0x25a4  MapsBroker - ok
22:12:22.0865 0x25a4  MBAMChameleon - ok
22:12:22.0877 0x25a4  MBAMFarflt - ok
22:12:22.0889 0x25a4  MBAMProtection - ok
22:12:22.0905 0x25a4  MBAMService - ok
22:12:22.0921 0x25a4  MBAMSwissArmy - ok
22:12:22.0929 0x25a4  MBAMWebProtection - ok
22:12:22.0941 0x25a4  megasas - ok
22:12:22.0953 0x25a4  megasas2i - ok
22:12:22.0969 0x25a4  megasr - ok
22:12:22.0981 0x25a4  MessagingService - ok
22:12:23.0005 0x25a4  mlx4_bus - ok
22:12:23.0021 0x25a4  MMCSS - ok
22:12:23.0033 0x25a4  Modem - ok
22:12:23.0045 0x25a4  monitor - ok
22:12:23.0061 0x25a4  mouclass - ok
22:12:23.0073 0x25a4  mouhid - ok
22:12:23.0081 0x25a4  mountmgr - ok
22:12:23.0093 0x25a4  mpsdrv - ok
22:12:23.0105 0x25a4  MpsSvc - ok
22:12:23.0117 0x25a4  MRxDAV - ok
22:12:23.0129 0x25a4  mrxsmb - ok
22:12:23.0141 0x25a4  mrxsmb10 - ok
22:12:23.0157 0x25a4  mrxsmb20 - ok
22:12:23.0169 0x25a4  MsBridge - ok
22:12:23.0181 0x25a4  MSDTC - ok
22:12:23.0205 0x25a4  Msfs - ok
22:12:23.0217 0x25a4  msgpiowin32 - ok
22:12:23.0229 0x25a4  mshidkmdf - ok
22:12:23.0241 0x25a4  mshidumdf - ok
22:12:23.0253 0x25a4  msisadrv - ok
22:12:23.0265 0x25a4  MSiSCSI - ok
22:12:23.0277 0x25a4  msiserver - ok
22:12:23.0289 0x25a4  MSKSSRV - ok
22:12:23.0301 0x25a4  MsLldp - ok
22:12:23.0313 0x25a4  MSPCLOCK - ok
22:12:23.0325 0x25a4  MSPQM - ok
22:12:23.0337 0x25a4  MsRPC - ok
22:12:23.0357 0x25a4  mssmbios - ok
22:12:23.0369 0x25a4  MSTEE - ok
22:12:23.0381 0x25a4  MTConfig - ok
22:12:23.0393 0x25a4  Mup - ok
22:12:23.0405 0x25a4  mvumis - ok
22:12:23.0421 0x25a4  NativeWifiP - ok
22:12:23.0433 0x25a4  NcaSvc - ok
22:12:23.0445 0x25a4  NcbService - ok
22:12:23.0461 0x25a4  NcdAutoSetup - ok
22:12:23.0473 0x25a4  ndfltr - ok
22:12:23.0485 0x25a4  NDIS - ok
22:12:23.0497 0x25a4  NdisCap - ok
22:12:23.0513 0x25a4  NdisImPlatform - ok
22:12:23.0529 0x25a4  NdisTapi - ok
22:12:23.0545 0x25a4  Ndisuio - ok
22:12:23.0557 0x25a4  NdisVirtualBus - ok
22:12:23.0569 0x25a4  NdisWan - ok
22:12:23.0585 0x25a4  ndiswanlegacy - ok
22:12:23.0601 0x25a4  ndproxy - ok
22:12:23.0617 0x25a4  Ndu - ok
22:12:23.0629 0x25a4  NetAdapterCx - ok
22:12:23.0645 0x25a4  NetBIOS - ok
22:12:23.0669 0x25a4  NetBT - ok
22:12:23.0681 0x25a4  Netlogon - ok
22:12:23.0697 0x25a4  Netman - ok
22:12:23.0709 0x25a4  netprofm - ok
22:12:23.0721 0x25a4  NetSetupSvc - ok
22:12:23.0729 0x25a4  NetTcpPortSharing - ok
22:12:23.0753 0x25a4  NETwNe64 - ok
22:12:23.0765 0x25a4  Netwtw04 - ok
22:12:23.0777 0x25a4  NgcCtnrSvc - ok
22:12:23.0793 0x25a4  NgcSvc - ok
22:12:23.0805 0x25a4  NlaSvc - ok
22:12:23.0817 0x25a4  Npfs - ok
22:12:23.0829 0x25a4  npsvctrig - ok
22:12:23.0841 0x25a4  nsi - ok
22:12:23.0853 0x25a4  nsiproxy - ok
22:12:23.0873 0x25a4  NTFS - ok
22:12:23.0885 0x25a4  Null - ok
22:12:23.0897 0x25a4  nvraid - ok
22:12:23.0909 0x25a4  nvstor - ok
22:12:23.0921 0x25a4  OneSyncSvc - ok
22:12:23.0941 0x25a4  ose - ok
22:12:23.0957 0x25a4  osrss - ok
22:12:23.0969 0x25a4  p2pimsvc - ok
22:12:23.0981 0x25a4  p2psvc - ok
22:12:23.0993 0x25a4  Parport - ok
22:12:24.0005 0x25a4  partmgr - ok
22:12:24.0017 0x25a4  PcaSvc - ok
22:12:24.0029 0x25a4  pci - ok
22:12:24.0041 0x25a4  pciide - ok
22:12:24.0053 0x25a4  pcmcia - ok
22:12:24.0069 0x25a4  pcw - ok
22:12:24.0081 0x25a4  pdc - ok
22:12:24.0093 0x25a4  PEAUTH - ok
22:12:24.0105 0x25a4  percsas2i - ok
22:12:24.0121 0x25a4  percsas3i - ok
22:12:24.0137 0x25a4  PerfHost - ok
22:12:24.0169 0x25a4  PhoneSvc - ok
22:12:24.0185 0x25a4  PimIndexMaintenanceSvc - ok
22:12:24.0205 0x25a4  pla - ok
22:12:24.0213 0x25a4  PlugPlay - ok
22:12:24.0229 0x25a4  PNRPAutoReg - ok
22:12:24.0241 0x25a4  PNRPsvc - ok
22:12:24.0253 0x25a4  PolicyAgent - ok
22:12:24.0273 0x25a4  Power - ok
22:12:24.0289 0x25a4  PptpMiniport - ok
22:12:24.0297 0x25a4  PrintNotify - ok
22:12:24.0309 0x25a4  Processor - ok
22:12:24.0321 0x25a4  ProfSvc - ok
22:12:24.0337 0x25a4  Psched - ok
22:12:24.0349 0x25a4  QWAVE - ok
22:12:24.0365 0x25a4  QWAVEdrv - ok
22:12:24.0377 0x25a4  RasAcd - ok
22:12:24.0389 0x25a4  RasAgileVpn - ok
22:12:24.0405 0x25a4  RasAuto - ok
22:12:24.0417 0x25a4  Rasl2tp - ok
22:12:24.0433 0x25a4  RasMan - ok
22:12:24.0445 0x25a4  RasPppoe - ok
22:12:24.0457 0x25a4  RasSstp - ok
22:12:24.0469 0x25a4  rdbss - ok
22:12:24.0489 0x25a4  rdpbus - ok
22:12:24.0501 0x25a4  RDPDR - ok
22:12:24.0525 0x25a4  RdpVideoMiniport - ok
22:12:24.0537 0x25a4  rdyboost - ok
22:12:24.0557 0x25a4  ReFSv1 - ok
22:12:24.0569 0x25a4  RemoteAccess - ok
22:12:24.0581 0x25a4  RemoteRegistry - ok
22:12:24.0593 0x25a4  RetailDemo - ok
22:12:24.0609 0x25a4  RFCOMM - ok
22:12:24.0621 0x25a4  RmSvc - ok
22:12:24.0637 0x25a4  RpcEptMapper - ok
22:12:24.0649 0x25a4  RpcLocator - ok
22:12:24.0661 0x25a4  RpcSs - ok
22:12:24.0677 0x25a4  RSP2STOR - ok
22:12:24.0689 0x25a4  rspndr - ok
22:12:24.0705 0x25a4  s3cap - ok
22:12:24.0717 0x25a4  SamSs - ok
22:12:24.0729 0x25a4  sbp2port - ok
22:12:24.0745 0x25a4  SCardSvr - ok
22:12:24.0757 0x25a4  ScDeviceEnum - ok
22:12:24.0773 0x25a4  scfilter - ok
22:12:24.0785 0x25a4  Schedule - ok
22:12:24.0797 0x25a4  scmbus - ok
22:12:24.0809 0x25a4  scmdisk0101 - ok
22:12:24.0825 0x25a4  SCPolicySvc - ok
22:12:24.0837 0x25a4  sdbus - ok
22:12:24.0849 0x25a4  SDRSVC - ok
22:12:24.0865 0x25a4  sdstor - ok
22:12:24.0877 0x25a4  seclogon - ok
22:12:24.0889 0x25a4  SENS - ok
22:12:24.0905 0x25a4  SensorDataService - ok
22:12:24.0917 0x25a4  SensorService - ok
22:12:24.0929 0x25a4  SensrSvc - ok
22:12:24.0945 0x25a4  SerCx - ok
22:12:24.0957 0x25a4  SerCx2 - ok
22:12:24.0973 0x25a4  Serenum - ok
22:12:24.0989 0x25a4  Serial - ok
22:12:24.0997 0x25a4  sermouse - ok
22:12:25.0033 0x25a4  SessionEnv - ok
22:12:25.0045 0x25a4  sfloppy - ok
22:12:25.0061 0x25a4  SharedAccess - ok
22:12:25.0077 0x25a4  ShellHWDetection - ok
22:12:25.0093 0x25a4  shpamsvc - ok
22:12:25.0109 0x25a4  SiSRaid2 - ok
22:12:25.0121 0x25a4  SiSRaid4 - ok
22:12:25.0137 0x25a4  smphost - ok
22:12:25.0153 0x25a4  SmsRouter - ok
22:12:25.0177 0x25a4  SNMPTRAP - ok
22:12:25.0189 0x25a4  spaceport - ok
22:12:25.0205 0x25a4  SpbCx - ok
22:12:25.0217 0x25a4  Spooler - ok
22:12:25.0233 0x25a4  sppsvc - ok
22:12:25.0245 0x25a4  srv - ok
22:12:25.0261 0x25a4  srv2 - ok
22:12:25.0273 0x25a4  srvnet - ok
22:12:25.0285 0x25a4  SSDPSRV - ok
22:12:25.0301 0x25a4  SstpSvc - ok
22:12:25.0313 0x25a4  StateRepository - ok
22:12:25.0325 0x25a4  stexstor - ok
22:12:25.0341 0x25a4  stisvc - ok
22:12:25.0357 0x25a4  storahci - ok
22:12:25.0369 0x25a4  storflt - ok
22:12:25.0385 0x25a4  stornvme - ok
22:12:25.0397 0x25a4  storqosflt - ok
22:12:25.0413 0x25a4  StorSvc - ok
22:12:25.0429 0x25a4  storufs - ok
22:12:25.0441 0x25a4  storvsc - ok
22:12:25.0453 0x25a4  svsvc - ok
22:12:25.0465 0x25a4  swenum - ok
22:12:25.0481 0x25a4  swprv - ok
22:12:25.0493 0x25a4  Synth3dVsc - ok
22:12:25.0509 0x25a4  SysMain - ok
22:12:25.0521 0x25a4  SystemEventsBroker - ok
22:12:25.0537 0x25a4  TabletInputService - ok
22:12:25.0549 0x25a4  TapiSrv - ok
22:12:25.0565 0x25a4  Tcpip - ok
22:12:25.0581 0x25a4  Tcpip6 - ok
22:12:25.0601 0x25a4  tcpipreg - ok
22:12:25.0621 0x25a4  tdx - ok
22:12:25.0633 0x25a4  terminpt - ok
22:12:25.0649 0x25a4  TermService - ok
22:12:25.0661 0x25a4  Themes - ok
22:12:25.0677 0x25a4  TieringEngineService - ok
22:12:25.0689 0x25a4  tiledatamodelsvc - ok
22:12:25.0705 0x25a4  TimeBrokerSvc - ok
22:12:25.0717 0x25a4  TPM - ok
22:12:25.0741 0x25a4  TrkWks - ok
22:12:25.0749 0x25a4  TrustedInstaller - ok
22:12:25.0773 0x25a4  tsusbflt - ok
22:12:25.0785 0x25a4  TsUsbGD - ok
22:12:25.0797 0x25a4  TuneUp.UtilitiesSvc - ok
22:12:25.0813 0x25a4  TuneUpUtilitiesDrv - ok
22:12:25.0821 0x25a4  tunnel - ok
22:12:25.0833 0x25a4  TXEIx64 - ok
22:12:25.0849 0x25a4  tzautoupdate - ok
22:12:25.0861 0x25a4  UASPStor - ok
22:12:25.0877 0x25a4  UcmCx0101 - ok
22:12:25.0889 0x25a4  UcmTcpciCx0101 - ok
22:12:25.0905 0x25a4  UcmUcsi - ok
22:12:25.0921 0x25a4  Ucx01000 - ok
22:12:25.0933 0x25a4  UdeCx - ok
22:12:25.0949 0x25a4  udfs - ok
22:12:25.0961 0x25a4  UEFI - ok
22:12:25.0977 0x25a4  Ufx01000 - ok
22:12:25.0989 0x25a4  UfxChipidea - ok
22:12:26.0005 0x25a4  ufxsynopsys - ok
22:12:26.0033 0x25a4  UI0Detect - ok
22:12:26.0045 0x25a4  umbus - ok
22:12:26.0061 0x25a4  UmPass - ok
22:12:26.0073 0x25a4  UmRdpService - ok
22:12:26.0089 0x25a4  UnistoreSvc - ok
22:12:26.0113 0x25a4  upnphost - ok
22:12:26.0129 0x25a4  UrsChipidea - ok
22:12:26.0145 0x25a4  UrsCx01000 - ok
22:12:26.0161 0x25a4  UrsSynopsys - ok
22:12:26.0173 0x25a4  usbccgp - ok
22:12:26.0189 0x25a4  usbcir - ok
22:12:26.0201 0x25a4  usbehci - ok
22:12:26.0213 0x25a4  usbhub - ok
22:12:26.0229 0x25a4  USBHUB3 - ok
22:12:26.0241 0x25a4  usbohci - ok
22:12:26.0257 0x25a4  usbprint - ok
22:12:26.0273 0x25a4  usbser - ok
22:12:26.0289 0x25a4  USBSTOR - ok
22:12:26.0301 0x25a4  usbuhci - ok
22:12:26.0313 0x25a4  usbvideo - ok
22:12:26.0333 0x25a4  USBXHCI - ok
22:12:26.0349 0x25a4  UserDataSvc - ok
22:12:26.0373 0x25a4  UserManager - ok
22:12:26.0385 0x25a4  UsoSvc - ok
22:12:26.0397 0x25a4  VaultSvc - ok
22:12:26.0413 0x25a4  vdrvroot - ok
22:12:26.0429 0x25a4  vds - ok
22:12:26.0441 0x25a4  VerifierExt - ok
22:12:26.0457 0x25a4  vhdmp - ok
22:12:26.0473 0x25a4  vhf - ok
22:12:26.0485 0x25a4  vmbus - ok
22:12:26.0497 0x25a4  VMBusHID - ok
22:12:26.0513 0x25a4  vmgid - ok
22:12:26.0533 0x25a4  vmicguestinterface - ok
22:12:26.0549 0x25a4  vmicheartbeat - ok
22:12:26.0561 0x25a4  vmickvpexchange - ok
22:12:26.0577 0x25a4  vmicrdv - ok
22:12:26.0593 0x25a4  vmicshutdown - ok
22:12:26.0609 0x25a4  vmictimesync - ok
22:12:26.0621 0x25a4  vmicvmsession - ok
22:12:26.0633 0x25a4  vmicvss - ok
22:12:26.0649 0x25a4  volmgr - ok
22:12:26.0665 0x25a4  volmgrx - ok
22:12:26.0677 0x25a4  volsnap - ok
22:12:26.0693 0x25a4  volume - ok
22:12:26.0709 0x25a4  vpci - ok
22:12:26.0729 0x25a4  vsmraid - ok
22:12:26.0745 0x25a4  VSS - ok
22:12:26.0761 0x25a4  VSTXRAID - ok
22:12:26.0777 0x25a4  vwifibus - ok
22:12:26.0793 0x25a4  vwififlt - ok
22:12:26.0805 0x25a4  vwifimp - ok
22:12:26.0821 0x25a4  W32Time - ok
22:12:26.0833 0x25a4  WacomPen - ok
22:12:26.0849 0x25a4  WalletService - ok
22:12:26.0865 0x25a4  wanarp - ok
22:12:26.0877 0x25a4  wanarpv6 - ok
22:12:26.0893 0x25a4  wbengine - ok
22:12:26.0909 0x25a4  WbioSrvc - ok
22:12:26.0925 0x25a4  wcifs - ok
22:12:26.0941 0x25a4  Wcmsvc - ok
22:12:26.0957 0x25a4  wcncsvc - ok
22:12:26.0973 0x25a4  wcnfs - ok
22:12:26.0989 0x25a4  WdBoot - ok
22:12:27.0005 0x25a4  Wdf01000 - ok
22:12:27.0017 0x25a4  WdFilter - ok
22:12:27.0033 0x25a4  WdiServiceHost - ok
22:12:27.0049 0x25a4  WdiSystemHost - ok
22:12:27.0061 0x25a4  wdiwifi - ok
22:12:27.0077 0x25a4  WdNisDrv - ok
22:12:27.0093 0x25a4  WdNisSvc - ok
22:12:27.0109 0x25a4  WebClient - ok
22:12:27.0125 0x25a4  Wecsvc - ok
22:12:27.0141 0x25a4  WEPHOSTSVC - ok
22:12:27.0157 0x25a4  wercplsupport - ok
22:12:27.0169 0x25a4  WerSvc - ok
22:12:27.0185 0x25a4  WFPLWFS - ok
22:12:27.0201 0x25a4  WiaRpc - ok
22:12:27.0213 0x25a4  WIMMount - ok
22:12:27.0229 0x25a4  WinDefend - ok
22:12:27.0273 0x25a4  WindowsTrustedRT - ok
22:12:27.0281 0x25a4  WindowsTrustedRTProxy - ok
22:12:27.0297 0x25a4  WinHttpAutoProxySvc - ok
22:12:27.0313 0x25a4  WinMad - ok
22:12:27.0329 0x25a4  Winmgmt - ok
22:12:27.0345 0x25a4  WinRM - ok
22:12:27.0381 0x25a4  WINUSB - ok
22:12:27.0397 0x25a4  WinVerbs - ok
22:12:27.0413 0x25a4  wisvc - ok
22:12:27.0429 0x25a4  WlanSvc - ok
22:12:27.0445 0x25a4  wlidsvc - ok
22:12:27.0461 0x25a4  WmiAcpi - ok
22:12:27.0481 0x25a4  wmiApSrv - ok
22:12:27.0497 0x25a4  WMPNetworkSvc - ok
22:12:27.0509 0x25a4  Wof - ok
22:12:27.0533 0x25a4  workfolderssvc - ok
22:12:27.0549 0x25a4  WPDBusEnum - ok
22:12:27.0565 0x25a4  WpdUpFltr - ok
22:12:27.0581 0x25a4  WpnService - ok
22:12:27.0597 0x25a4  WpnUserService - ok
22:12:27.0625 0x25a4  ws2ifsl - ok
22:12:27.0641 0x25a4  wscsvc - ok
22:12:27.0653 0x25a4  WSearch - ok
22:12:27.0677 0x25a4  wuauserv - ok
22:12:27.0693 0x25a4  WudfPf - ok
22:12:27.0709 0x25a4  WUDFRd - ok
22:12:27.0725 0x25a4  wudfsvc - ok
22:12:27.0741 0x25a4  WUDFWpdFs - ok
22:12:27.0757 0x25a4  WUDFWpdMtp - ok
22:12:27.0769 0x25a4  WwanSvc - ok
22:12:27.0785 0x25a4  XblAuthManager - ok
22:12:27.0801 0x25a4  XblGameSave - ok
22:12:27.0817 0x25a4  xboxgip - ok
22:12:27.0829 0x25a4  XboxNetApiSvc - ok
22:12:27.0845 0x25a4  xinputhid - ok
22:12:27.0877 0x25a4  ZAM - ok
22:12:27.0893 0x25a4  ZAMSvc - ok
22:12:27.0909 0x25a4  ZAM_Guard - ok
22:12:27.0913 0x25a4  ================ Scan global ===============================
22:12:27.0917 0x25a4  [ Global ] - ok
22:12:27.0921 0x25a4  ================ Scan MBR ==================================
22:12:27.0925 0x25a4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:12:27.0929 0x25a4  \Device\Harddisk0\DR0 - ok
22:12:27.0929 0x25a4  ================ Scan VBR ==================================
22:12:27.0929 0x25a4  ================ Scan generic autorun ======================
22:12:27.0933 0x25a4  LenovoUtility - ok
22:12:27.0937 0x25a4  RTHDVCPL - ok
22:12:27.0941 0x25a4  RtHDVBg_LENOVO_DOLBYDRAGON - ok
22:12:27.0945 0x25a4  AVGUI.exe - ok
22:12:27.0949 0x25a4  AvgUi - ok
22:12:27.0957 0x25a4  ZAM - ok
22:12:27.0961 0x25a4  OneDriveSetup - ok
22:12:27.0965 0x25a4  OneDriveSetup - ok
22:12:27.0973 0x25a4  OneDriveSetup - ok
22:12:27.0977 0x25a4  OneDrive - ok
22:12:28.0169 0x25a4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.1198 ), 0x60100 ( disabled : updated )
22:12:28.0177 0x25a4  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.167 ), 0x60000 ( disabled : updated )
22:12:28.0185 0x25a4  AV detected via SS2: AVG Antivirus, C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe ( 18.2.3827.0 ), 0x41000 ( enabled : updated )
22:12:28.0189 0x25a4  FW detected via SS2: AVG Antivirus, C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe ( 18.2.3827.0 ), 0x41010 ( enabled )
22:12:28.0729 0x25a4  ============================================================
22:12:28.0729 0x25a4  Scan finished
22:12:28.0729 0x25a4  ============================================================
22:12:28.0749 0x259c  Detected object count: 0
22:12:28.0749 0x259c  Actual detected object count: 0
 
 
 
 
 
 
 
 
 
ESAT scan - no threats found.


#4 sfmurphy

sfmurphy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 March 2018 - 06:31 AM

Since installing MalwareBytes it's been blocking this site:

 

servicer.traffic-media.co



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 19 March 2018 - 01:16 PM

That's good.. The adware responsible for the Trafficmedia.co redirect is bundled with other free software that you download off of the Internet. ...

Rerun ADWCleaner and remove all it found
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 sfmurphy

sfmurphy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 March 2018 - 02:41 PM

Have scanned again and deleted file found. This is the following log

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 19 19:29:19 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-08-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki, C:\ProgramData\Host App Service
Adware.pokki, C:\ProgramData\Application Data\Host App Service
Adware.pokki, C:\Users\All Users\Host App Service
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\defaultuser0\AppData\Local\Host App Service
Adware.pokki, C:\Users\Stephen\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy, App Explorer
 
 
***** [ Registry ] *****
 
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03162018121015511\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03162018121015511\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03192018111345126\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03192018111345126\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03192018111345304\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2259392456-3324027238-2752023089-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03192018111345304\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2424 B] - [2018/3/15 14:50:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1778 B] - [2018/3/15 22:9:3]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
 
 
 
 
 
Opening YT - the malware ads are still appearing.
 
Also Malwarebytes is still blocking some sites.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 19 March 2018 - 04:00 PM

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 sfmurphy

sfmurphy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 March 2018 - 04:13 PM

So I did just that before posting the last log file.

 

I have run the software ag. The most recent logfile is below:

 

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 19 21:09:31 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-08-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3232 B] - [2018/3/19 19:31:47]
C:/AdwCleaner/AdwCleaner[S0].txt - [2424 B] - [2018/3/15 14:50:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1778 B] - [2018/3/15 22:9:3]
C:/AdwCleaner/AdwCleaner[S2].txt - [3158 B] - [2018/3/19 19:29:19]
 
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########ain - no threats found (unlike before the last scan)



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 20 March 2018 - 09:47 AM

Looks clean now. How's it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 omurchu

omurchu

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 20 March 2018 - 09:52 AM

The malware ads are still appearing when I visit YT. Also random tabs opening automatically. So there is still a problem.

 

I am wondering about a factory reset - would that sort the problem out?



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 AM

Posted 20 March 2018 - 10:13 AM

Yes that will clear all.

You can first try re setting your browsers to default.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users