Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WUDFHOST.EXE cannot delete, slowing browser


  • This topic is locked This topic is locked
10 replies to this topic

#1 artm

artm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 14 May 2018 - 05:37 PM

Today my browser was slow, pausing every few seconds for a few seconds at a time. I noticed WUDFHOST.EXE running, which is not normal. I cannot stop that process, it's a LOCAL SERVICE.

 

Looking at the file details:

   - location: c:\windows\system32

   - version: 6.2.9200.16384

   - size 229888

   - date: 07/15/2013

 

 

Related files in same folder with same date/time:

    - WUDFCoinstaller.dll

    - WUDFPlatform.dll

    - WUDFSvc.dll

    - WUDFx.dll

 

All these files, and the first one, are also in this folder:

 

C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033

 

...but with different details:

   - size 226816 (WUDFHOST.EXE)

   - version: 6.1.7601.17514

   - date: 11/20/2010 (for all)

 

 

On another Win7 SP1 system I have, WUDFHOST.EXE is not running, has not run as far as I can recall, and file details match those of the 11/20/2010 files above for WUDFHOST.EXE and the related files noted above.

 

 

Any help appreciated.

========================================================================

========================================================================

========================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by admin (administrator) on ASUS (14-05-2018 18:20:58)
Running from T:\DL
Loaded Profiles: admin & Administrator (Available Profiles: admin & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: "E:\prog\Internet\Mozilla Portable\FirefoxPortable\App\Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adaptec Incorporated) C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe
(Michal Trojnara) E:\prog\Internet\Stunnel\bin\stunnel.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrf2.Exe
(IvoSoft) E:\prog\Uti\Classic Shell\ClassicStartMenu.exe
(RaMMicHaeL) E:\prog\Uti\7+ Taskbar Tweaker\bin\64\7+ Taskbar Tweaker.ex2
(Almico Software (www.almico.com)) E:\prog\Test\Speedfan\speedfan.exe
(VirtuaWin) E:\prog\Uti\Virtuawin Portable\VirtuaWin.exe
(RealVNC Ltd.) E:\prog\Internet\VNC4\winvnc4.exe
(Adobe Systems Inc.) E:\prog\Uti\Acrobat7\Distillr\acrotray.exe
() E:\prog\Uti\Shutter\Shutter.exe
() E:\prog\Uti\Virtuawin Portable\modules\WinList.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(RealVNC Ltd.) E:\prog\Internet\VNC4\vncviewer.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Sysinternals) E:\prog\Uti\Tcpview.exe
(Trend Micro Inc.) E:\prog\Uti\Hijackthis\HijackThis.exe
(Sysinternals - www.sysinternals.com) E:\prog\Uti\process-explorer.exe
(Sysinternals - www.sysinternals.com) E:\prog\Uti\process-explorer64.exe
(Moxie Proxy) E:\prog\Internet\Prospector\Prospector.exe
(Helios Software Solutions) E:\prog\Uti\TextPad4\TextPad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => E:\prog\Uti\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => E:\prog\Uti\Acrobat7\Distillr\Acrotray.exe [483328 2005-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [E:\prog\Uti\Shutter\Shutter.exe] => E:\prog\Uti\Shutter\Shutter.exe [1774592 2016-05-09] ()
HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\...\Run: [7 Taskbar Tweaker] => E:\prog\Uti\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [51200 2015-12-04] (RaMMicHaeL)
HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\prog\Internet\Eudora\EuShlExt.dll [77824 2001-04-12] (Qualcomm Inc.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin Portable.lnk [2015-06-18]
ShortcutTarget: VirtuaWin Portable.lnk -> E:\prog\Uti\Virtuawin Portable\VirtuaWin.exe (VirtuaWin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VNC Server (User Mode).lnk [2015-01-21]
ShortcutTarget: VNC Server (User Mode).lnk -> E:\prog\Internet\VNC4\winvnc4.exe (RealVNC Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2016-03-31]
ShortcutTarget: SpeedFan.lnk -> E:\prog\Test\Speedfan\speedfan.exe (Almico Software (www.almico.com))
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{30631743-BA72-46AD-BAC4-B6034AA70D12}: [NameServer] 208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> E:\prog\Uti\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> E:\prog\Uti\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> E:\prog\Uti\Acrobat7\ActiveX\AcroIEHelper.dll [2005-09-24] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> E:\prog\Uti\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> E:\prog\Uti\Acrobat7\Acrobat\AcroIEFavClient.dll [2005-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> E:\prog\Uti\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - E:\prog\Uti\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - E:\prog\Uti\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\prog\Uti\Acrobat7\Acrobat\AcroIEFavClient.dll [2005-09-24] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-3187623042-3046525075-1313186338-1000 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xxt79dfz.default [2018-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-25] ()
FF Plugin-x32: @IPC/npmedia3.0.0.3,version=3.0.0.3 -> C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll [2016-08-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
StartMenuInternet: FIREFOX.EXE - E:\prog\Internet\Mozilla Portable\FirefoxPortable\App\Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptecStorageManagerAgent; C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe [119296 2012-05-10] (Adaptec Incorporated) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-10-31] (Adobe Systems) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2018-05-14] (Enigma Software Group USA, LLC.)
R2 stunnel; E:\prog\Internet\Stunnel\bin\stunnel.exe [201728 2017-07-16] (Michal Trojnara) [File not signed]
S3 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479960 2014-10-03] (VMware, Inc.)
S3 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479960 2014-10-03] (VMware, Inc.)
S3 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479960 2014-10-03] (VMware, Inc.)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730560 2014-11-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-15] (Microsoft Corporation)
S3 WinVNC4; E:\prog\Internet\VNC4\WinVNC4.exe [2067832 2009-07-25] (RealVNC Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 cpuz128; E:\prog\Test\PCWizard2008\pcwiz64.sys [16360 2007-07-14] (Windows ® Server 2003 DDK provider)
S2 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-05-14] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2018-05-14] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EverestDriver; E:\prog\Test\Everest\kerneld.amd64 [20608 2007-10-17] ()
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [71576 2012-12-19] (Famatech Corp.)
U5 UnlockerDriver5; E:\prog\Uti\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 17:31 - 2018-05-14 18:20 - 000000000 ____D C:\FRST
2018-05-14 17:17 - 2018-05-14 17:17 - 000000000 ____D C:\Users\admin\Desktop\Mozilla Portable
2018-05-14 15:02 - 2018-05-14 15:02 - 000003746 _____ C:\Windows\System32\Tasks\SpyHunter4
2018-05-14 15:02 - 2018-05-14 15:02 - 000000394 _____ C:\Windows\Tasks\SpyHunter4.job
2018-05-14 13:16 - 2018-05-14 14:27 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-14 11:58 - 2018-05-14 11:58 - 000000000 _____ C:\autoexec.bat
2018-05-14 11:57 - 2018-05-14 11:57 - 000022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2018-05-14 11:57 - 2018-05-14 11:57 - 000001119 _____ C:\Users\admin\Desktop\SpyHunter.lnk
2018-05-14 11:57 - 2018-05-14 11:57 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2018-05-14 11:57 - 2018-05-14 11:57 - 000000000 ____D C:\sh4ldr
2018-05-14 11:57 - 2018-05-14 11:57 - 000000000 ____D C:\ProgramData\Enigma Software Group
2018-05-14 11:57 - 2018-05-14 11:57 - 000000000 ____D C:\Program Files\Enigma Software Group
2018-05-14 10:59 - 2018-05-14 11:46 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2018-05-14 10:59 - 2018-05-14 10:59 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-01 13:42 - 2018-05-01 14:46 - 000000000 ____D C:\Users\admin\Desktop\178Allerton
2018-04-30 14:16 - 2018-04-30 14:20 - 000785934 _____ C:\Users\admin\Desktop\2017 Form 1040  Individual Tax Return-TEMP.tax2017
2018-04-30 14:11 - 2018-04-30 14:14 - 000727278 _____ C:\Users\admin\Desktop\2016 Form 1040  Individual Tax Return-TEMP.tax2016
2018-04-27 23:33 - 2018-04-27 23:33 - 000276312 _____ C:\Windows\Minidump\042718-33836-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 18:20 - 2015-05-07 23:15 - 000000000 ____D C:\Users\admin\AppData\Roaming\ProspectorV5
2018-05-14 18:20 - 2014-10-31 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Mozilla
2018-05-14 18:08 - 2014-10-31 15:26 - 000000000 ____D C:\Users\admin\AppData\Roaming\ClassicShell
2018-05-14 17:43 - 2009-07-14 00:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-14 17:43 - 2009-07-14 00:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-14 17:42 - 2015-01-22 19:10 - 000000000 ____D C:\Temp
2018-05-14 15:07 - 2009-07-14 01:13 - 000785510 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-14 15:07 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-14 14:29 - 2015-01-22 14:56 - 000005936 _____ (SysInternals) C:\Windows\SysWOW64\Drivers\PROCEXP.SYS
2018-05-14 11:48 - 2017-08-13 19:05 - 000001024 _____ C:\.rnd
2018-05-14 11:48 - 2014-09-14 08:45 - 000000000 ____D C:\Users\admin
2018-05-14 11:48 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-14 11:46 - 2016-02-19 21:32 - 000000000 ____D C:\Windows\SysWOW64\rserver30
2018-05-14 11:46 - 2015-01-22 14:57 - 000000000 ____D C:\Users\admin\AppData\Roaming\AceSniperDesktop
2018-05-14 11:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2018-05-11 09:55 - 2018-02-23 00:12 - 000000000 ____D C:\Users\admin\AppData\Local\Deployment
2018-05-10 13:21 - 2015-08-07 17:51 - 000000000 ____D C:\Users\admin\AppData\Roaming\.oit
2018-05-09 09:03 - 2015-05-15 08:48 - 000001901 _____ C:\Windows\panose.bin
2018-05-04 09:57 - 2017-05-06 02:07 - 000000000 ____D C:\Windows\pss
2018-05-04 09:25 - 2014-10-31 17:05 - 000001389 _____ C:\Windows\ATREX.INI
2018-05-02 18:01 - 2014-10-31 09:15 - 000000000 ____D C:\Users\admin\Desktop\NEWSLETTERS
2018-05-02 13:58 - 2017-12-20 01:57 - 000000000 ____D C:\Users\admin\Desktop\PDF's
2018-05-01 13:38 - 2015-05-12 15:09 - 000000000 ____D C:\Users\admin\AppData\Local\CutePDF Writer
2018-04-27 23:33 - 2015-01-03 18:23 - 000000000 ____D C:\Windows\Minidump
2018-04-27 23:33 - 2009-07-14 00:45 - 000294152 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-25 23:45 - 2015-01-22 19:06 - 000001280 _____ C:\Windows\winzip32.ini
2018-04-25 23:45 - 2009-07-13 22:34 - 000000545 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2015-01-22 20:05 - 2015-01-22 20:05 - 000000524 _____ () C:\Users\admin\AppData\Roaming\BlueEyePro.prefs
2015-01-22 20:05 - 2015-01-22 20:05 - 000001700 _____ () C:\Users\admin\AppData\Roaming\BlueEyeProLog.txt
2015-01-22 20:05 - 2015-01-22 20:05 - 000000033 _____ () C:\Users\admin\AppData\Roaming\CLPresets.txt
2017-08-01 23:23 - 2018-03-21 15:22 - 000000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-12-24 16:26 - 2015-01-03 17:24 - 000007632 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2015-01-22 20:39 - 2018-05-14 11:48 - 000192512 _____ () C:\Users\admin\AppData\Local\Temp\sfamcc00001.dll
2018-05-04 10:00 - 2018-05-14 11:48 - 000158720 _____ () C:\Users\admin\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-08 01:08

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by admin (14-05-2018 18:21:24)
Running from T:\DL
Windows 7 Ultimate Service Pack 1 (X64) (2014-09-14 12:43:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3187623042-3046525075-1313186338-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3187623042-3046525075-1313186338-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3187623042-3046525075-1313186338-501 - Limited - Enabled)
test (S-1-5-21-3187623042-3046525075-1313186338-1001 - Administrator - Enabled)
___VMware_Conv_SA___ (S-1-5-21-3187623042-3046525075-1313186338-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec Storage Manager (HKLM\...\{7C3DAF8E-37AB-47D6-9157-ED9B56558341}) (Version: 7.31.00.18856 - %COMPANY_LONG%)
Adobe Acrobat 7.0.5 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.0.5 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.09 - )
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Atrex (HKLM-x32\...\Atrex) (Version:  - )
Attribute Changer 7.11 (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.11 - Romain Petges)
Bibble  Pro (HKLM-x32\...\Bibble  Pro) (Version:  - )
Canon CanoScan 8600F User Registration (HKLM-x32\...\Canon CanoScan 8600F User Registration) (Version:  - )
CanoScan 8600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804) (Version:  - )
CaptureWizPro 2.20 (HKLM-x32\...\CaptureWiz) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cookie Pal (HKLM-x32\...\NetPal) (Version:  - )
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Corel AfterShot Pro 3 - HDR x64 (HKLM\...\{2B482BD8-191A-4D79-8E8B-10AB97176A34}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - ICA x64 (HKLM\...\{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - IPM Content x64 (HKLM\...\{85082869-BCD7-40ED-A119-DBA8A78C460F}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3 - IPM x64 (HKLM\...\{135781FB-026A-4164-838C-0C447783C32B}) (Version: 3.1.0.181 - Corel Corporation) Hidden
Corel AfterShot Pro 3 x64 (HKLM\...\{854C5C2C-C11F-497E-BDCC-AC6C7F2D75F3}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot Pro 3(64-bit) (HKLM\...\_{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}) (Version: 3.1.0.181 - Corel Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Date & Time Shell Extension v1.30 (HKLM-x32\...\DateTimePropertyPage) (Version:  - )
Desktop Bidder (HKLM-x32\...\{6FFE9996-CE60-4BC8-B7D2-6C8E78F6D7B8}) (Version: 4.18.5643 - Ace Sniper)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
doPDF 7.1 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.02.04 - )
Eudora (HKLM-x32\...\{E7EA47C8-E28A-497D-B458-4868667D1911}) (Version: 7.0 - )
Fidelity Active Trader Pro® (HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\...\a36ba76f6187edff) (Version: 10.6.1219.0 - Fidelity Investments)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
IPM_Common_x64 (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.3 - Your Company Name) Hidden
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
Prospector (HKLM-x32\...\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}) (Version: 3.17.5551 - Moxie Proxy)
Radmin Server 3.5 (HKLM-x32\...\{1B25B709-0909-4C30-8E85-BF3823DF7555}) (Version: 3.50.0000 - Famatech)
Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
ScottradeELITE 2013 (HKLM-x32\...\{33B2F0C4-FBCE-4CDB-B98D-6D945068A150}) (Version: 5.2.0.0 - Scottrader)
SmartWindow 10.0 (HKLM-x32\...\{F3D4B94A-FE73-4A1B-8657-3C9ACB2B23DA}) (Version: 10.00 - )
SmartWindow 8.50 (HKLM-x32\...\{DC3522DF-9F0E-4C23-8408-5A7460379350}) (Version: 8.50.120 - )
SmartWindow 9.00 (HKLM-x32\...\{8795A971-8870-4B2A-B242-E531AC4EAA31}) (Version: 9.00 - )
SMB 600X/6000X Firmware (HKLM-x32\...\{B9D8AC76-C02B-4A2D-B64B-6CC32531148B}) (Version: 2.55 - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.7.4850 - Enigma Software Group, LLC)
stunnel installed for AllUsers (HKLM-x32\...\stunnel) (Version: 5.42 - Michal Trojnara)
Super Flexible File Synchronizer 1.28, build 108 (HKLM-x32\...\File Synchronizer) (Version:  - )
TransMac version 10.4 (HKLM-x32\...\TransMac_is1) (Version: 10.4 - Acute Systems)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Types (HKLM\...\Types) (Version: 2.1.6 - E. Strunnikov)
U232 P9/P25 10.2.98 (HKLM-x32\...\{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}) (Version: 10.2.98 - MCT)
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VMware vCenter Converter Standalone (HKLM-x32\...\{2BCC4907-4205-4338-BDA5-94F183144C35}) (Version: 5.5.3.2183569 - VMware, Inc.)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.0.0 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.0.0 - VMware, Inc)
VNC Enterprise Edition E4.5.1 (HKLM\...\RealVNC_is1) (Version: E4.5.1 - RealVNC Ltd.)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.6.0 (HKLM\...\VNCPrinter_is1) (Version: 1.6.0 - RealVNC Ltd.)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  - )
XlsX Viewer 2.0 (HKLM-x32\...\XlsX Viewer 2.0) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => E:\prog\Uti\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => E:\prog\Uti\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\prog\Uti\Acrobat7\Acrobat Elements\ContextMenu.dll [2005-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1-x32-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\prog\Uti\PowerISO\PWRISOSH.DLL [2011-11-14] (Power Software Ltd)
ContextMenuHandlers1-x32-x32-x32: [TextPad] -> {2F25CF20-C569-11D1-B94C-00608CB45480} => E:\prog\Uti\TextPad4\System\shellext.dll [1999-07-30] (Helios Software Solutions)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => E:\prog\Uti\Attribute Changer\acshell.dll [2014-06-01] (Romain Petges)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2014-11-20] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2014-11-20] (VMware, Inc.)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => E:\prog\Uti\Attribute Changer\acshell.dll [2014-06-01] (Romain Petges)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => E:\prog\Uti\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\prog\Uti\PowerISO\PWRISOSH.DLL [2011-11-14] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\prog\Uti\PowerISO\PWRISOSH.DLL [2011-11-14] (Power Software Ltd)
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => E:\prog\Uti\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023D148D-80E3-4A1E-A0A2-1DD4749DA6D2} - System32\Tasks\{00A31189-2FD1-4774-9981-57561CC12EC5} => E:\prog\Spirent\smartbits\smartwindow9.5\SmartWin2K.exe [2006-03-17] (Spirent Communications, Inc.)
Task: {0D445AA5-DE96-40BB-A5D2-C709DEE2A410} - System32\Tasks\{6F47B9C1-A950-4FB6-99EF-7B181390B757} => E:\prog\Spirent\smartbits\smartwindow8.5\SmartWin2K.exe [2004-11-17] (Spirent Communications, Inc.)
Task: {125ED70A-BA5B-47BB-AEE3-AAE41AAF1659} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {225B507D-BE3B-4E6D-8585-49544238818E} - System32\Tasks\{783F14F6-7E0B-47BA-87F5-DB46473F4072} => E:\prog\spirent\smartbits\smartwindow\SmartWindow.exe
Task: {4847C660-84C7-478B-8C42-AF6964EAACAB} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {49BF87EE-3A0A-4E5E-A4C7-977F88BB3520} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-10-02] (ASUSTeK Computer Inc.)
Task: {5E005EA5-F1F3-4D22-889E-05AD2F66DCBD} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {708E8AE7-0F4F-4CD5-AB04-4BA98BF3DE5D} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2018-05-14] (Enigma Software Group USA, LLC.)
Task: {737750B4-D250-4AEF-AC4C-4069A728712E} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
Task: {76262D53-EA9F-48BC-8377-89D51C8F8CD4} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {AB16B9C2-F364-4518-92B2-A0AC50564679} - System32\Tasks\{59E24C38-BF54-4DE5-B57F-9F7220370C7F} => E:\prog\Spirent\smartbits\smartwindow9.5\SmartWindow.exe [2006-03-17] (Spirent Communications, Inc.)
Task: {BF6F35E3-1B35-46E3-AA98-CD132EF657A6} - System32\Tasks\upload_ip => E:\prog\Internet\CuteFTP\Scripts\upload_ip.bat [2018-03-19] () <==== ATTENTION
Task: {C5969863-C5D4-4524-A624-F864A1C84060} - System32\Tasks\{04AFCFAE-746A-4203-8281-BAE1D29984F9} => E:\prog\Spirent\smartbits\smartwindow9.5\SmartWindow.exe [2006-03-17] (Spirent Communications, Inc.)
Task: {EAC42887-CECF-4B0B-AA05-0DE9876CBF2F} - System32\Tasks\{0FD88FA4-8FC6-47B0-B2A5-A603121DBADF} => E:\prog\Internet\KeepMePosted\KMPServ.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\restart-explorer.bat.lnk -> C:\Dosapps\bat\restart-explorer.bat ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Atrex art art.lnk -> E:\prog\Atrex\start.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atrex art art.lnk -> E:\prog\Atrex\start.bat ()

==================== Loaded Modules (Whitelisted) ==============

2014-10-31 18:28 - 2009-11-05 08:40 - 000085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-10-31 16:27 - 2009-07-25 00:21 - 000031232 _____ () C:\Windows\System32\VNCpm.dll
2014-10-31 18:38 - 2009-07-30 21:58 - 000090624 _____ () C:\Windows\System32\Primomonnt.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () E:\prog\Uti\Unlocker\UnlockerCOM.dll
2016-11-15 08:52 - 2016-11-15 08:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2016-05-09 20:36 - 2016-05-09 20:36 - 001774592 _____ () E:\prog\Uti\Shutter\Shutter.exe
2012-10-09 23:32 - 2012-10-09 23:32 - 000014848 _____ () E:\prog\Uti\Virtuawin Portable\modules\WinList.exe
2013-11-30 14:54 - 2013-11-30 14:54 - 000067072 _____ () E:\prog\Internet\Stunnel\bin\ZLIB1.dll
2018-05-04 10:00 - 2018-05-14 11:48 - 000158720 _____ () C:\Users\admin\AppData\Local\Temp\sfareca00001.dll
2015-01-22 20:39 - 2018-05-14 11:48 - 000192512 _____ () C:\Users\admin\AppData\Local\Temp\sfamcc00001.dll
2015-03-14 11:16 - 2015-03-14 11:16 - 000024576 _____ () E:\prog\Internet\Prospector\AutoComplete.dll
2015-03-14 11:16 - 2015-03-14 11:16 - 000053248 _____ () E:\prog\Internet\Prospector\AxInterop.SHDocVw.dll
2008-10-02 10:02 - 2008-10-02 10:02 - 000839680 ____H () E:\prog\Internet\Prospector\System.Data.SQLite.dll
2015-03-14 11:16 - 2015-03-14 11:16 - 000020480 _____ () E:\prog\Internet\Prospector\VS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-02-19 11:35 - 000004044 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost    prospector
127.0.0.1       unifi          # Unifi controller
192.168.0.1     akula          # router, Edge: 04:18:d6:f1:56:d1, Linksys EA6400: 48:F8:B3:80:68:C5
192.168.0.2     asus           # LAN
192.168.0.3     cable          # Cable, asus
192.168.0.5     toshiba        # LAN
192.168.0.6     apc            # transfer switch
192.168.0.7     verizon1       # Verizon MOCA router my Rev F
192.168.0.8     verizon2       # Verizon MOCA router mom Rev E
192.168.0.9     verizon3       # Verizon MOCA router basement Rev F
192.168.0.10    test           # ix, smb
192.168.0.11    printer
192.168.0.12    logitech-my    # Logitech UE radio
192.168.0.20    pap2t
192.168.0.22    obi            # mom
192.168.0.23    obi2           # my
192.168.0.30    d610           # D610 LAN
192.168.0.31    d610-wa        # D610 wireless alfa
192.168.0.32    d610-w         # D610 wireless built-in
192.168.0.45    music          # hp 4530s laptop, Win7 Pro (music)
192.168.0.46    music-w        # hp 4530s laptop wireless, Win7 Pro
192.168.0.51    akula2         # basement Linksys router
192.168.0.52    akula3         # backup akula Linksys router
192.168.0.60    4420s          # hp laptop, Win7 Ultimate (media center brown)
192.168.0.61    4420s-w        # hp laptop wireless, Win7 Ultimate
192.168.0.62    4420s2         # hp laptop, Win7 (Cape brown)
192.168.0.63    4420s2-w       # hp laptop, Win7 (Cape brown)
192.168.0.65    dell980        # Win7 Ultimate, new DVR my
192.168.0.66    dell980-1      # Win7 Ultimate, new DVR Mom
192.168.0.70    4430s          # hp laptop, Win7 Ultimate

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3187623042-3046525075-1313186338-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3187623042-3046525075-1313186338-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{448F650A-876C-423F-909E-54D0251344B4}C:\users\admin\appdata\local\temp\temp1_foxit reader 3 + foxit pdf editor full.zip\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\users\admin\appdata\local\temp\temp1_foxit reader 3 + foxit pdf editor full.zip\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{C59B85D5-43E0-440C-860E-DDB0F241646E}C:\users\admin\appdata\local\temp\temp1_foxit reader 3 + foxit pdf editor full.zip\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\users\admin\appdata\local\temp\temp1_foxit reader 3 + foxit pdf editor full.zip\foxit software\pdf editor\pdfedit.exe
FirewallRules: [TCP Query User{90A1054A-F480-44A1-8871-AC4FE661408A}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [UDP Query User{2608B33C-CA3D-462E-A9AF-396F79A717C6}C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [{240BD06A-EEB1-40B6-AC53-DBA247043CE3}] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [{5399A347-2305-4B74-AA77-6A02F18BF27E}] => (Allow) C:\program files\adaptec\adaptec storage manager\jre\bin\javaw.exe
FirewallRules: [TCP Query User{E2425D1E-8D38-4680-86C6-CC4C428D1542}E:\prog\internet\offlineexplorer20\oe.exe] => (Allow) E:\prog\internet\offlineexplorer20\oe.exe
FirewallRules: [UDP Query User{8E5CC453-6404-4F3A-A6C1-22038F948F89}E:\prog\internet\offlineexplorer20\oe.exe] => (Allow) E:\prog\internet\offlineexplorer20\oe.exe
FirewallRules: [TCP Query User{6FA326C4-BDC4-45A9-B63D-0A95DFFC10DA}E:\prog\uti\foxit\pdfedit.exe] => (Allow) E:\prog\uti\foxit\pdfedit.exe
FirewallRules: [UDP Query User{1049DC7F-9448-46F4-A640-5BFC76637DB4}E:\prog\uti\foxit\pdfedit.exe] => (Allow) E:\prog\uti\foxit\pdfedit.exe
FirewallRules: [{4C356C38-533A-4A84-A667-3B993E2D8815}] => (Block) E:\prog\uti\foxit\pdfedit.exe
FirewallRules: [{DC2AADAE-811D-4674-BFF1-31D7600724D9}] => (Block) E:\prog\uti\foxit\pdfedit.exe
FirewallRules: [TCP Query User{F76CA167-B6D5-4DF0-993A-E32AABAF448C}C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{4FD602B2-0E49-448D-B974-800EE99C463A}C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{F47B7F04-9854-4AAE-B232-F38AD4A2BFD1}] => (Block) C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{794BEA02-3909-47EF-ACA6-AAFC5663D4CB}] => (Block) C:\programdata\microsoft\windows\start menu\utilities\more\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{CD88DC96-F9D1-4D8F-9562-B1CF25101E54}] => (Allow) E:\prog\Internet\Prospector\Prospector.exe
FirewallRules: [{D12878D1-272D-4F9D-ABE1-594296E2397A}] => (Allow) E:\prog\Internet\Prospector\Prospector.exe
FirewallRules: [{A233A294-FACA-44F6-971F-0B3E6E93AB42}] => (Allow) E:\prog\Internet\Prospector\Prospector.exe
FirewallRules: [{04A978C5-98F4-4B13-8754-A6B31330A5C4}] => (Allow) E:\prog\Internet\Prospector\Prospector.exe
FirewallRules: [{4980779D-D8D7-4B1E-B505-B3F2059DBA8E}] => (Allow) E:\prog\Internet\CuteFTP\cftppro.exe
FirewallRules: [{2B88F81F-4276-4736-AFB8-7321CE7EF2C0}] => (Allow) E:\prog\Internet\CuteFTP\cftppro.exe
FirewallRules: [{D4503A15-FADE-4E6B-ABBB-30D34B754D59}] => (Allow) E:\prog\Internet\CuteFTP\cftppro.exe
FirewallRules: [{6959F979-F83E-41CE-A0B1-5BC898872C45}] => (Allow) E:\prog\Internet\CuteFTP\cftppro.exe
FirewallRules: [{3D4C75A2-0BB5-42A2-8FCC-1B4FECA3F1C9}] => (Allow) E:\prog\Internet\CuteFTP\TE\ftpte.exe
FirewallRules: [{D173AF3E-B8B6-45B8-9744-40F8B8DE5EF8}] => (Allow) E:\prog\Internet\CuteFTP\TE\ftpte.exe
FirewallRules: [{45BEA8C7-553C-422C-B2C6-ADCA26088F2C}] => (Allow) E:\prog\Internet\CuteFTP\TE\ftpte.exe
FirewallRules: [{AF736CA8-621E-4E34-B210-D5D7C1A7AD29}] => (Allow) E:\prog\Internet\CuteFTP\TE\ftpte.exe
FirewallRules: [{A74ECF8F-FE6F-40AC-AF4D-DA5ED7B36F20}] => (Allow) E:\prog\Uti\ImgBurn\ImgBurn.exe
FirewallRules: [{AADE29A9-E4D4-448C-9F1F-050CC7222C91}] => (Allow) E:\prog\Uti\ImgBurn\ImgBurn.exe
FirewallRules: [{1E60C321-15B2-40DB-87AD-7960E0A1939A}] => (Allow) E:\prog\Uti\ImgBurn\ImgBurn.exe
FirewallRules: [{01AEEFC1-B7DE-46F2-9F4A-423EBBB75174}] => (Allow) E:\prog\Uti\ImgBurn\ImgBurn.exe
FirewallRules: [{D2ED3EBF-0D88-4F7C-8F16-4973B7C9BB75}] => (Allow) C:\Windows\SysWOW64\rserver30\rserver3.exe
FirewallRules: [{A124EE4B-8970-4DCA-AEB6-50C04062E4CB}] => (Allow) E:\prog\Uti\SuperFlexible\SuperFlexibleSynchronizer.exe
FirewallRules: [{1AD57307-9DBC-4FB2-B32F-A82FC4914AF1}] => (Allow) E:\prog\Uti\SuperFlexible\SuperFlexibleSynchronizer.exe
FirewallRules: [{02BB8799-0EB6-48CA-A6C2-EFC062A21BA7}] => (Allow) E:\prog\Uti\SuperFlexible\SuperFlexibleSynchronizer.exe
FirewallRules: [{0AD13D7B-477C-4397-8D64-A5289DA169E1}] => (Allow) E:\prog\Uti\SuperFlexible\SuperFlexibleSynchronizer.exe
FirewallRules: [{E7A40151-661C-4E3D-BBF3-094A0150167A}] => (Block) E:\prog\Uti\SuperFlexible\SuperFlexibleSynchronizer.exe
FirewallRules: [{0406CFE2-25CD-4FCC-A240-8FFA4D6F6AB8}] => (Allow) E:\prog\Internet\Prospector\Prospector.exe
FirewallRules: [TCP Query User{202092BB-E880-4301-94B7-B36144844D9B}E:\prog\internet\utorrent\utorrent_1.7.7.exe] => (Allow) E:\prog\internet\utorrent\utorrent_1.7.7.exe
FirewallRules: [UDP Query User{A97A14C9-4934-4299-AED4-AB7DEA6BA2D9}E:\prog\internet\utorrent\utorrent_1.7.7.exe] => (Allow) E:\prog\internet\utorrent\utorrent_1.7.7.exe
FirewallRules: [{9A517D06-18B5-4956-8E36-E8232B2B3371}] => (Allow) E:\prog\Internet\VNC4\winvnc4.exe
FirewallRules: [{B7DE0A4C-C581-4D4D-87FE-03D5351D2F8E}] => (Allow) E:\prog\Internet\VNC4\winvnc4.exe
FirewallRules: [{46D0B30F-E01B-4F55-A50E-287E13758892}] => (Allow) E:\prog\Internet\VNC4\winvnc4.exe
FirewallRules: [{5F95DDE0-2372-4CA1-B667-5AEEBA0EB70D}] => (Allow) E:\prog\Internet\VNC4\winvnc4.exe
FirewallRules: [{B473D107-3EF6-4255-A02B-4880AE3E42FD}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{9523DC07-6588-487D-BE81-1465DBFE496F}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{C4662A67-FC27-4EC2-B8E8-5F3D84FE0937}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{BB4D43C9-8758-45D6-92F4-434EDC4E0E31}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [TCP Query User{B3C231DA-7D8B-4DA3-AAF1-45C50FF997E0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0EB02F53-890B-4460-8D6D-3C1BC4672253}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{6E7EA5C6-A62F-4660-9EF5-7B46B8B53790}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{2CC1B143-0618-4D14-93A5-B601CB09BB69}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{20E48D7E-2A1C-4AA1-BCED-927B64027ED0}] => (Allow) C:\Users\admin\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{A3E0F794-2CB9-4591-BEC1-D55F082FE9A2}] => (Allow) C:\Users\admin\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{C155271E-8E49-49ED-BA94-E88B02E8F199}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{C6416B02-1B47-4415-B56C-93EF024957AE}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{8809EF7F-0EBB-4644-A387-17C04B908D3B}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{DA26A5E9-8BC2-41F6-BBB7-71E40FFB1A0C}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{9963A380-0D9F-4AC5-9C59-F48249DC6AE9}] => (Allow) C:\Users\admin\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{510DCA3D-8491-4F70-BA43-9501D3EAFB0C}] => (Allow) C:\Users\admin\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{262FAC1E-F433-4646-95D6-C0ACBF5B64D1}] => (Allow) E:\prog\Corel AfterShotPro3\build\AfterShot.exe
FirewallRules: [{C2F1B4A0-C2B3-4612-BE48-51747F392614}] => (Allow) E:\prog\Corel AfterShotPro3\build\AfterShot.exe
FirewallRules: [{389221AA-E962-4613-988F-3BD668FE4AEF}] => (Allow) E:\prog\Corel AfterShotPro3\build\AfterShot.exe
FirewallRules: [{AFCFE9B2-D8A6-40C6-BFF9-6415B6BAC33A}] => (Allow) E:\prog\Corel AfterShotPro3\build\AfterShot.exe
FirewallRules: [TCP Query User{6F6FA7DD-DC3C-4C14-A413-719A8BA1F3C8}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{149E2E63-C515-4760-9C27-1A2EB75BCA82}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{99F39AFA-0738-45EF-845B-DE9A377AEB32}] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{4F3A0221-7EBC-4011-BA52-8D04B08D3EA3}] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{C61D7FDC-1B9E-4077-9AAD-D3E047560902}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{1554733A-80B7-4E17-95A9-5CA80E9368AB}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{930F95AF-FACA-40A0-8036-313A05A3B3CA}] => (Block) E:\prog\Atrex\atrex32.exe
FirewallRules: [{5CEBB8CE-19C0-456B-96C8-E69B1B224FED}] => (Allow) E:\prog\jAlbum\JAlbum.jar
FirewallRules: [{6D210A03-CC1C-48F1-A834-1CD1030ADB88}] => (Allow) E:\prog\jAlbum\JAlbum.jar
FirewallRules: [{740416E4-E863-4BAC-9459-43581AEA9A82}] => (Allow) E:\prog\jAlbum\JAlbum.jar
FirewallRules: [{B24E5B98-4F20-45A0-A649-EEC4F66ECDE7}] => (Allow) E:\prog\jAlbum\JAlbum.jar
FirewallRules: [{D0796F96-97FF-4CE1-831E-E75A995D820C}] => (Block) E:\prog\Corel AfterShotPro3\build\AfterShot.exe
FirewallRules: [{04EAFF7A-8584-402E-B343-A547C55619B1}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{2E1F4DAA-E42D-4F7D-B367-D4E7BAAF19C8}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{CFDFD888-9209-4337-B193-50C317BBE7D6}] => (Block) %ProgramFiles%\VueScan\vuescan.exe
FirewallRules: [{32DB0B61-EC8E-48FF-8FE8-13C5252CA0A8}] => (Allow) E:\prog\Internet\Stunnel\bin\stunnel.exe
FirewallRules: [{ACD594E8-1F29-4D63-A66B-98EC0814F2D9}] => (Allow) E:\prog\Internet\Stunnel\bin\stunnel.exe
FirewallRules: [{51F2BF29-657D-4DFB-8A1E-F4950B85014A}] => (Allow) E:\prog\Internet\Stunnel\bin\tstunnel.exe
FirewallRules: [{F72201FF-A332-410B-A4DB-657237835715}] => (Allow) E:\prog\Internet\Stunnel\bin\tstunnel.exe
FirewallRules: [{2277499B-17BA-48E7-9511-B812EE3BAEC8}] => (Allow) E:\prog\Uti\poweroff.exe
FirewallRules: [{75FE4358-3A9E-43E4-8826-30E0CDA2031F}] => (Allow) E:\prog\Uti\poweroff.exe
FirewallRules: [{1C4A06B0-0786-409C-A4FB-78D096B38E68}] => (Allow) E:\prog\Uti\poweroff.exe
FirewallRules: [{DC55515E-2640-4BCF-B81A-5531B1009E8E}] => (Allow) E:\prog\Uti\poweroff.exe
FirewallRules: [{4A76F2B5-941D-49E8-848E-6B44A9BADCBF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{BD577D14-44E7-4A47-92EE-5CAE5A89F1C7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{CBA7B19B-5152-45FC-AD4B-CB3A8B6E08AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{A85BD2D9-C842-47FD-9797-6C6E816D8F20}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{0D1E2ED0-5519-4893-85F1-E7E1A7F86D6A}] => (Allow) LPort=9089
FirewallRules: [{B8C96290-A289-413C-890D-A8FCF1B6E1C5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{993CF63A-47A2-42E5-9487-9B8F4F5B93EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2EB00D45-0EF2-43F5-812F-FF3E47D015E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E597B82F-CC7E-4A01-A12D-016AC3FC20ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{406B1496-6B17-4CDB-B1D7-288BF54F6CE2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{221258A1-3253-4C0E-BFC1-705BC43FD790}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

14-05-2018 11:29:44 Installed STOPzilla AntiMalware.
14-05-2018 11:41:57 Installed STOPzilla AntiMalware.
14-05-2018 11:43:33 Restore Operation
14-05-2018 17:38:21 Windows Update

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2018 11:49:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/14/2018 11:42:15 AM) (Source: MsiInstaller) (EventID: 11923) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1923. Service STOPzilla AntiMalware (szserver) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (05/14/2018 11:42:11 AM) (Source: MsiInstaller) (EventID: 11923) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1923. Service STOPzilla AntiMalware (szserver) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (05/14/2018 11:39:27 AM) (Source: MsiInstaller) (EventID: 11920) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1920. Service STOPzilla AntiMalware (szserver) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (05/14/2018 11:38:54 AM) (Source: MsiInstaller) (EventID: 11920) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1920. Service STOPzilla AntiMalware (szserver) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (05/14/2018 11:38:22 AM) (Source: MsiInstaller) (EventID: 11920) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1920. Service STOPzilla AntiMalware (szserver) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (05/14/2018 11:38:17 AM) (Source: MsiInstaller) (EventID: 11920) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1920. Service STOPzilla AntiMalware (szserver) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (05/14/2018 11:36:02 AM) (Source: MsiInstaller) (EventID: 11920) (User: asus)
Description: Product: STOPzilla AntiMalware -- Error 1920. Service STOPzilla AntiMalware (szserver) failed to start.  Verify that you have sufficient privileges to start system services.


System errors:
=============
Error: (05/14/2018 02:29:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\PROCEXP.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/14/2018 11:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Core Storage Volumes Driver service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (05/14/2018 11:39:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla AntiMalware service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/14/2018 11:39:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the STOPzilla AntiMalware service to connect.

Error: (05/14/2018 11:39:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla AntiMalware service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/14/2018 11:39:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the STOPzilla AntiMalware service to connect.

Error: (05/14/2018 11:39:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla AntiMalware service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/14/2018 11:39:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the STOPzilla AntiMalware service to connect.


CodeIntegrity:
===================================

Date: 2018-05-04 09:39:26.817
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-04 09:39:26.783
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 23:37:55.062
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 23:37:55.020
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-09 23:27:43.666
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\rminiv3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-09 23:27:43.650
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\rminiv3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-03 17:41:38.147
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-03 17:41:38.100
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\SiwIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 28%
Total physical RAM: 8183.1 MB
Available physical RAM: 5890.1 MB
Total Virtual: 16364.39 MB
Available Virtual: 14155.16 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:50.27 GB) (Free:6.32 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (PROGRAMS) (Fixed) (Total:49.12 GB) (Free:5.47 GB) NTFS
Drive f: (DISKS) (Fixed) (Total:48.83 GB) (Free:2.1 GB) NTFS
Drive g: (BACKUP) (Fixed) (Total:48.53 GB) (Free:21.95 GB) NTFS
Drive j: (WEBSITES) (Fixed) (Total:14.68 GB) (Free:5.32 GB) NTFS
Drive o: (FLASH 8MB) (Removable) (Total:0.01 GB) (Free:0.01 GB) FAT
Drive q: (KINGSTON 1G) (Removable) (Total:0.96 GB) (Free:0.68 GB) FAT
Drive t: (T) (Fixed) (Total:719.54 GB) (Free:38.93 GB) NTFS
Drive u: (U) (Fixed) (Total:931 GB) (Free:3.8 GB) NTFS
Drive y: (ANTEC) (Network) (Total:1863.01 GB) (Free:380.18 GB) NTFS
Drive z: (ANTEC) (Network) (Total:1863.01 GB) (Free:380.18 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1862 GB) (Disk ID: FE028B77)
Partition 1: (Active) - (Size=50.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.6 GB) - (Type=05)
Partition 4: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.7 MB) (Disk ID: 69737369)
No partition Table on disk 2.

========================================================
Disk: 3 (Size: 982.5 MB) (Disk ID: B324752F)
Partition 1: (Not Active) - (Size=982 MB) - (Type=06)

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 19 May 2018 - 08:36 AM

Hello,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please give me a little bit to look over the logs you posted, and I will post back here again as soon as I can.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Sincerely,
Sasschary



#3 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 20 May 2018 - 05:30 PM

Hi artm,

It looks like you have some P2P software installed on your computer.

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal. Just know that this software is risky, and I ask that you not use it while we are working on your computer. If you have any pirated software, I ask you to remove that.

It looks like Windows Update has been disabled on your system. Did you do this intentionally? If you did, I suggest you re-enable it, as that is how your system will stay up to date and in the most secure state.

Do you recognize these files/programs?

There are a few things which I do not recognize, but which you may. Can you please tell me if you recognize any of these things and what their purposes are if you do?

  • E:\prog\Internet\CuteFTP\Scripts\upload_ip.bat

In your next reply, please include the following:

  • Do you recognize the files?
  • Did you disable Windows Update?

sasschary



#4 artm

artm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 20 May 2018 - 09:31 PM

Sasschary,

 

As to your specific questions:

  • Do you recognize the files?  Yes, it's an FTP batch file to upload my IP to my website, for remote VNC access.
  • Did you disable Windows Update? Yes, I disable it, as it causes more problems than not. I like to run a minimal system.

 

Yes, I'm aware of P2P. It's a leftover from a while ago, as I now use it on a separate machine through VPN.

 

After some research, it appears that WUDFHOST.EXE is necessary for USB detection. Question remains, is the version dated 2013 legitimate? My browser is no longer running slowly, so it may have been a specific tab that was open with heavy Flash usage.

 

Do you see anything else in the logs? I don't.



#5 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 22 May 2018 - 07:37 AM

Hi, artm,

 

Sorry for the delay. I will have my response soon, I'm still waiting on permission from my instructor to post, but, once I have that, I'll respond back here.

 

Zach



#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 22 May 2018 - 03:20 PM

Hi artm,

I concur that there is nothing wrong with WUDFHost.exe, and there is nothing wrong with it being from 2013. I still suggest you enable Windows Update, just to ensure your computer stays secure, but you may do as you choose. I also see nothing in the logs. Let's run one more malware scan just to make sure there's nothing on your system, but I think it should come back clean.

Let's run a scan using ESET's Online Scanner
  • Disable your current antivirus software. If you need help with this, please ask me for assistance before continuing.
  • Click Scan Now from here and save the file to your desktop.
  • On your desktop, right click the ESET file you just downloaded and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow ESET to run.
  • When the scanner opens, clieck Accept.
  • Click the radio button next to Enable detection of potentially unwanted applications.
  • Click Advanced settings.
  • In the advanced settings section, make sure the following settings are checked and that all others are unchecked.
    • Enable detection of potentially unsafe applications
    • Scan archives
    • Enable Anti-Stealth technology
    • Clean threats automatically
  • Click Scan.
  • Allow the scan to run. After it has completed, if any threats are found, click List Found Threats. If no threats are found, click Finish and skip to step number 14.
  • Click Export.
  • Save the file on your desktop as ESETScan.txt.
  • Click Back and then Finish to close the scanner.
  • Finally, re-enable your antivirus. I can help with this if you need it.
On your desktop, if there were any threats, should be the log that we saved from ESET. Please open it, then copy and paste the contents into your next reply.

In your next reply, please include the following:
  • ESETScan.txt
sasschary

#7 artm

artm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 23 May 2018 - 04:03 PM

ESETScan.txt below:

===========================================================================

C:\Program Files\VueScan\hamrick.vuescan.pro.9.5.x.x86-x64-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Program Files (x86)\Windows Loader\installloader.bat    Win32/TrojanDropper.Addrop.AS trojan
C:\Program Files (x86)\Windows Loader\remedia-installer-1019.exe    multiple threats
C:\Program Files (x86)\Windows Loader\Windows7Loader__8172_il94694.exe    a variant of Win32/Amonetize.IU potentially unwanted application
C:\Program Files (x86)\Windows Loader\WindowsLoader.exe    Win32/OutBrowse potentially unwanted application
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXBY3XYZ\188_225_82_221[1].swf    a

variant of SWF/Exploit.ExKit.AGL trojan
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5FJMCF9\188_225_82_221[1].htm    
JS/Exploit.Agent.NNG trojan
C:\Users\admin\Desktop\Wondershare Dr.Fone for Android 5.5.0 Final + Serials {B4tman}\Setup.exe    multiple threats
C:\Windows\SysWOW64\rserver30\rserver3.exe    a variant of Win32/RemoteAdmin.RAdmin.AC potentially unsafe application
E:\prog\Internet\Superscan\scanner.exe    Win32/NetTool.SuperScan.AA potentially unsafe application
E:\prog\Internet\Superscan\ws2check.exe    Win32/NetTool.SuperScan.AA potentially unsafe application
E:\prog\Uti\awatch.exe    a variant of Win32/AdapterWatch.A potentially unsafe application
E:\prog\Uti\UBCD4Win\plugin\Network\ipscan\ipscan.exe    Win32/NetTool.Portscan.C potentially unsafe application
E:\prog\Uti\UBCD4Win\plugin\System-Info\Information\keyfinderpe\keyfinder.exe    a variant of Win32/MagicalJellyBean.A
potentially unsafe application
E:\prog\Uti\UBCD4Win\plugin\System-Info\Information\keyfinderpe\keyfinderpe.exe    a variant of Win32/PSWTool.RAS.A potentially
unsafe application
E:\prog\Uti\XlsX Viewer\XlsXViewer.exe    Win32/UwS.XlsXViewer.A application

========================================================================

 

1. Most entries are safe, I am sure and aware of those programs.

 

2. These are questionable:

C:\Program Files (x86)\Windows Loader\installloader.bat    Win32/TrojanDropper.Addrop.AS trojan
C:\Program Files (x86)\Windows Loader\remedia-installer-1019.exe    multiple threats
C:\Program Files (x86)\Windows Loader\Windows7Loader__8172_il94694.exe    a variant of Win32/Amonetize.IU potentially unwanted application
C:\Program Files (x86)\Windows Loader\WindowsLoader.exe    Win32/OutBrowse potentially unwanted application

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXBY3XYZ\188_225_82_221[1].swf    a variant of SWF/Exploit.ExKit.AGL trojan
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5FJMCF9\188_225_82_221[1].htm    
JS/Exploit.Agent.NNG trojan

 

 

3. The Windows Loader entry is not in the installed programs list in Control Panel. The folder (created on 12/28/15) contains six files, including a batch install file. One file, WindowsLoader.exe, has a modified date of 05/15/18, while the other files are from 2015. I cannot recall if I installed it. Attached are some files: a screenshot of the filelist, installloader.bat

 

4. The Temp Internet File entries are NOT where they say they are. I have hidden/system files enabled but they are not there. In fact, the Content.IE5 folder is not there.

Attached Files



#8 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 24 May 2018 - 10:11 PM

Hi artm,

 

I would suggest removing all of the files that you did not recognize. However, you may do as you see fit. Please just respond back here with what you decide to do.

 

sasschary



#9 artm

artm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 25 May 2018 - 08:51 AM

Done...I assume we are closing this case?



#10 sasschary

sasschary

  • Malware Study Hall Senior
  • 849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:14 PM

Posted 25 May 2018 - 12:45 PM

Hi artm,

Indeed it does.

Let's clean up some of the tools which we've run on your computer.

  • On your desktop, right click on FRST and click Rename. Replace the name with Uninstall and press Enter to save the changes.
  • Then, right click on FRST again and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow FRST to run.
  • FRST will show a dialog box asking you to restart your computer. Click OK to allow it to do so.

It looks like your computer is clean!

Before we close this topic, please read through this last bit of information. Reading through it and following what I'm saying will help prevent you from getting infected again in the future.

Anti-Virus Software

Perhaps the most important thing to keep infections off your machine is anti-virus software. Anti-virus software scans your system regularly for any viruses, and if it finds anything, it will notify you and remove the infection. I'm sure this sounds like a good thing to you, and now you want to go get every antivirus that's out there! However, you should really only get one. If you get multiple, then there is a high risk of conflict between the two. To avoid anything like that, please only download one antivirus software. In addition, you should ensure that your anti-virus software is always updated. Using an outdated version could lead to more recent infections getting around your software.

There are many different anti-virus programs out there. I personally use Avast!, which has both a paid and free version. The free version has worked quite well for me, and I'm sure it would for you, as well. However, there are also other software available, such as Kaspersky, BitDefender, and ESET.

Backups

In case something goes wrong with your system, you want some way to restore it back to how it was before the problem appeared. Thus, you should make regular backups of your system. This includes both system files, in case you get infected again, as well as your personal files, lest you lose everything in the case of a hard drive failure or a ransomware infection.

Program and Windows Updates

Very much like your anti-virus software, Windows and 3rd party softwares will have updates every so often. To avoid falling prey to programs which may use exploits in these softwares, you should install any updates to them when they become available.

P2P Programs and Illegal Media

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these types of downloads very large targets for malware authors, they are also what they say in the name: Illegal.

Once again, your system is now all clean! Do you have any questions for me concerning keeping your system clean?

sasschary



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 PM

Posted 29 May 2018 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users