Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

somethings wrong


  • This topic is locked This topic is locked
21 replies to this topic

#1 Atoro

Atoro

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 22 March 2018 - 04:00 AM

I downloaded total AV a while ago and only installed it yesterday . since then I can't download anything also I'm fairly new to computers . 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 24 March 2018 - 06:11 PM

Greetings Atoro and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 24 March 2018 - 10:48 PM

G'day Gary Arthur here .   When I posted the first one I couldn't download anything so I went to total AV on my computer and uninstalled it . Then I was able to download . So I then followed all the steps in the post on total AV on this site . RKill then Malwarebytes then Hitman pro then PSI . RKill didn't find anything but Malwarebytes quarantined Remo Optimizer which I had installed . Here is the first document from FRST . Attached File  FRST.txt   48.5KB   2 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Arty (administrator) on LAPTOP-J6STTD6J (25-03-2018 13:02:19)
Running from C:\Users\Arty\Downloads
Loaded Profiles: Arty (Available Profiles: Arty)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16419072 2016-02-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [PowerDVD17Agent] => C:\Program Files (x86)\CyberLink\PowerDVD17\PowerDVD17Agent.exe [527400 2017-11-16] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2018-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{e6a13e44-03ae-4607-832e-4fb9f9d03f1d}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: up1vc5h6.default
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default [2018-03-25]
FF Homepage: Mozilla\Firefox\Profiles\up1vc5h6.default -> moz-extension://748f9c28-cde2-41ba-b19f-d89fad3c26f4/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\up1vc5h6.default -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\up1vc5h6.default -> Enabled: nortonhomepage@symantec.com
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default\Extensions\abb-acer@amazon.com.xpi [2018-02-07]
FF Extension: (Norton Identity Safe) - C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default\Extensions\idsafe@norton.com.xpi [2018-03-20]
FF Extension: (Norton Home Page) - C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default\Extensions\nortonhomepage@symantec.com.xpi [2018-03-20]
FF Extension: (Norton Safe Web) - C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default\Extensions\nortonsafeweb@symantec.com.xpi [2018-03-20]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\up1vc5h6.default\Extensions\partnerdefaults@mozilla.com [2018-01-13] [Legacy]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows ® Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2272472 2017-06-07] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-24] (Dashlane, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-03-23] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-06-06] (Acer Incorporated)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-06-06] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
S2 EraserSvc11730; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NortonSecurity.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmdag.sys [36566432 2017-10-24] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmpag.sys [537504 2017-10-24] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [97672 2017-05-31] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R2 CLFCL5.17; C:\WINDOWS\system32\DRIVERS\CLFCL5.17\000.fcl [46848 2017-11-13] (CyberLink Corp.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 Kb9xI2c; C:\WINDOWS\System32\drivers\Kb9xI2c.sys [46624 2016-10-05] (ENE TECHNOLOGY INC.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [22320 2017-06-06] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-25] (Malwarebytes)
R1 MpKsl6d5525b0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBDF2DF1-BB94-4069-9EC9-50C5CE548DC0}\MpKsl6d5525b0.sys [58120 2018-03-24] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15664 2017-06-06] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-02-19] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 13:02 - 2018-03-25 13:03 - 000011762 _____ C:\Users\Arty\Downloads\FRST.txt
2018-03-25 13:02 - 2018-03-25 13:02 - 000000000 ____D C:\FRST
2018-03-25 12:59 - 2018-03-25 12:59 - 000000991 _____ C:\Users\Arty\Desktop\FRST64 - Shortcut.lnk
2018-03-25 12:58 - 2018-03-25 12:58 - 002403328 _____ (Farbar) C:\Users\Arty\Downloads\FRST64.exe
2018-03-24 21:50 - 2018-03-24 21:57 - 292297413 _____ C:\Users\Arty\Downloads\Elgrand, Nissan datascan 2, best tuning tool ever! e50 & e51 fault finder & more.mp4
2018-03-24 13:52 - 2018-03-24 13:52 - 000001011 _____ C:\Users\Arty\Desktop\PSISetup - Shortcut.lnk
2018-03-24 13:28 - 2018-03-24 13:28 - 000001047 _____ C:\Users\Arty\Desktop\iExplore (2) - Shortcut.lnk
2018-03-23 18:54 - 2018-03-23 18:54 - 000001148 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-23 18:43 - 2018-03-23 18:43 - 006612768 _____ (Microsoft Corporation) C:\Users\Arty\Downloads\Windows10Upgrade9252.exe
2018-03-23 18:14 - 2018-03-23 18:14 - 000001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2018-03-23 18:14 - 2018-03-23 18:14 - 000000000 ____D C:\Program Files (x86)\Secunia
2018-03-23 18:06 - 2018-03-23 18:06 - 004002104 _____ (Secunia) C:\Users\Arty\Downloads\PSISetup.exe
2018-03-23 17:07 - 2018-03-23 17:07 - 000004358 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for Arty
2018-03-23 17:07 - 2018-03-23 17:07 - 000001545 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2018-03-23 17:06 - 2018-03-23 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-03-23 17:06 - 2018-03-23 17:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2018-03-23 17:06 - 2018-03-23 17:06 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-03-23 17:06 - 2018-03-23 17:06 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-03-23 16:49 - 2018-03-23 16:49 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-23 16:45 - 2018-03-23 16:46 - 000000000 ____D C:\Users\Arty\Documents\hitman log
2018-03-23 16:32 - 2018-03-23 16:32 - 000001970 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-03-23 16:32 - 2018-03-23 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-23 16:32 - 2018-03-23 16:32 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-23 16:29 - 2018-03-23 16:47 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-23 16:09 - 2018-03-23 16:29 - 011605440 _____ (SurfRight B.V.) C:\Users\Arty\Downloads\HitmanPro_x64.exe
2018-03-23 15:58 - 2018-03-23 16:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-03-23 14:56 - 2018-03-25 10:27 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-23 14:56 - 2018-03-23 16:49 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-23 14:56 - 2018-03-23 14:56 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-23 14:56 - 2018-03-23 14:56 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-23 14:56 - 2018-03-23 14:56 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-23 14:55 - 2018-03-23 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-23 14:55 - 2018-01-18 08:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-23 14:49 - 2018-03-23 14:50 - 068724528 _____ (Malwarebytes ) C:\Users\Arty\Downloads\mb3-setup-1878.1878-3.4.4.2398 (1).exe
2018-03-23 13:37 - 2018-03-23 13:37 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Arty\Downloads\iExplore (2).exe
2018-03-22 19:59 - 2018-03-22 20:21 - 300764152 _____ C:\Users\Arty\Downloads\PhotoDirector_5.0.5424.50669a_GM5_Deluxe_PTD140605-04 (1).exe
2018-03-22 17:45 - 2018-03-24 13:26 - 000001872 _____ C:\Users\Arty\Desktop\Rkill.txt
2018-03-22 13:36 - 2018-03-22 13:36 - 000000000 ____D C:\Users\Public\CyberLink
2018-03-22 11:08 - 2018-03-22 11:10 - 000000000 ____D C:\Users\Arty\Documents\MSD Ignition
2018-03-21 20:55 - 2018-03-21 20:55 - 024401765 _____ C:\Users\Arty\Downloads\Dr Wallach on high blood pressure myths (2).mp4
2018-03-21 19:30 - 2018-03-21 19:30 - 000000000 ____D C:\Users\Arty\Documents\CyberLink
2018-03-21 19:30 - 2018-03-21 19:30 - 000000000 ____D C:\Users\Arty\AppData\Roaming\CyberLink
2018-03-21 19:00 - 2018-03-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\CLFCL5.17
2018-03-21 18:59 - 2018-03-21 19:00 - 000000000 ____D C:\ProgramData\PDVD
2018-03-21 18:59 - 2018-03-21 18:59 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 17.lnk
2018-03-21 18:59 - 2018-03-21 18:59 - 000002365 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 17.lnk
2018-03-21 18:59 - 2018-03-21 18:59 - 000000000 ____D C:\Users\Arty\AppData\Local\CyberLink
2018-03-21 18:59 - 2018-03-21 18:59 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2018-03-21 18:54 - 2018-03-21 18:54 - 000000000 ____D C:\Program Files (x86)\CyberLink
2018-03-21 18:49 - 2018-03-21 19:30 - 000000000 ____D C:\ProgramData\CyberLink
2018-03-21 18:49 - 2018-03-21 18:59 - 000000000 ____D C:\ProgramData\install_clap
2018-03-21 18:49 - 2018-03-21 18:49 - 000000000 ____D C:\ProgramData\install_backup
2018-03-21 18:13 - 2018-03-21 18:13 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-03-21 18:04 - 2018-03-21 18:04 - 000000000 ____D C:\Users\Arty\AppData\Roaming\TotalAV
2018-03-21 14:28 - 2018-03-21 14:46 - 837950672 _____ C:\Users\Arty\Downloads\2_Power2Go11_ContentPack_PGM160628-02.exe
2018-03-21 14:17 - 2018-03-21 14:22 - 223031392 _____ C:\Users\Arty\Downloads\1_CyberLink_Power2Go11_Platinum_P2G171016-01.exe
2018-03-21 14:16 - 2018-03-21 14:16 - 003161008 _____ C:\Users\Arty\Downloads\Power2Go_ENU.pdf
2018-03-21 14:01 - 2018-03-21 14:03 - 069103944 _____ C:\Users\Arty\Downloads\CyberLink_MediaEspresso7.5_MEX170411-01 (2).exe
2018-03-21 14:01 - 2018-03-21 14:03 - 069103944 _____ C:\Users\Arty\Downloads\CyberLink_MediaEspresso7.5_MEX170411-01 (1).exe
2018-03-21 14:00 - 2018-03-21 14:02 - 069103944 _____ C:\Users\Arty\Downloads\CyberLink_MediaEspresso7.5_MEX170411-01.exe
2018-03-21 13:49 - 2018-03-21 13:50 - 000000000 ____D C:\Users\Arty\AppData\Local\PlaceholderTileLogoFolder
2018-03-21 13:36 - 2018-03-21 13:36 - 019432653 _____ C:\Users\Arty\Downloads\PowerDirector_UG_ENU.pdf
2018-03-20 17:11 - 2018-03-20 22:04 - 2627651192 _____ C:\Users\Arty\Downloads\2_CyberLink_PowerDirector_ContentPack_Essential_PCP160714-011.exe
2018-03-20 15:50 - 2018-03-20 17:10 - 869314032 _____ C:\Users\Arty\Downloads\1_CyberLink_PowerDirector15_Deluxe_VDE160718-03.exe
2018-03-20 15:23 - 2018-03-20 15:48 - 211599952 _____ C:\Users\Arty\Downloads\CyberLink_PowerDVD17_Ultra_DVD170918-01.exe
2018-03-20 13:34 - 2018-03-20 13:34 - 000463171 _____ C:\Users\Arty\Downloads\corona system borg warner.pdf
2018-03-20 12:08 - 2018-03-20 12:17 - 000000000 ____D C:\Users\Arty\Documents\American Express Statments
2018-03-19 18:55 - 2018-03-19 18:56 - 095566642 _____ C:\Users\Arty\Downloads\Energy Efficient, Low Emission Ignition by Transient Plasma Systems (WWL Orcelle® Award Winner 2015).mp4
2018-03-19 18:31 - 2018-03-19 18:33 - 119401484 _____ C:\Users\Arty\Downloads\Dual Plasma Ignition.mp4
2018-03-19 18:08 - 2018-03-19 18:15 - 449287273 _____ C:\Users\Arty\Downloads\Plasma Ignition on 1977 Datsun 620.mp4
2018-03-19 18:06 - 2018-03-19 18:06 - 000000000 ____D C:\Users\Arty\Documents\IS Videos
2018-03-19 11:46 - 2018-03-19 11:47 - 000000000 ____D C:\Users\Arty\Documents\Car Parts
2018-03-18 14:35 - 2018-03-18 14:35 - 015653522 _____ C:\Users\Arty\Downloads\The Instant Cure for Plantar Fasciitis!.mp4
2018-03-18 14:21 - 2018-03-18 14:21 - 013332107 _____ C:\Users\Arty\Downloads\How do I download and save a YouTube video to my computer.mp4
2018-03-17 11:12 - 2018-03-17 11:12 - 000000000 ____D C:\Users\Arty\Downloads\RealTemp_370
2018-03-17 10:54 - 2018-03-17 10:54 - 000330853 _____ C:\Users\Arty\Downloads\RealTemp_370.zip
2018-03-14 20:11 - 2018-03-03 07:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-14 20:11 - 2018-03-03 07:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 10:51 - 2018-03-25 10:29 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F7D2555B-E9FD-469B-82E6-B6856EA333E9}
2018-03-14 09:18 - 2018-03-01 17:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 09:18 - 2018-03-01 17:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 09:18 - 2018-03-01 17:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 09:18 - 2018-03-01 17:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 09:18 - 2018-03-01 17:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 09:18 - 2018-03-01 17:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 09:18 - 2018-03-01 17:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 09:18 - 2018-03-01 17:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 09:18 - 2018-03-01 17:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 09:18 - 2018-03-01 16:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 09:18 - 2018-03-01 16:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 09:18 - 2018-03-01 16:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 09:18 - 2018-03-01 16:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 09:18 - 2018-03-01 16:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 09:18 - 2018-03-01 16:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 09:18 - 2018-03-01 16:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 09:18 - 2018-03-01 16:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 09:18 - 2018-03-01 16:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 09:18 - 2018-03-01 16:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 09:18 - 2018-03-01 16:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 09:18 - 2018-03-01 16:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 09:18 - 2018-03-01 16:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 09:18 - 2018-03-01 16:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 09:18 - 2018-03-01 16:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 09:18 - 2018-03-01 15:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 09:18 - 2018-03-01 15:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 09:18 - 2018-03-01 15:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 09:18 - 2018-03-01 15:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 09:18 - 2018-03-01 15:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 09:18 - 2018-03-01 15:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 09:18 - 2018-03-01 15:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 09:18 - 2018-03-01 15:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 09:18 - 2018-03-01 15:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 09:18 - 2018-03-01 15:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 09:18 - 2018-03-01 15:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 09:18 - 2018-03-01 15:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 09:18 - 2018-03-01 15:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 09:18 - 2018-03-01 15:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 09:18 - 2018-03-01 15:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 09:18 - 2018-03-01 15:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 09:18 - 2018-03-01 15:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 09:18 - 2018-03-01 15:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 09:18 - 2018-03-01 15:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 09:18 - 2018-03-01 15:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 09:18 - 2018-03-01 15:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 09:18 - 2018-03-01 15:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 09:18 - 2018-03-01 15:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 09:18 - 2018-03-01 15:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 09:18 - 2018-03-01 15:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 09:18 - 2018-03-01 15:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 09:18 - 2018-03-01 15:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 09:18 - 2018-02-22 12:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 09:18 - 2018-02-22 12:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 09:18 - 2018-02-22 12:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 09:18 - 2018-02-22 12:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 09:18 - 2018-02-22 12:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 09:18 - 2018-02-22 12:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 09:18 - 2018-02-22 12:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 09:18 - 2018-02-22 12:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 09:18 - 2018-02-22 12:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 09:18 - 2018-02-22 11:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 09:18 - 2018-02-22 11:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 09:18 - 2018-02-22 11:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 09:18 - 2018-02-22 11:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 09:18 - 2018-02-22 11:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 09:18 - 2018-02-22 10:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 09:18 - 2018-02-22 10:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 09:18 - 2018-02-22 10:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 09:17 - 2018-03-02 13:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 09:17 - 2018-03-02 13:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 09:17 - 2018-03-02 13:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 09:17 - 2018-03-02 13:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 09:17 - 2018-03-02 13:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 09:17 - 2018-03-02 13:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 09:17 - 2018-03-02 12:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 09:17 - 2018-03-02 06:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 09:17 - 2018-03-01 17:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 09:17 - 2018-03-01 17:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 09:17 - 2018-03-01 17:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 09:17 - 2018-03-01 17:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 09:17 - 2018-03-01 17:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 09:17 - 2018-03-01 17:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 09:17 - 2018-03-01 17:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 09:17 - 2018-03-01 17:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 09:17 - 2018-03-01 17:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 09:17 - 2018-03-01 17:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 09:17 - 2018-03-01 17:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 09:17 - 2018-03-01 17:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 09:17 - 2018-03-01 17:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 09:17 - 2018-03-01 17:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 09:17 - 2018-03-01 17:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 09:17 - 2018-03-01 17:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 09:17 - 2018-03-01 17:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 09:17 - 2018-03-01 17:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 09:17 - 2018-03-01 17:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 09:17 - 2018-03-01 17:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 09:17 - 2018-03-01 17:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 09:17 - 2018-03-01 17:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 09:17 - 2018-03-01 17:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 09:17 - 2018-03-01 17:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 09:17 - 2018-03-01 17:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 09:17 - 2018-03-01 17:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 09:17 - 2018-03-01 17:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 09:17 - 2018-03-01 17:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 09:17 - 2018-03-01 17:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 09:17 - 2018-03-01 17:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 09:17 - 2018-03-01 17:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 09:17 - 2018-03-01 17:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 09:17 - 2018-03-01 17:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 09:17 - 2018-03-01 16:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 09:17 - 2018-03-01 16:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 09:17 - 2018-03-01 16:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 09:17 - 2018-03-01 16:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 09:17 - 2018-03-01 16:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 09:17 - 2018-03-01 16:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 09:17 - 2018-03-01 16:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 09:17 - 2018-03-01 16:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 09:17 - 2018-03-01 16:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 09:17 - 2018-03-01 16:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 09:17 - 2018-03-01 16:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 09:17 - 2018-03-01 15:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 09:17 - 2018-03-01 15:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 09:17 - 2018-03-01 15:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 09:17 - 2018-03-01 15:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 09:17 - 2018-03-01 15:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 09:17 - 2018-03-01 15:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 09:17 - 2018-03-01 15:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 09:17 - 2018-03-01 15:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 09:17 - 2018-03-01 15:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 09:17 - 2018-03-01 15:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 09:17 - 2018-03-01 15:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 09:17 - 2018-03-01 15:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 09:17 - 2018-03-01 15:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 09:17 - 2018-03-01 15:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 09:17 - 2018-03-01 15:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 09:17 - 2018-03-01 15:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 09:17 - 2018-03-01 15:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 09:17 - 2018-03-01 15:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 09:17 - 2018-03-01 15:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 09:17 - 2018-03-01 15:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 09:17 - 2018-03-01 15:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 09:17 - 2018-03-01 15:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 09:17 - 2018-03-01 15:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 09:17 - 2018-03-01 15:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 09:17 - 2018-03-01 15:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 09:17 - 2018-03-01 15:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 09:17 - 2018-03-01 15:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 09:17 - 2018-03-01 15:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 09:17 - 2018-03-01 15:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 09:17 - 2018-03-01 15:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 09:17 - 2018-03-01 15:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 09:17 - 2018-03-01 15:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 09:17 - 2018-03-01 15:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 09:17 - 2018-03-01 15:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 09:17 - 2018-03-01 15:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 09:17 - 2018-03-01 15:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 09:17 - 2018-03-01 15:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 09:17 - 2018-03-01 15:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 09:17 - 2018-03-01 15:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 09:17 - 2018-03-01 15:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 09:17 - 2018-02-22 12:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 09:17 - 2018-02-22 12:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 09:17 - 2018-02-22 12:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 09:17 - 2018-02-22 12:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 09:17 - 2018-02-22 12:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 09:17 - 2018-02-22 12:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 09:17 - 2018-02-22 12:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 09:17 - 2018-02-22 11:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 09:17 - 2018-02-22 11:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 09:17 - 2018-02-22 11:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 09:17 - 2018-02-22 10:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 09:17 - 2018-02-22 10:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 09:17 - 2018-02-22 10:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 09:17 - 2018-02-22 10:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 09:17 - 2018-02-22 10:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 09:17 - 2018-02-22 10:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 09:17 - 2018-02-22 10:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-12 17:12 - 2018-03-12 17:12 - 000000072 ___SH C:\bootTel.dat
2018-03-12 12:56 - 2018-03-23 15:31 - 000000000 ____D C:\ProgramData\TEMP
2018-03-10 14:41 - 2018-03-10 14:41 - 000000442 _____ C:\Users\Arty\Desktop\PayPal.htm
2018-03-10 11:30 - 2018-03-10 11:30 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1158125801-3122374121-1916978205-1001
2018-03-08 17:02 - 2018-03-08 17:02 - 001450827 _____ C:\Users\Arty\Downloads\NaturesAnswer.pdf
2018-03-06 13:56 - 2018-03-25 10:27 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2018-03-06 11:56 - 2018-03-11 12:48 - 000003282 _____ C:\WINDOWS\System32\Tasks\Norton Security Autofix
2018-03-06 11:56 - 2018-03-06 11:56 - 000003798 _____ C:\WINDOWS\System32\Tasks\Norton Security Error Processor
2018-03-06 11:56 - 2018-03-06 11:56 - 000003236 _____ C:\WINDOWS\System32\Tasks\Norton Security Error Analyzer
2018-03-03 21:54 - 2018-03-04 13:10 - 000000000 ____D C:\Users\Arty\Documents\Weight loss 2
2018-03-03 11:57 - 2018-03-09 13:34 - 000000000 ____D C:\Users\Arty\Documents\Weight loss
2018-03-02 20:30 - 2018-03-21 12:40 - 000000000 ____D C:\Users\Arty\Documents\High Blood Pressure
2018-02-27 15:44 - 2018-03-02 11:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-24 18:15 - 2017-09-29 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-24 16:38 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-24 15:22 - 2018-01-16 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-24 12:19 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-03-24 12:16 - 2018-01-17 00:03 - 001313542 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-24 10:36 - 2017-09-29 23:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-24 10:36 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-23 19:34 - 2018-01-13 00:14 - 000000000 ____D C:\Users\Arty\AppData\LocalLow\Mozilla
2018-03-23 19:33 - 2018-01-13 00:13 - 000000000 ____D C:\Users\Arty\AppData\Roaming\Mozilla
2018-03-23 18:54 - 2017-10-07 15:07 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-23 18:54 - 2017-10-07 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-23 18:54 - 2017-10-07 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-23 18:46 - 2018-01-16 19:39 - 000000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-03-23 18:46 - 2018-01-16 19:39 - 000000723 _____ C:\Users\Arty\Desktop\Windows 10 Update Assistant.lnk
2018-03-23 18:46 - 2018-01-12 21:58 - 000000000 ____D C:\Windows10Upgrade
2018-03-23 17:06 - 2017-10-07 15:21 - 000000000 ____D C:\ProgramData\Norton
2018-03-23 16:55 - 2018-01-16 16:58 - 000000000 ____D C:\Users\Arty\AppData\Roaming\vlc
2018-03-23 16:48 - 2018-01-17 00:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-23 16:47 - 2017-10-07 14:35 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-23 16:47 - 2017-09-29 18:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-23 16:39 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-23 16:39 - 2017-09-29 18:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-23 16:24 - 2017-10-07 15:21 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-03-23 15:32 - 2018-02-19 14:22 - 000000000 ____D C:\Program Files\Remo Optimizer3.0
2018-03-22 20:09 - 2017-03-19 07:03 - 000000155 _____ C:\WINDOWS\win.ini
2018-03-22 19:42 - 2018-01-16 23:40 - 000391384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-22 12:26 - 2018-01-12 21:45 - 000000000 ____D C:\Users\Arty\AppData\Local\Host App Service
2018-03-21 19:00 - 2017-09-29 23:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-21 18:59 - 2017-10-07 14:28 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-21 18:54 - 2017-10-07 14:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-21 13:50 - 2018-01-16 23:45 - 000000000 ____D C:\Users\Arty\AppData\Local\Packages
2018-03-21 10:02 - 2018-02-19 16:27 - 000000000 ____D C:\Users\Arty\Documents\Receipts
2018-03-19 17:14 - 2018-02-19 10:43 - 000000000 ____D C:\Users\Arty\Documents\IS
2018-03-19 14:53 - 2018-02-19 16:25 - 000000000 ____D C:\Users\Arty\Documents\Product Info
2018-03-17 10:27 - 2017-09-29 23:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-17 10:24 - 2017-10-07 15:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 17:23 - 2018-01-16 23:44 - 000000000 ____D C:\Users\Arty
2018-03-16 14:24 - 2018-02-19 15:56 - 000000000 ____D C:\Users\Arty\Documents\Food
2018-03-16 11:22 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 11:21 - 2018-02-08 16:06 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-15 11:54 - 2018-02-19 16:10 - 000000000 ____D C:\Users\Arty\Documents\Health
2018-03-14 20:12 - 2018-01-17 01:51 - 000000000 ___RD C:\Users\Arty\3D Objects
2018-03-14 20:12 - 2017-10-07 14:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 19:44 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 19:44 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 19:44 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 09:43 - 2018-01-13 04:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 09:29 - 2018-01-13 04:06 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 09:28 - 2018-01-13 04:05 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 09:21 - 2017-09-29 23:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 09:21 - 2017-09-29 23:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-11 15:03 - 2018-01-12 22:26 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-10 11:30 - 2018-01-12 22:00 - 000002368 _____ C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-10 11:30 - 2018-01-12 22:00 - 000000000 ___RD C:\Users\Arty\OneDrive
2018-03-08 10:13 - 2018-02-20 17:08 - 000067632 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe
2018-03-03 13:58 - 2018-02-19 14:48 - 000000000 ____D C:\Users\Arty\Documents\Back to life
2018-03-02 11:27 - 2017-09-29 23:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-02-25 12:17 - 2018-02-19 15:13 - 000000000 ____D C:\Users\Arty\Documents\Guidelines
2018-02-23 12:31 - 2018-01-16 14:23 - 000000000 ____D C:\Users\Arty\AppData\Local\ElevatedDiagnostics

Some files in TEMP:
====================
2018-03-22 12:22 - 2018-03-22 12:23 - 047158432 _____ (SweetLabs,Inc.) C:\Users\Arty\AppData\Local\Temp\oct2A61.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-16 12:25

==================== End of FRST.txt ============================

Edited by Oh My!, 25 March 2018 - 03:32 PM.


#4 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 24 March 2018 - 10:57 PM

Attached File  Addition.txt   37.95KB   1 downloadsAttached File  Addition.txt   37.95KB   1 downloadsHere is the second document .

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Arty (25-03-2018 13:04:13)
Running from C:\Users\Arty\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-16 14:10:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1158125801-3122374121-1916978205-500 - Administrator - Disabled)
Arty (S-1-5-21-1158125801-3122374121-1916978205-1001 - Administrator - Enabled) => C:\Users\Arty
DefaultAccount (S-1-5-21-1158125801-3122374121-1916978205-503 - Limited - Disabled)
Guest (S-1-5-21-1158125801-3122374121-1916978205-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1158125801-3122374121-1916978205-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3008 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3014 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3004 - Acer Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
App Explorer (HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\...\Host App Service) (Version: 0.273.2.646 - SweetLabs) <==== ATTENTION
Catalyst Control Center Next Localization BR (HKLM\...\{553D5810-F764-4777-D32C-62BCDF640FB7}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{93CAA77D-7FAD-8867-C806-C5FF1B73FB48}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{3DFED208-1FEA-5ECC-0E5B-2DDA5CA86416}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4AE3EFD3-64E3-B643-DD9F-863C0898F17B}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{C60A1DBA-B043-31A5-C52C-045BEC9456EC}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C069EA0E-B67F-AD07-6526-BF51BE91A794}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CA3566C8-E80A-5F6F-4E16-A042418F05E7}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{010176B3-C408-2BC4-C08B-EAE6A4E854F4}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{313A0C7B-CD96-BA28-ACCD-D2713A6FB482}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{46C0F7B7-C7CC-3C2A-AF2D-47948E9D52FB}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{59D65E93-B376-7678-5444-D7E53B83B0F8}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{63CF6C20-4B43-12B6-42AE-60A15757E0FB}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{C21E4591-BE30-35DB-301E-0FAF07AA5385}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{205FB326-3FC8-A46D-6584-7D6A51561250}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{292A6FB6-E69A-6310-F67D-61D943A33A31}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{F04D0E96-83C4-E70F-265E-C10C81101A42}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{82BCF9C7-7FF0-E6F8-6075-34B9214666AD}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DDC6F06D-B841-6A62-9B5D-48A15CAE6FF9}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{F96C39D6-D2AB-D6D9-541C-0365AAA2C0B8}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{D93EEC72-4E58-1D92-004C-D110CC3B25A7}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B5EA9278-5F22-C0E8-5DA9-2EEC079562AE}) (Version: 2017.0525.108.206 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD 17 (HKLM-x32\...\{D15BFD7F-6BBA-49A7-A6B1-14C00DCA6842}) (Version: 17.0.2316.62 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
eBay (HKLM-x32\...\{5A9A1C97-DFF1-42A0-926B-39553CE88332}) (Version: 1.0.17365 - Acer)
ENE KB9X I2C Controller Driver (HKLM\...\1B288C6A7CFAD713C99F7FCBACA8A678B1CE150D) (Version: 10/01/2016 1.0.2.0 - ENE)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 59.0.1 (x86 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.150 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated)
ContextMenuHandlers1: [$PowerDVD] -> {E72C61D0-C453-42BA-84C9-88AEE3DEE676} => C:\ProgramData\CyberLink\PowerDVD17\OpenWith\PDVD_Shell64.dll [2017-11-16] (CyberLink Corp.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-05-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A8CD61D-DE05-4906-9695-56A2A82FCE29} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe
Task: {1BB4380A-EE07-4E09-9423-EA5A5FCAC294} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {5863CBD1-BBB0-4038-B9C9-50BD93AFD6CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {5B7CE851-9ED1-46FE-B989-DC1FE613D484} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {5EC040C3-D9DC-4450-8F94-41DB8D0DE411} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe
Task: {5ED1F097-2622-4D6B-9729-3F9790C6FF0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {70E42069-C615-48F8-997E-9A2560CFF011} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {7B90E348-39D4-4141-B13E-FC42A932FDD9} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {7ED6F67D-C39A-4F55-85D1-5E6F9ACC95EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {AF27FA08-F5F9-429B-A492-E75CE8877EDE} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe
Task: {BD4005FB-6525-4E54-B929-ACC52D5B5D97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {BEC5472F-FF99-4728-A802-05A9DC578416} - System32\Tasks\Norton Security Scan for Arty => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe [2018-01-10] (Symantec Corporation)
Task: {DAC7BEB1-80B4-40E4-8F7F-A2C2A7510FAF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2017-05-23] (TODO: <Company name>)
Task: {DDB6DF03-042A-477A-989A-BFA6C21D90C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {E3320430-49CE-4DB3-ACA7-CD2E87586DCC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-17] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-23 14:55 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-23 14:55 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 23:41 - 2017-09-29 23:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-14 09:17 - 2018-02-22 10:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 09:17 - 2018-02-22 10:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 10:31 - 2018-03-24 10:36 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 10:31 - 2018-03-24 10:36 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 12:06 - 2018-03-16 12:06 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 10:47 - 2018-03-09 10:47 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-16 10:42 - 2018-02-16 10:43 - 025843200 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-02-16 10:42 - 2018-02-16 10:43 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-16 10:42 - 2018-02-16 10:43 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-12 22:59 - 2018-01-12 23:00 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-01-12 22:44 - 2018-01-12 22:45 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-16 10:42 - 2018-02-16 10:43 - 005527040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.Visuals.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\msln.exe:53d9d7879d6466565dafc91e09cfcf4e [998]
AlternateDataStreams: C:\ProgramData\TEMP:AF9B99B3 [132]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 07:03 - 2017-03-19 07:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B6689432-4698-46D0-AC47-5DE913D9E0F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08D509CE-6EB5-459A-9AF7-84B70BD20686}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D793B96-2143-4933-A2FB-A139197A9A69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3D50F5E0-B472-4E0A-8DBA-76B8F2562F45}] => (Allow) C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4\abFiles\acer\ccd.exe
FirewallRules: [{2E0F41C7-EBD5-4F96-88A0-927649680212}] => (Allow) C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4\abFiles\acer\ccd.exe
FirewallRules: [{162A49DF-543E-4D78-ABC4-FF2FC10CD35C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5F2E9116-E3A6-45B6-AD59-2FA0DEF324C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{BCF76742-C991-4918-8E07-0A6B7B7704DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D876609B-0412-4EB1-9B35-E9F9BC31967D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{96A19804-03AB-4C97-9405-EC35A261ED28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E6DF261C-773C-486B-B2EF-635C67A2C71E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3AC19222-DB5B-4129-B8D1-71C00679F78F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{02F55EA1-EC06-4FA4-8841-C36ABAB90FF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A4728E6F-480C-470A-B917-185F5F473288}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{EEA98BCB-87E8-4769-B8DD-F3D9EA496B0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{9CD6450D-91A1-4D46-888F-71D9A5D2C732}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD17\PowerDVD.exe
FirewallRules: [{C6823694-929C-4C37-9D50-90259B707470}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD17\Kernel\DMS\CLMSServerPDVD17.exe
FirewallRules: [{DA3E4CE0-A627-41C1-B043-B4A193A10DB6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD17\PowerDVD17Agent.exe
FirewallRules: [{F2B2B819-46D5-45B3-95F7-E6DD6D4E01A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD17\Movie\PowerDVDMovie.exe
FirewallRules: [{1A48D415-A411-448B-9867-67F4D7C54FAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD17\CastingStation.exe

==================== Restore Points =========================

22-03-2018 17:56:52 Scheduled Checkpoint
24-03-2018 18:14:30 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2018 01:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: edgehtml.dll, version: 11.0.16299.309, time stamp: 0x4ad775d4
Exception code: 0xc0000005
Fault offset: 0x0000000000204c00
Faulting process id: 0x4d4
Faulting application start time: 0x01d3c18f17bb806b
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: db082565-5004-4121-998f-a33b417b209c
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (03/21/2018 06:55:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (03/21/2018 06:53:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (03/14/2018 09:43:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/12/2018 01:58:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.248, time stamp: 0x18ee648b
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.248, time stamp: 0x362fafd8
Exception code: 0xc0000005
Fault offset: 0x000000000012782b
Faulting process id: 0x1d04
Faulting application start time: 0x01d3b99284a202b9
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: 7c34763c-ef75-4899-836b-771fbb7ecdbb
Faulting package full name:
Faulting package-relative application ID:

Error: (03/12/2018 11:51:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftPdfReader.exe, version: 11.0.16299.248, time stamp: 0x5a7e76e9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000029c
Faulting process id: 0x22c0
Faulting application start time: 0x01d3b9a2a2a8c31b
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
Faulting module path: unknown
Report Id: 9b66d1f1-ef20-4d3c-8470-18c65b6fdda9
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: PdfReader

Error: (03/12/2018 11:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftPdfReader.exe, version: 11.0.16299.248, time stamp: 0x5a7e76e9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00000000000002ad
Faulting process id: 0x22c0
Faulting application start time: 0x01d3b9a2a2a8c31b
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
Faulting module path: unknown
Report Id: 2a87dcbb-d8c7-4000-aa26-47d21a1dce09
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: PdfReader

Error: (03/11/2018 07:59:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.248, time stamp: 0x5a7e76b1
Faulting module name: KERNELBASE.dll, version: 10.0.16299.248, time stamp: 0x4414ec23
Exception code: 0x8007000e
Fault offset: 0x0000000000014008
Faulting process id: 0x16c4
Faulting application start time: 0x01d3b91f8800641a
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 16b87d1b-944e-4f56-a2d0-f8863701341c
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (03/25/2018 10:59:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:55:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:40:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:28:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:25:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:25:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:25:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 10:25:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-22 20:21:56.629
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F5EFDD8C-6F5D-43D3-B817-E2CBAE38671B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-15 15:08:18.534
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E920F7C4-7F9D-455C-8B2B-916A2C80F2FF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-15 14:42:09.845
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2BDA00E9-2163-4B34-94F9-0D0B9C7A488D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-15 12:52:40.950
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8DCBA87F-2891-4FF1-A5C3-D5B9195FE13F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-15 11:29:13.493
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {724A31A6-3562-49DA-AB49-40F204E9A690}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-11 14:38:52.026
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-03-06 11:52:18.588
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-06 11:52:17.867
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-06 11:52:16.937
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-06 11:52:06.058
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-03-25 12:45:20.368
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:45:19.749
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:45:10.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:45:09.905
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:03:27.895
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:03:26.848
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:03:12.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-03-25 12:03:11.911
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: AMD A4-7210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 36%
Total physical RAM: 7125.37 MB
Available physical RAM: 4551.7 MB
Total Virtual: 8277.37 MB
Available Virtual: 5338.92 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:874.44 GB) NTFS

\\?\Volume{a23fb173-aa6f-4fe4-80a6-dc4275a6be91}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{04b8fdaf-9271-4a0c-a75b-45b4e57d1d0b}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DCD24BF9)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 25 March 2018 - 03:33 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 25 March 2018 - 03:51 PM

Greetings Arthur.

Nice job on working through the Total AV steps.

Let's do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Norton Security Scan

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
FF Homepage: Mozilla\Firefox\Profiles\up1vc5h6.default -> moz-extension://748f9c28-cde2-41ba-b19f-d89fad3c26f4/homePageRedirect.html
S2 EraserSvc11730; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NortonSecurity.exe" /h ccCommon [X]
2018-03-21 19:00 - 2018-03-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\CLFCL5.17
2018-03-21 18:13 - 2018-03-21 18:13 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-03-21 18:04 - 2018-03-21 18:04 - 000000000 ____D C:\Users\Arty\AppData\Roaming\TotalAV
2018-03-23 15:32 - 2018-02-19 14:22 - 000000000 ____D C:\Program Files\Remo Optimizer3.0
2018-03-22 20:09 - 2017-03-19 07:03 - 000000155 _____ C:\WINDOWS\win.ini
2018-03-22 12:22 - 2018-03-22 12:23 - 047158432 _____ (SweetLabs,Inc.) C:\Users\Arty\AppData\Local\Temp\oct2A61.tmp.exe
AlternateDataStreams: C:\WINDOWS\system32\msln.exe:53d9d7879d6466565dafc91e09cfcf4e [998]
AlternateDataStreams: C:\ProgramData\TEMP:AF9B99B3 [132]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Norton uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 25 March 2018 - 11:47 PM

Attached File  Fixlog.txt   3.74KB   1 downloadsG'day Gary . I uninstalled Norton then did what you said . Here is the Fixlog . Sorry mate I don't seem to be able to past it here . Also a while ago I invested some money with FTO Capital an online trading company who I am finding out now are a complete SCAM . At the time they got me to download team viewer where they were able to view my screen and move a pointer around on mine . This scared me a fair bit and when they asked me to go into my online banking while they were watching I saw red flags everywhere and wouldn't do it . After I finished on the phone with them I straight away uninstalled the program and deleted the part that was downloaded . Would there be any of it left ?   Other sites where I have been reading about them say there is malware in it . Thankyou so much for helping me .       Arthur

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Arty (26-03-2018 10:17:55) Run:1
Running from C:\Users\Arty\Downloads
Loaded Profiles: Arty (Available Profiles: Arty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 ->
DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
FF Homepage: Mozilla\Firefox\Profiles\up1vc5h6.default -> moz-extension://748f9c28-cde2-41ba-b19f-d89fad3c26f4/homePageRedirect.html
S2 EraserSvc11730; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NortonSecurity.exe" /h ccCommon [X]
2018-03-21 19:00 - 2018-03-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\CLFCL5.17
2018-03-21 18:13 - 2018-03-21 18:13 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-03-21 18:04 - 2018-03-21 18:04 - 000000000 ____D C:\Users\Arty\AppData\Roaming\TotalAV
2018-03-23 15:32 - 2018-02-19 14:22 - 000000000 ____D C:\Program Files\Remo Optimizer3.0
2018-03-22 20:09 - 2017-03-19 07:03 - 000000155 _____ C:\WINDOWS\win.ini
2018-03-22 12:22 - 2018-03-22 12:23 - 047158432 _____ (SweetLabs,Inc.)
C:\Users\Arty\AppData\Local\Temp\oct2A61.tmp.exe
AlternateDataStreams: C:\WINDOWS\system32\msln.exe:53d9d7879d6466565dafc91e09cfcf4e [998]
AlternateDataStreams: C:\ProgramData\TEMP:AF9B99B3 [132]
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 ->" => not found
DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7}" => removed successfully
HKLM\Software\Classes\CLSID\{F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} => not found
"FF Homepage: Mozilla\Firefox\Profiles\up1vc5h6.default -> moz-extension://748f9c28-cde2-41ba-b19f-d89fad3c26f4/homePageRedirect.html" => not found
"Firefox homepage" => removed successfully
"HKLM\System\CurrentControlSet\Services\EraserSvc11730" => removed successfully
EraserSvc11730 => service removed successfully
C:\WINDOWS\system32\Drivers\CLFCL5.17 => moved successfully
C:\ProgramData\SecuritySuite => moved successfully
C:\Users\Arty\AppData\Roaming\TotalAV => moved successfully
C:\Program Files\Remo Optimizer3.0 => moved successfully
C:\WINDOWS\win.ini => moved successfully
"2018-03-22 12:22 - 2018-03-22 12:23 - 047158432 _____ (SweetLabs,Inc.)" => not found
C:\Users\Arty\AppData\Local\Temp\oct2A61.tmp.exe => moved successfully
C:\WINDOWS\system32\msln.exe => ":53d9d7879d6466565dafc91e09cfcf4e" ADS removed successfully
C:\ProgramData\TEMP => ":AF9B99B3" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35296630 B
Java, Flash, Steam htmlcache => 1377 B
Windows/system/drivers => 1589020 B
Edge => 119953109 B
Chrome => 0 B
Firefox => 61339747 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 45362 B
NetworkService => 178408 B
Arty => 97016523 B

RecycleBin => 0 B
EmptyTemp: => 309.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:22:48 ====

Edited by Oh My!, 26 March 2018 - 08:30 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 26 March 2018 - 08:38 AM

Hi Arthur.

I am not seeing any indication of a Backdoor Trojan which is what allows someone to have continued access to a computer without being detected. If you have not seen any irregularities in your banking institutions or password compromises you should be fine. It sounds like this happened awhile ago so you should have seen some evidence by now.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • How is your computer running? Are you able to download?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 27 March 2018 - 04:56 AM

Attached File  Fixlog.txt   626bytes   2 downloadsG'day Gary . I did what you said and ESET found no threats . The log for the other one is here . I have had no worries downloading since right at the start when I uninstalled Total AV . My computer seems to be running pretty good . Also is it safe to use Remo Optimizer ?    Thankyou again .

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Arty (27-03-2018 11:22:52) Run:2
Running from C:\Users\Arty\Desktop
Loaded Profiles: Arty (Available Profiles: Arty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-1158125801-3122374121-1916978205-1001 -> DefaultScope {F3259FC0-C8AA-4905-8F1A-E6EB88A60CB7} URL =

*****************

"HKU\S-1-5-21-1158125801-3122374121-1916978205-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully

==== End of Fixlog 11:22:52 ====

Edited by Oh My!, 27 March 2018 - 02:06 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 27 March 2018 - 02:14 PM

Greetings Arthur.

I have never heard of Remo Optimizer until your post. All I can tell you is generally I would not use the program myself. Whether it is this program or any other, I do not recommend any programs or parts of programs that clean/manipulate the registry because of the potential for catastrophic consequences. Wrong moves in the registry can make a computer unbootable so great caution needs to be exercised when making changes in the registry. If I wanted to use a similar program I would probably use CCleaner but avoid the registry cleaning component.

Are there any other issues or questions before I post some clean up instructions and general information for you to consider going forward?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 28 March 2018 - 08:13 AM

G'day Gary . Thankyou for the advice . When I first bought the computer a couple of months ago it wouldn't play a DVD I wanted to watch .IT was suppose to come with Cyberlink Power DVD player but it didn't . I downloaded VLC media player and it played the DVD . But half way through the computer shut down , the first time this had happened . Since then every now and than it just shuts down all on its own . It happened again tonight . Would like to know what's going here as well . Thankyou  . 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 28 March 2018 - 09:20 AM

Hi Arthur.

Just to clarify, does it actually shut down or does it freeze/blue screen/restart?

Please do these things.

===================================================

System Summary Information

--------------------
  • Press the Windows Key + R at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and upload the file here
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
Zip: C:\Windows\Minidump
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Crystal Disk Info

--------------
  • Launch a DVD and allow it to play in the background during these steps
  • Download Crystal Disk Info and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Select I accept the agreement and click Next 4 times
  • Click Install
  • Click Finish to launch the program
  • On the CrystalDiskInfo screen click Edit, then Copy
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Shut down information?
  • Fixlog
  • Attached zip file
  • CrystalDisk information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 29 March 2018 - 07:03 AM

Attached File  Fixlog.txt   555bytes   2 downloadsG'day Gary . Sorry mate still learning . It froze dark blue screen then restarts . Takes a while to restart . Included is the fixlog , zipfile , and CrystalDisk info . Thankyou for your help . 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Arty (29-03-2018 20:18:50) Run:3
Running from C:\Users\Arty\Desktop
Loaded Profiles: Arty (Available Profiles: Arty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Zip: C:\Windows\Minidump

*****************

================== Zip: ===================
C:\Windows\Minidump -> copied successfully to C:\Users\Arty\Desktop\29.03.2018_20.18.50.zip
=========== Zip: End ===========

==== End of Fixlog 20:18:51 ====

----------------------------------------------------------------------------
CrystalDiskInfo 7.6.0 © 2008-2018 hiyohiyo
                                Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------
    OS : Windows 10  [10.0 Build 16299] (x64)
  Date : 2018/03/29 21:51:38
-- Controller Map ----------------------------------------------------------
 + Standard SATA AHCI Controller [ATA]
   - ST1000LM035-1RK172
   - HL-DT-ST DVDRAM GUE1N
 - Microsoft Storage Spaces Controller [SCSI]
-- Disk List ---------------------------------------------------------------
 (1) ST1000LM035-1RK172 : 1000.2 GB [0/0/0, pd1] - st
----------------------------------------------------------------------------
 (1) ST1000LM035-1RK172
----------------------------------------------------------------------------
           Model : ST1000LM035-1RK172
        Firmware : ACM1
   Serial Number : WDEJPQM2
       Disk Size : 1000.2 GB (8.4/137.4/1000.2/1000.2)
     Buffer Size : Unknown
     Queue Depth : 32
    # of Sectors : 1953525168
   Rotation Rate : 5400 RPM
       Interface : Serial ATA
   Major Version : ACS-3
   Minor Version : ACS-3 Revision 3b
   Transfer Mode : SATA/600 | SATA/600
  Power On Hours : 539 hours
  Power On Count : 170 count
     Temperature : 36 C (96 F)
   Health Status : Good
        Features : S.M.A.R.T., APM, 48bit LBA, NCQ
       APM Level : 0101h [ON]
       AAM Level : ----
    Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _81 _64 __6 00000714B588 Read Error Rate
03 _99 _99 __0 000000000000 Spin-Up Time
04 _94 _94 _20 000000001A70 Start/Stop Count
05 100 100 _36 000000000000 Reallocated Sectors Count
07 _74 _60 _45 0000015F4AEA Seek Error Rate
09 100 100 __0 50C00000021B Power-On Hours
0A 100 100 _97 000000000000 Spin Retry Count
0C 100 100 _20 0000000000AA Power Cycle Count
B8 100 100 _99 000000000000 End-to-End Error
BB 100 100 __0 000000000000 Reported Uncorrectable Errors
BC 100 100 __0 000000000000 Command Timeout
BD 100 100 __0 000000000000 High Fly Writes
BE _64 _51 _40 000024190024 Airflow Temperature
BF 100 100 __0 000000000002 G-Sense Error Rate
C0 100 100 __0 000000000001 Power-off Retract Count
C1 _95 _95 __0 0000000028A0 Load/Unload Cycle Count
C2 _36 _49 __0 001600000024 Temperature
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
F0 100 253 __0 29640000020B Head Flying Hours
F1 100 253 __0 00006A76C0F2 Total Host Writes
F2 100 253 __0 0000FAE40E58 Total Host Reads
FE 100 100 __0 000000000000 Free Fall Protection
-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5744 454A 5051 4D32
020: 0000 0000 0000 4143 4D31 2020 2020 5354 3130 3030
030: 4C4D 3033 352D 3152 4B31 3732 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0100
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 006C 0040
080: 07F0 001F 746B 7D69 6163 7469 BC49 6163 407F 0050
090: 0050 0101 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: AB1F 1F3F 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 BDFF 0280 0000 0000
150: 0008 0000 0000 0027 1028 8000 4000 0100 A500 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 83A5
-- SMART_READ_DATA ---------------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 51 40 88 B5 14 07 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 5E 5E 70
020: 1A 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 4A 3C EA 4A 5F 01 00 00 00 09 32
040: 00 64 64 1B 02 00 00 C0 50 0E 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 AA 00 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 40 33 24 00 19 24 00 00 00 BF 32
0A0: 00 64 64 02 00 00 00 00 00 00 C0 32 00 64 64 01
0B0: 00 00 00 00 00 01 C1 32 00 5F 5F A0 28 00 00 00
0C0: 00 00 C2 22 00 24 31 24 00 00 00 16 00 00 C5 12
0D0: 00 64 64 00 00 00 00 00 00 00 C6 10 00 64 64 00
0E0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0F0: 00 00 F0 00 00 64 FD 0B 02 00 00 64 29 0F F1 00
100: 00 64 FD F2 C0 76 6A 00 00 00 F2 00 00 64 FD 58
110: 0E E4 FA 00 00 00 FE 32 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71
170: 03 00 01 00 01 9F 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 06 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 02 00 00 00 9A C9 EC 07 C4 01 00 00
1B0: 00 00 00 00 01 00 33 00 F2 C0 76 6A 00 00 00 00
1C0: 58 0E E4 FA 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 15 0B 00 00 01 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
1F0: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 F5
-- SMART_READ_THRESHOLD ----------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 2D 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 28 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 92

Edited by Oh My!, 29 March 2018 - 08:53 AM.


#13 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 29 March 2018 - 07:17 AM

G'day Gary . I submitted 3 lots of zip files to the link you sent me . thanks



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:26 PM

Posted 29 March 2018 - 08:53 AM

Hi Arthur.

I only received 2, and both of them were the System information. No zipped Minidump file was received. The Fixlog indicates a zip folder was created on your desktop.

Please do this.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click the Windows key + R at the same time
  • Type msconfig and hit Enter
  • Click the Boot tab
  • Place a check mark in Base video, then click OK
  • Restart your computer Note: Your screen resolution may change
  • Check for computer crashes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Minidump zip folder
  • Computer crash using Base Video?

Edited by Oh My!, 29 March 2018 - 02:37 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Atoro

Atoro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 March 2018 - 07:24 AM

G'day Gary . I sent the zip file . I did what you said but it made everything wider so I unchecked the base video box . I don't know weather its in VGA normal or not or how to find this out . Thankyou again .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users