Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Taskeng.exe and Click Service Adware


  • This topic is locked This topic is locked
61 replies to this topic

#1 Caramello222

Caramello222

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 04 June 2018 - 04:43 PM

I noticed Taskeng.exe randomly popping up in April but thought it was fixing my Hidden City: Mystery of Shadows game that suddenly had jumbled font or overlapping font. I would only see taskeng.exe pop-up either once during the loading of the game or during game play, never outside of the game. Then Hidden City's May event update came out and the font was normal and I didn't see taskeng.exe for a while so I assumed it did it's job. Unfortunately, Taskeng.exe began popping up outside of game and even one day popped up as soon as I woke my computer up. When I try to play Hidden City in Mozilla Firefox Quantum 60.0.1(64-bit) the game is at a snails pace literally, I also contacted them for help improving the speed and nothing worked. I installed Google Chrome because a browser with WebGL-enabled like Firefox, Chrome, Edge is required or Facebook Gameroom should be installed. After tweaking Chrome I noticed something is spiking my CPU which casues the game to freeze a few seconds every minute. I used Chrome's Task Manager but I couldn't see what's causing the CPU spikes. I also have a very troubled Internet Explorer 11 (it's my default browser) which is very slow, crashes sometimes but always becomes unresponsive and loads pages incorrectly. I noticed recently when a family member did a Nordstrom search that ads have been injected into the results and she clicked on one, but mvp host file blocked the page from opening. The ad results are from r.bat.bing com and are at the top and bottom of search results. The game ads I'm now seeing in my Microsoft Solitaire Deluxe game are from clkuk.tradedoubler com. I tried to get rid of this stuff by using Windows Defender (full scan), Malwarebytes normal mode threat scan and then a scan in safe mode after reading, taskeng.exe popping up randomly and i cant open Farbar's Recovery Scan Tool Started by pandapeter , May 04 2018 01:58 AM. I also used Super Antispyware, Adware Cleaner and they all found nothing. I even tried RKill in case something malicious needed to be shut down for the other scans to work and nothing was found. So I have included in this post the 2 Farbar scans and an autoruns.txt. If you would also like Autoruns Scan Text just let me know I have that too. Thank you in advance for your time and assistance.

First Farbar Scan Below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Floretta (administrator) on LA-LA-LOOPSY (04-06-2018 16:55:18)
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{0E333C8D-0090-4B2F-A96D-1AAE408DB9B9}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: ngi7b3ks.default-1512793097925
FF ProfilePath: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 [2018-06-03]
FF NetworkProxy: Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 -> type", 0
FF Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\uBlock0@raymondhill.net.xpi [2018-05-25]
FF Extension: (NoScript) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-29]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\features\{6883ce2d-cb0f-44e0-80f6-68ad0f5faf3f}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-22] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default [2018-06-03]
CHR Extension: (Slides) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-26]
CHR Extension: (Docs) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-26]
CHR Extension: (Google Drive) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-26]
CHR Extension: (YouTube) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-26]
CHR Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-27]
CHR Extension: (Sheets) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-26]
CHR Extension: (Gmail) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-26]
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-07-14] (SUPERAntiSpyware.com)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-06-28] (Power Admin LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R0 C9294A81; C:\WINDOWS\System32\drivers\C9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-28] (Malwarebytes)
R1 MpKsl64e8fecb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F16D9B8-05D1-4F74-A89B-F2AB1E01D871}\MpKsl64e8fecb.sys [58120 2018-06-04] (Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 16:55 - 2018-06-04 16:55 - 000000000 ____D C:\Users\Floretta\Desktop\FRST-OlderVersion
2018-06-04 16:54 - 2018-06-04 16:54 - 000002533 _____ C:\Users\Floretta\Desktop\quick mal.txt
2018-05-28 16:25 - 2018-05-28 16:25 - 000001295 _____ C:\Users\Floretta\Desktop\MBytesScan.txt
2018-05-28 15:40 - 2018-05-28 15:52 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-28 15:36 - 2018-05-28 15:36 - 000422594 _____ C:\Users\Floretta\Desktop\autoruns.txt
2018-05-28 11:43 - 2018-05-28 11:44 - 000040828 _____ C:\Users\Floretta\Desktop\Addition.txt
2018-05-28 11:41 - 2018-06-04 16:56 - 000011421 _____ C:\Users\Floretta\Desktop\FRST.txt
2018-05-28 11:40 - 2018-06-04 16:55 - 000000000 ____D C:\FRST
2018-05-28 11:24 - 2018-05-28 11:27 - 000000000 ____D C:\Users\Floretta\Desktop\All MVP
2018-05-28 00:02 - 2018-05-28 00:02 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000943 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 00:02 - 2018-05-28 00:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-26 23:43 - 2018-05-26 23:43 - 000000000 ____D C:\Users\Floretta\AppData\Roaming\Google
2018-05-26 23:41 - 2018-05-26 23:41 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-26 23:41 - 2018-05-26 23:41 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-26 23:40 - 2018-05-26 23:52 - 000000000 ____D C:\Users\Floretta\AppData\Local\Google
2018-05-26 23:40 - 2018-05-26 23:40 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-26 23:40 - 2018-05-26 23:40 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-26 23:40 - 2018-05-26 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-26 23:34 - 2018-05-26 23:40 - 000000000 ____D C:\Users\Floretta\AppData\Local\Deployment
2018-05-26 23:34 - 2018-05-26 23:34 - 000000000 ____D C:\Users\Floretta\AppData\Local\Apps\2.0
2018-05-22 23:00 - 2018-06-04 16:55 - 002413056 _____ (Farbar) C:\Users\Floretta\Desktop\FRST64.exe
2018-05-22 22:59 - 2018-05-22 22:59 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
2018-05-22 21:08 - 2018-05-22 21:08 - 038976024 _____ (Mozilla) C:\Users\Floretta\Desktop\Firefox Setup 60.0.1.exe
2018-05-22 20:54 - 2018-05-22 20:54 - 038976024 _____ (Mozilla) C:\Users\Floretta\Downloads\Firefox Setup 60.0.1.exe
2018-05-22 18:11 - 2018-05-22 18:11 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-22 18:11 - 2018-05-22 18:11 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-22 18:10 - 2018-05-22 18:11 - 000000000 ____D C:\Users\Floretta\AppData\Local\Adobe
2018-05-22 15:13 - 2018-05-22 15:13 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-22 15:13 - 2018-05-22 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-22 15:13 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-22 15:12 - 2018-05-22 15:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-22 01:49 - 2018-05-22 01:49 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-10 00:36 - 2018-05-10 00:36 - 000284664 _____ C:\WINDOWS\Minidump\051018-21078-01.dmp
2018-05-08 16:22 - 2018-04-22 05:02 - 000803696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 16:22 - 2018-04-22 04:06 - 000612600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 16:22 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 16:22 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 16:22 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 16:22 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 16:22 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 16:22 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 16:22 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 16:22 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 16:22 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 16:22 - 2018-04-22 02:57 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-08 16:22 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 16:22 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 16:22 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-08 16:22 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 16:22 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 16:22 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-08 16:22 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 16:22 - 2018-04-22 02:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-08 16:22 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 16:22 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-08 16:22 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 16:22 - 2018-04-22 02:27 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 16:22 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 16:22 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-08 16:22 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 16:22 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 16:22 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 16:22 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 16:22 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 16:22 - 2018-04-15 12:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 16:22 - 2018-04-15 12:16 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 16:22 - 2018-04-10 21:03 - 007406936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 16:22 - 2018-04-10 21:02 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 16:22 - 2018-04-10 21:02 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 16:22 - 2018-04-10 14:51 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-05-08 16:22 - 2018-04-10 14:27 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 16:22 - 2018-04-10 14:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 16:22 - 2018-04-10 13:01 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 16:22 - 2018-04-10 12:50 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 16:22 - 2018-04-07 12:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-05-08 16:22 - 2018-04-07 11:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-05-08 16:22 - 2018-04-07 11:41 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 16:22 - 2018-04-07 11:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 16:22 - 2018-04-07 11:20 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 16:22 - 2018-04-07 11:10 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 16:22 - 2018-04-07 11:06 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 16:22 - 2018-04-07 11:01 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 16:22 - 2018-04-06 17:27 - 000376656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 16:22 - 2018-03-24 11:57 - 001101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2018-05-08 16:22 - 2018-03-24 11:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 16:22 - 2018-03-24 11:34 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2018-05-08 16:22 - 2018-03-24 11:22 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 16:22 - 2018-03-24 10:56 - 007033344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 16:22 - 2018-03-24 10:54 - 006214144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 16:22 - 2018-03-15 18:29 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-08 16:22 - 2018-03-10 16:55 - 000137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2018-05-08 16:22 - 2018-03-10 15:04 - 000120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2018-05-08 16:22 - 2018-03-10 13:51 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 16:22 - 2018-03-10 13:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-08 16:22 - 2018-03-10 13:47 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 16:22 - 2018-03-10 13:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2018-05-08 16:22 - 2018-03-10 12:46 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 16:22 - 2018-03-10 12:44 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 16:22 - 2018-03-10 12:35 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 16:22 - 2018-03-10 12:35 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 16:22 - 2018-03-10 12:33 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 16:22 - 2018-03-10 12:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2018-05-08 16:22 - 2018-03-10 12:21 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2018-05-08 16:22 - 2018-03-10 12:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2018-05-08 16:22 - 2018-03-10 12:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-08 16:22 - 2018-03-10 12:17 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2018-05-08 16:22 - 2018-03-10 12:17 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 16:22 - 2018-03-09 14:57 - 000276816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 16:22 - 2018-03-03 12:24 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-05-08 16:22 - 2018-03-03 12:18 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-08 16:22 - 2018-03-03 12:18 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2018-05-08 16:22 - 2018-03-03 12:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-05-08 16:22 - 2018-03-03 12:04 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-08 16:22 - 2018-03-03 12:04 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2018-05-08 16:22 - 2018-02-14 17:45 - 001308336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 16:22 - 2018-02-14 10:47 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 15:54 - 2016-02-21 19:51 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Adblock Plus for IE
2018-06-04 12:30 - 2016-02-22 20:43 - 000000000 ___RD C:\Users\Floretta\OneDrive
2018-06-03 21:51 - 2017-06-28 00:04 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Mozilla
2018-06-02 08:03 - 2018-02-10 15:30 - 000003190 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFloretta
2018-06-02 08:03 - 2018-02-10 15:30 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job
2018-06-01 17:32 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-01 09:55 - 2016-02-19 13:00 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
2018-06-01 09:44 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-01 09:43 - 2016-02-20 21:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-01 09:43 - 2013-08-22 09:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-06-01 00:48 - 2016-04-09 21:30 - 000000000 ____D C:\Users\Floretta\AppData\Local\CrashDumps
2018-05-31 20:46 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-30 23:23 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-28 16:31 - 2017-07-14 18:56 - 000000000 ____D C:\AdwCleaner
2018-05-28 16:31 - 2016-02-19 13:42 - 000729734 _____ C:\WINDOWS\ntbtlog.txt
2018-05-27 22:51 - 2016-06-21 01:09 - 000000000 ____D C:\Users\Floretta\Desktop\Printable Puzzles
2018-05-27 21:32 - 2017-12-25 13:56 - 000000000 ____D C:\Users\Floretta\AppData\Local\SkypePlugin
2018-05-27 13:01 - 2017-07-14 17:37 - 000003118 _____ C:\Users\Floretta\Desktop\Rkill.txt
2018-05-22 18:11 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-22 18:11 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-20 22:03 - 2017-02-20 20:53 - 000000000 ____D C:\Users\Floretta\Desktop\Hidden City Pics
2018-05-18 12:31 - 2016-02-26 15:31 - 000000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
2018-05-15 09:52 - 2016-02-21 16:47 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-05-10 01:29 - 2016-02-20 21:54 - 000000000 ____D C:\Users\Floretta
2018-05-10 00:36 - 2017-11-06 22:54 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-10 00:36 - 2017-11-06 22:53 - 411844405 _____ C:\WINDOWS\MEMORY.DMP
2018-05-09 20:09 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-05-08 17:03 - 2013-08-22 10:44 - 000351024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-08 16:38 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 16:29 - 2016-02-19 17:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 16:25 - 2017-10-11 12:17 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 16:25 - 2016-02-19 17:27 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some files in TEMP:
====================
2018-05-24 15:58 - 2018-05-24 15:58 - 001444000 _____ (Sysinternals - www.sysinternals.com) C:\Users\Floretta\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-01 09:55

==================== End of FRST.txt ============================

 

Additional Farbar Scan Below:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Floretta (04-06-2018 16:57:20)
Running from C:\Users\Floretta\Desktop
Windows 8.1 (Update) (X64) (2016-02-21 02:19:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:\Users\Floretta
Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{7A48FE92-F9B4-8FFA-7BAD-21CB7DEE1569}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4BC416EA-CBC5-13FD-C83A-4B1FAF67098C}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A6E62176-8E19-D5FD-E6B1-C7AC8B0BE9CF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{03D53E62-3033-2B6E-6250-94654C7062BF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{03B1860D-A09B-27EB-7EAC-0E5F174032CA}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{F3CE6F28-D740-5366-D67B-D7398F44070B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{E5F6E095-5DF7-A975-E20A-F65CF09C7F86}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{83F34886-010B-6557-AF96-476B11064769}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{EBA40A2A-104A-7494-7963-BC57B5E01BA5}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22D2669B-33CC-C6C4-88B8-974AD4A214DB}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{0320DCC1-BF31-C4F1-11D9-A7F8AF76A2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{32841394-3CE1-B9AD-09C3-282D9B067B1B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7ACC0D20-8698-07B4-5D47-65C62E7A5A55}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{0134E878-7296-5829-EE57-93694856559E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8D1A4287-CD2E-CED5-82CF-91623D0D150D}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{77C3894A-381D-EADC-C563-80E0FFCCBF99}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{93C07327-4DFD-ECFE-330F-F3C57467F2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{A3E8927D-6EA7-6627-1C91-ECC2AEF84B37}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{43C32BFA-A561-E815-D107-DDDE2A554C7F}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F9234F4E-4A77-228E-0A22-30B5E7FFC555}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A1C005FB-2101-7DB0-626B-130420EAFEF6}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.18.3 - HP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A88D1A9-6C18-4B22-A903-B3EEF21D0392} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {1983D6CE-029E-42C2-B4F0-689ED5F00852} - System32\Tasks\HPCeeScheduleForFloretta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {20BE4CFD-460E-436B-9181-644A0827D93D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3A1E4B46-A32F-444B-A609-3223371C251F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {3CA45824-207F-42F8-BE97-099660955587} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {43A2F4D9-1F0E-4371-89BB-E05EAB0F3EB2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {4853AD43-C3CE-4892-A19C-03AFC0C2D5E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {7318E5DD-C0AD-4065-B450-CC2961A6F30D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {7DFD7891-9940-486E-9905-A28599E00594} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {A6EA9588-98FC-4ABA-828A-5E5C6814E73E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-22] (Adobe Systems Incorporated)
Task: {BFD5E213-CECC-4613-B21A-36A4A3717134} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C9C1F9DB-77C6-425A-A3C1-09290A794C19} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-22] (Adobe Systems Incorporated)
Task: {CC901A7E-F995-48E1-967B-00FC5D227780} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAB29C2C-EF05-4888-AC31-FB0891B79C1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-14507302110.lnk -> hxxp://www.100reasonstorecover.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-3047420720.lnk -> hxxp://www.rheumatology.org/I-Am-A/Patient-Caregive
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\13569778940.lnk -> hxxp://www.rheumresearch.org/patients-familie
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\4409334790.lnk -> hxxp://www.niams.nih.gov
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\6214829320.lnk -> hxxp://www.arthritis.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\7206166770.lnk -> hxxp://simpletasks.org

ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-14507302110.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x0e162895 -pinnedTimeHigh 0x01d21a01 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000023 hxxp://www.100reasonstorecover.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-3047420720.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x3f50896e -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000034 hxxp://www.rheumatology.org/I-Am-A/Patient-Caregiver
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\13569778940.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xf59b6a37 -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000001 -url 0x0000002e hxxp://www.rheumresearch.org/patients-families
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4409334790.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x9bf0adbe -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.niams.nih.gov/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\6214829320.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x5af70f22 -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.arthritis.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7206166770.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x7488770f -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000017 hxxp://simpletasks.org/

==================== Loaded Modules (Whitelisted) ==============

2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-02-18 20:07 - 2013-03-12 10:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 02:53 - 2013-03-13 02:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\microsoft.com -> hxxps://support.microsoft.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\coupons.com -> www.coupons.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\ppjol.net -> hxxp://s.ppjol.net
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\tradedoubler.com -> clkuk.tradedoubler.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-05-28 11:22 - 000475748 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net

There are 12587 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Floretta\Pictures\RoyalBarge_EN-US7484780716_1920x1200.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{137E5125-6324-4735-B4C4-999E98C6A78F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2AAB140D-AA0B-4FF2-8792-6BDBAC0935C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F2CF8C92-75F1-4D65-B9AD-B63EEC4873C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8DA219C1-ABDB-4A54-B313-CA52D3A75680}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{57D3D61A-3E2A-4C3B-9D86-7402DC023803}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{BBE25CA3-364A-4585-B20E-7292E1569157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B227A311-0C2C-4155-B489-AB4893B75870}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A2B4AFAB-321F-414F-9C1A-AA3B9EF75521}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{04EFC315-78DC-4AB7-9FB5-A1877779EC32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CDE4800B-3056-4E36-8C15-AD77B001E07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79F5ADC9-C5E5-4135-AEF8-DB5AF68FA187}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDE195F-6BA6-4B5C-BCD2-6F3E134FAD00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3802CAC-3E49-4899-BDB0-51EE17A54BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{527D1A1F-9F05-41B1-9BED-070C640C3143}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{69358BAF-CA5A-4F21-A462-854DF705E503}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{2B2A76CE-B6CA-4071-A983-A14A5B46B6B5}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{5CBE103F-522A-4A6A-A207-B37961D50B55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{94EC8069-A000-4835-9B59-E97BC19962EE}] => (Allow) LPort=2869
FirewallRules: [{8F27F72F-5CC3-403A-B454-1C94BC89C6F4}] => (Allow) LPort=1900
FirewallRules: [{B3B4D3A7-16A3-48B0-B0BC-87E2F8AFBB45}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8EE0C344-6278-4915-B389-270E8A42CF70}C:\users\floretta\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\floretta\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{CF5548D4-8469-4263-904B-D096B9FB7563}C:\users\floretta\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\floretta\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{945024AE-9CFE-4C6D-847E-D1A941F9CB74}C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{1FD70BB5-8ECB-46FF-BDDA-8F991663830D}C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{DBBBD13F-E9A8-4A88-85BD-426C58F33374}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0407503D-2BC0-4792-8E4E-49E8B3927EBE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{25940296-21D3-403E-9F72-875FE8AF2397}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

18-05-2018 19:03:34 Scheduled Checkpoint
27-05-2018 00:58:18 Scheduled Checkpoint
03-06-2018 14:05:11 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2018 04:58:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:58:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:57:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:57:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:57:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:57:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:56:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:56:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:56:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:56:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:55:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:55:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:55:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:55:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:54:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:54:36Z. Error Code: 0x80070005.

System errors:
=============
Error: (06/04/2018 12:42:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 20 time(s).

Error: (06/04/2018 12:12:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 19 time(s).

Error: (06/04/2018 02:01:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 18 time(s).

Error: (06/04/2018 02:00:57 AM) (Source: DCOM) (EventID: 10010) (User: LA-LA-LOOPSY)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (06/04/2018 12:17:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 17 time(s).

Error: (06/03/2018 04:29:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 16 time(s).

Error: (06/03/2018 02:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 15 time(s).

Error: (06/03/2018 12:17:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 14 time(s).

Windows Defender:
===================================
Date: 2018-06-04 15:59:39.067
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {193E5D7D-7B3E-4605-85F2-AFDE23FC84CD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 11:27:17.775
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {2924F708-0195-457F-B17B-6375F11A5CF3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:57:33.165
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5E8622DB-421B-4B15-A1F4-35AD1998F7E4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:34:18.535
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C1B30562-646D-4CEE-AC14-1634F89B9EEF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:25:37.962
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {F1946C9F-C1F5-4555-BB3A-497F6DEA6921}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-30 23:10:34.832
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:34.832
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:33.692
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:33.676
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:21.520
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-05-22 23:05:34.797
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-22 23:05:33.140
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:04.911
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:01.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:18.538
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:16.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-14 18:29:05.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2017-06-15 15:24:34.709
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 3541.63 MB
Available physical RAM: 2456.47 MB
Total Virtual: 4380.43 MB
Available Virtual: 2590.94 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:390.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7fa8be3a-4d0a-45fc-a706-4728fca00ad0}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{459a5572-f25b-45fe-98b3-e2ef6e4d26bd}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 09 June 2018 - 04:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678602 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 09 June 2018 - 10:08 PM

I don't know if this matters but lately when my computer becomes sluggish I open Task Manager and see 2 to 3 Task Scheduler Engines running at the same time. I don't have a Windows CD/DVD available but I do have a HP Recovery Disk with Windows 8 on it but I didn't create a media disk for Windows 8.1 since it's backed up in the cloud. I have the fresh FRST logs but I don't understand why I need to delete the program before being assisted.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Floretta (administrator) on LA-LA-LOOPSY (09-06-2018 22:47:48)
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{0E333C8D-0090-4B2F-A96D-1AAE408DB9B9}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: Caramello222
FF ProfilePath: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 [2018-06-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 -> type", 0
FF Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\uBlock0@raymondhill.net.xpi [2018-05-25]
FF Extension: (NoScript) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-29]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\features\{6883ce2d-cb0f-44e0-80f6-68ad0f5faf3f}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-02] [Legacy]
FF ProfilePath: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222 [2018-06-09]
FF Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222\Extensions\uBlock0@raymondhill.net.xpi [2018-06-06]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222\features\{6d5b2651-70aa-43fc-b7e7-c9ce81d736f5}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]
CHR Extension: (Google Drive) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-26]
CHR Extension: (YouTube) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-26]
CHR Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-27]
CHR Extension: (HP Network Check Launcher) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-26]
CHR Extension: (Gmail) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-07-14] (SUPERAntiSpyware.com)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-06-28] (Power Admin LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R0 C9294A81; C:\WINDOWS\System32\drivers\C9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-28] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 17:22 - 2018-06-04 17:22 - 000422652 _____ C:\Users\Floretta\Desktop\Autoruns2.txt
2018-06-04 16:55 - 2018-06-09 22:47 - 000000000 ____D C:\Users\Floretta\Desktop\FRST-OlderVersion
2018-06-04 16:54 - 2018-06-04 16:54 - 000002533 _____ C:\Users\Floretta\Desktop\quick mal.txt
2018-05-28 16:25 - 2018-05-28 16:25 - 000001295 _____ C:\Users\Floretta\Desktop\MBytesScan.txt
2018-05-28 15:40 - 2018-05-28 15:52 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-28 15:36 - 2018-05-28 15:36 - 000422594 _____ C:\Users\Floretta\Desktop\autoruns1.txt
2018-05-28 11:43 - 2018-06-04 16:58 - 000041020 _____ C:\Users\Floretta\Desktop\Addition.txt
2018-05-28 11:41 - 2018-06-09 22:48 - 000011142 _____ C:\Users\Floretta\Desktop\FRST.txt
2018-05-28 11:40 - 2018-06-09 22:47 - 000000000 ____D C:\FRST
2018-05-28 11:24 - 2018-05-28 11:27 - 000000000 ____D C:\Users\Floretta\Desktop\All MVP
2018-05-28 00:02 - 2018-06-07 07:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 00:02 - 2018-06-07 07:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-28 00:02 - 2018-06-06 21:54 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000943 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-05-26 23:43 - 2018-05-26 23:43 - 000000000 ____D C:\Users\Floretta\AppData\Roaming\Google
2018-05-26 23:41 - 2018-06-07 20:48 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-26 23:41 - 2018-06-07 20:48 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-26 23:40 - 2018-05-26 23:52 - 000000000 ____D C:\Users\Floretta\AppData\Local\Google
2018-05-26 23:40 - 2018-05-26 23:40 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-26 23:40 - 2018-05-26 23:40 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-26 23:40 - 2018-05-26 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-26 23:34 - 2018-05-26 23:40 - 000000000 ____D C:\Users\Floretta\AppData\Local\Deployment
2018-05-26 23:34 - 2018-05-26 23:34 - 000000000 ____D C:\Users\Floretta\AppData\Local\Apps\2.0
2018-05-22 23:00 - 2018-06-09 22:47 - 002413056 _____ (Farbar) C:\Users\Floretta\Desktop\FRST64.exe
2018-05-22 22:59 - 2018-05-22 22:59 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
2018-05-22 21:08 - 2018-05-22 21:08 - 038976024 _____ (Mozilla) C:\Users\Floretta\Desktop\Firefox Setup 60.0.1.exe
2018-05-22 20:54 - 2018-05-22 20:54 - 038976024 _____ (Mozilla) C:\Users\Floretta\Downloads\Firefox Setup 60.0.1.exe
2018-05-22 18:11 - 2018-06-07 14:18 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-22 18:11 - 2018-06-07 14:18 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-22 18:10 - 2018-05-22 18:11 - 000000000 ____D C:\Users\Floretta\AppData\Local\Adobe
2018-05-22 15:13 - 2018-05-22 15:13 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-22 15:13 - 2018-05-22 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-22 15:13 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-22 15:12 - 2018-05-22 15:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-22 01:49 - 2018-05-22 01:49 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-10 00:36 - 2018-05-10 00:36 - 000284664 _____ C:\WINDOWS\Minidump\051018-21078-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-09 22:25 - 2016-02-22 20:43 - 000000000 ____D C:\Users\Floretta\OneDrive
2018-06-09 22:24 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-09 22:23 - 2016-02-20 21:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-09 22:23 - 2013-08-22 09:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-06-09 21:58 - 2017-06-28 00:04 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Mozilla
2018-06-09 21:33 - 2016-02-21 19:51 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Adblock Plus for IE
2018-06-09 19:51 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-09 18:27 - 2016-02-19 13:00 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
2018-06-09 17:34 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-09 17:24 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-09 09:56 - 2018-02-10 15:30 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job
2018-06-09 09:51 - 2018-02-10 15:30 - 000003190 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFloretta
2018-06-08 23:02 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-08 20:34 - 2017-02-20 20:53 - 000000000 ____D C:\Users\Floretta\Desktop\Hidden City Pics
2018-06-07 14:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 14:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 01:45 - 2016-02-20 21:54 - 000000000 ____D C:\Users\Floretta
2018-06-05 15:19 - 2018-03-15 10:18 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 15:19 - 2018-03-15 10:18 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-01 00:48 - 2016-04-09 21:30 - 000000000 ____D C:\Users\Floretta\AppData\Local\CrashDumps
2018-05-28 16:31 - 2017-07-14 18:56 - 000000000 ____D C:\AdwCleaner
2018-05-28 16:31 - 2016-02-19 13:42 - 000729734 _____ C:\WINDOWS\ntbtlog.txt
2018-05-27 22:51 - 2016-06-21 01:09 - 000000000 ____D C:\Users\Floretta\Desktop\Printable Puzzles
2018-05-27 21:32 - 2017-12-25 13:56 - 000000000 ____D C:\Users\Floretta\AppData\Local\SkypePlugin
2018-05-27 13:01 - 2017-07-14 17:37 - 000003118 _____ C:\Users\Floretta\Desktop\Rkill.txt
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-18 12:31 - 2016-02-26 15:31 - 000000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
2018-05-15 09:52 - 2016-02-21 16:47 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-05-10 00:36 - 2017-11-06 22:54 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-10 00:36 - 2017-11-06 22:53 - 411844405 _____ C:\WINDOWS\MEMORY.DMP

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-09 00:04

==================== End of FRST.txt ============================

 

Additional Scan Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Floretta (09-06-2018 22:50:09)
Running from C:\Users\Floretta\Desktop
Windows 8.1 (Update) (X64) (2016-02-21 02:19:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:\Users\Floretta
Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{7A48FE92-F9B4-8FFA-7BAD-21CB7DEE1569}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4BC416EA-CBC5-13FD-C83A-4B1FAF67098C}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A6E62176-8E19-D5FD-E6B1-C7AC8B0BE9CF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{03D53E62-3033-2B6E-6250-94654C7062BF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{03B1860D-A09B-27EB-7EAC-0E5F174032CA}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{F3CE6F28-D740-5366-D67B-D7398F44070B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{E5F6E095-5DF7-A975-E20A-F65CF09C7F86}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{83F34886-010B-6557-AF96-476B11064769}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{EBA40A2A-104A-7494-7963-BC57B5E01BA5}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22D2669B-33CC-C6C4-88B8-974AD4A214DB}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{0320DCC1-BF31-C4F1-11D9-A7F8AF76A2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{32841394-3CE1-B9AD-09C3-282D9B067B1B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7ACC0D20-8698-07B4-5D47-65C62E7A5A55}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{0134E878-7296-5829-EE57-93694856559E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8D1A4287-CD2E-CED5-82CF-91623D0D150D}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{77C3894A-381D-EADC-C563-80E0FFCCBF99}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{93C07327-4DFD-ECFE-330F-F3C57467F2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{A3E8927D-6EA7-6627-1C91-ECC2AEF84B37}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{43C32BFA-A561-E815-D107-DDDE2A554C7F}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F9234F4E-4A77-228E-0A22-30B5E7FFC555}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A1C005FB-2101-7DB0-626B-130420EAFEF6}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.18.3 - HP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A88D1A9-6C18-4B22-A903-B3EEF21D0392} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {20BE4CFD-460E-436B-9181-644A0827D93D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3A1E4B46-A32F-444B-A609-3223371C251F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {3CA45824-207F-42F8-BE97-099660955587} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {43A2F4D9-1F0E-4371-89BB-E05EAB0F3EB2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {4853AD43-C3CE-4892-A19C-03AFC0C2D5E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {7318E5DD-C0AD-4065-B450-CC2961A6F30D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {7DFD7891-9940-486E-9905-A28599E00594} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {A6EA9588-98FC-4ABA-828A-5E5C6814E73E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {BFD5E213-CECC-4613-B21A-36A4A3717134} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C791C589-41A8-456F-9069-09C7524AF371} - System32\Tasks\HPCeeScheduleForFloretta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9C1F9DB-77C6-425A-A3C1-09290A794C19} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {CC901A7E-F995-48E1-967B-00FC5D227780} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAB29C2C-EF05-4888-AC31-FB0891B79C1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-14507302110.lnk -> hxxp://www.100reasonstorecover.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-3047420720.lnk -> hxxp://www.rheumatology.org/I-Am-A/Patient-Caregive
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\13569778940.lnk -> hxxp://www.rheumresearch.org/patients-familie
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\4409334790.lnk -> hxxp://www.niams.nih.gov
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\6214829320.lnk -> hxxp://www.arthritis.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\7206166770.lnk -> hxxp://simpletasks.org

ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-14507302110.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x0e162895 -pinnedTimeHigh 0x01d21a01 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000023 hxxp://www.100reasonstorecover.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-3047420720.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x3f50896e -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000034 hxxp://www.rheumatology.org/I-Am-A/Patient-Caregiver
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\13569778940.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xf59b6a37 -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000001 -url 0x0000002e hxxp://www.rheumresearch.org/patients-families
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4409334790.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x9bf0adbe -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.niams.nih.gov/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\6214829320.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x5af70f22 -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.arthritis.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7206166770.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x7488770f -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000017 hxxp://simpletasks.org/

==================== Loaded Modules (Whitelisted) ==============

2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-02-18 20:07 - 2013-03-12 10:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 02:53 - 2013-03-13 02:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\microsoft.com -> hxxps://support.microsoft.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\coupons.com -> www.coupons.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\ppjol.net -> hxxp://s.ppjol.net
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\tradedoubler.com -> clkuk.tradedoubler.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-05-28 11:22 - 000475748 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net

There are 12587 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Floretta\Pictures\RoyalBarge_EN-US7484780716_1920x1200.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{137E5125-6324-4735-B4C4-999E98C6A78F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2AAB140D-AA0B-4FF2-8792-6BDBAC0935C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F2CF8C92-75F1-4D65-B9AD-B63EEC4873C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8DA219C1-ABDB-4A54-B313-CA52D3A75680}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{57D3D61A-3E2A-4C3B-9D86-7402DC023803}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{BBE25CA3-364A-4585-B20E-7292E1569157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B227A311-0C2C-4155-B489-AB4893B75870}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A2B4AFAB-321F-414F-9C1A-AA3B9EF75521}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{04EFC315-78DC-4AB7-9FB5-A1877779EC32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CDE4800B-3056-4E36-8C15-AD77B001E07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79F5ADC9-C5E5-4135-AEF8-DB5AF68FA187}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDE195F-6BA6-4B5C-BCD2-6F3E134FAD00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3802CAC-3E49-4899-BDB0-51EE17A54BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{527D1A1F-9F05-41B1-9BED-070C640C3143}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{69358BAF-CA5A-4F21-A462-854DF705E503}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{2B2A76CE-B6CA-4071-A983-A14A5B46B6B5}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{5CBE103F-522A-4A6A-A207-B37961D50B55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{94EC8069-A000-4835-9B59-E97BC19962EE}] => (Allow) LPort=2869
FirewallRules: [{8F27F72F-5CC3-403A-B454-1C94BC89C6F4}] => (Allow) LPort=1900
FirewallRules: [{B3B4D3A7-16A3-48B0-B0BC-87E2F8AFBB45}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8EE0C344-6278-4915-B389-270E8A42CF70}C:\users\floretta\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\floretta\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{CF5548D4-8469-4263-904B-D096B9FB7563}C:\users\floretta\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\floretta\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{945024AE-9CFE-4C6D-847E-D1A941F9CB74}C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{1FD70BB5-8ECB-46FF-BDDA-8F991663830D}C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\floretta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{0407503D-2BC0-4792-8E4E-49E8B3927EBE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{25940296-21D3-403E-9F72-875FE8AF2397}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C153B3B-17E8-40D6-B4DB-6A492B7E7C31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-05-2018 19:03:34 Scheduled Checkpoint
27-05-2018 00:58:18 Scheduled Checkpoint
03-06-2018 14:05:11 Scheduled Checkpoint
08-06-2018 23:00:14 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2018 10:50:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:50:52Z. Error Code: 0x80070005.

Error: (06/09/2018 10:50:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:50:22Z. Error Code: 0x80070005.

Error: (06/09/2018 10:49:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:49:52Z. Error Code: 0x80070005.

Error: (06/09/2018 10:49:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:49:22Z. Error Code: 0x80070005.

Error: (06/09/2018 10:48:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:48:52Z. Error Code: 0x80070005.

Error: (06/09/2018 10:48:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:48:22Z. Error Code: 0x80070005.

Error: (06/09/2018 10:47:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:47:52Z. Error Code: 0x80070005.

Error: (06/09/2018 10:47:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-17T02:47:22Z. Error Code: 0x80070005.

System errors:
=============
Error: (06/09/2018 10:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Monitor Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/09/2018 10:08:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/09/2018 09:59:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Monitor Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/09/2018 09:55:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.269.950.0).

Error: (06/09/2018 12:18:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/09/2018 12:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/07/2018 12:02:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/07/2018 08:43:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Windows Defender:
===================================
Date: 2018-06-09 18:27:28.904
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8E3820D3-3A32-4894-8CBC-7A08C378A1DC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-09 00:05:25.964
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {860F367D-88AE-430B-9C7F-993015A8B809}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-07 09:53:12.814
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B1E86BD5-BEA1-4D19-BF9B-CF507D98FD19}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-06 23:40:09.720
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {0A36E0A1-1D86-4CE9-A3DA-4ACCBEB74DE4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-06 23:33:05.204
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {699F5769-8738-4A50-BA01-7F1A96A7F2E7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-09 09:55:52.323
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.901.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-06-08 08:50:55.827
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.830.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-08 08:50:55.827
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.830.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-08 08:50:54.691
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-08 08:50:54.688
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-05-22 23:05:34.797
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-22 23:05:33.140
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:04.911
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:01.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:18.538
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:16.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-14 18:29:05.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2017-06-15 15:24:34.709
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 3541.63 MB
Available physical RAM: 2623.6 MB
Total Virtual: 3941.63 MB
Available Virtual: 2677.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:389.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7fa8be3a-4d0a-45fc-a706-4728fca00ad0}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{459a5572-f25b-45fe-98b3-e2ef6e4d26bd}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 13 June 2018 - 10:01 AM

Greetings Caramello222 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right click JRT.exe and select Run as administrator
  • Press any key to continue
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware report
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 13 June 2018 - 06:31 PM

Hi Gary, my name is Alicia. I ran Junkware Cleaner as admin. and that removed somethings. I was confused about the FRST fix instructions. I opened it as admin., then came back here and highlighted the fix text and pressed ctrl + c keys. The first time I did it nothing happened so I tried it again and still nothing, I didn't know if something was to happen like the text appearing in the window of the FRST tool, so I closed everything and again opened FRST as admin., then came back here and highlighted the text, press ctrl + c, then clicked the fix button on the FRST tool. During the fix a command prompt window opened 3 times directly behind the tool and I only noticed it because it made the text in FRST slightly blurry and created a black frame around the FRST window due to the prompt window being slightly bigger than the FRST window. In case that means anything I thought I should let you know. I still have the r.bat.bing click service search results but my Internet Explorer homepage loaded faster and without the message for me to disable add-ons to speed up my browser, before that popped up all the time no matter how many times I clicked don't disable. I'm not sure about my other browsers I haven't checked them yet.

 

Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by Floretta (Administrator) on Wed 06/13/2018 at 17:57:30.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 1

Successfully deleted: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222\extensions\trash (Folder)

Deleted the following from C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\prefs.js
user_pref(browser.urlbar.suggest.searches, false);

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3CB12E97-BDDF-4488-8C61-217335DD319F} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/13/2018 at 18:02:26.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fixlog:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Floretta (13-06-2018 18:16:19) Run:1
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CB12E97-BDDF-4488-8C61-217335DD319F} => not found
HKLM\Software\Classes\CLSID\{3CB12E97-BDDF-4488-8C61-217335DD319F} => not found
"Chrome DefaultSuggestURL" => removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\S-1-5-21-2603647047-4195809022-826204347-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2603647047-4195809022-826204347-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2603647047-4195809022-826204347-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

================== ExportKey: ===================

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys]
""="Driver"

=== End of ExportKey ===

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47185010 B
Java, Flash, Steam htmlcache => 1598 B
Windows/system/drivers => 845143260 B
Edge => 0 B
Chrome => 361873841 B
Firefox => 749122626 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 52448 B
NetworkService => 4861818 B
Floretta => 2776656232 B

RecycleBin => 2459 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:25:43 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 13 June 2018 - 08:06 PM

Please let me know specifically what you are experiencing with each browser. That will help me determine what our next step is.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 14 June 2018 - 12:41 PM

Sorry about the lack of information I had a family emergency so my focus was on posting the logs. I haven't seen taskeng.exe pop up since I refreshed the FRST logs so I can't tell if it has stopped popping up. Today I saw it running in Task Manager but when I opened Scheduled Tasks there was no task being performed in the task status section. There is no summary of any tasks at any time period. There are also 4 running tasks CacheTask, CLMLSvc_P2G8, MsCtfMonitor, and System Sounds Service, their start time and duration is unavailable. My cursor is still having it's on and off moments of lagging and task manager doesn't show any change in resource use when it happens. I checked my browsers and only IE 11 has r,bat,bing ads at the top and bottom of bing search results. I used google search but the ads didn't show there. The bat,bing ad popped up in Mozilla Firefox and Google Chrome during the loading of both google search and bing search but when the pages finished loading the ads were gone. I'm assuming UBlock Origin did it's job and blocked the ads, I noticed that in Google Chrome just being on my bing homepage UBlock's count went up to 70. My Hidden City game is still loading very slow in Mozilla Firefox and the play is still slow, and it's still have spikes of CPU every minute in Google Chrome. Also I noticed while using Google Chrome 2 Software Reporter Tools that quickly became 3 were running my CPU at 80% and then something would spike it to 98%-100%, but the memory stayed steady at 65%. I don't know if any of that really means malware/adware or if it just means I have a system that needs tuning.



#8 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 14 June 2018 - 04:41 PM

Yes something is still on my computer running in the background. While I was checking out the game in Mozilla Firefox it did pick up some speed and began loading things faster but after I left my computer idol for 4 minutes an idol task began and of course when I moved my mouse it stopped. But after that the game became very slow again so I came out of it and rebooted my computer and it took a long time for it to get past the HP logo screen, which was about 3-4 minutes it did a bunch of cranking then finally showed the lock screen and I signed into my computer. When it was done loading I went back into the game which is still slow but it got even slower suddenly and the cursor began lagging so since it was hard to click on objects and the game began to freeze on and off so I closed it again. The cursor was still lagging outside of the game and when I tried to open IE 11 it crashed and reopened. So I still have something running in the background on and off. And when I say the cursor is lagging what I mean is that it does a split second pause while I'm moving it and then it flies past the spot I wanted to click and I usually have to move it back and forth across the screen a couple of times to make it stop and when that doesn't work I have to reboot. I also bought a new mouse because of how annoying it is but I found out it's not the mouse because the same thing happens with the new mouse and they are both cordless, if that matters.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 14 June 2018 - 07:18 PM

Please run a new FRST scan and copy/paste both reports in your reply. In addition, do this.

===================================================

Resetting Internet Explorer Settings

--------------------
  • Launch Internet Explorer
  • Select Tools, Internet Options, and then the Advanced tab
  • Under Reset Internet Explorer settings click Reset
  • Click Reset again
  • Close the browser, restart your computer then check the browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt
  • Internet Explorer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 14 June 2018 - 11:36 PM

R,bat,bing is still my search buddy after the reset. I guess it's performing ok, it's usually slow and becomes unresponsive  when I use Facebook but this time the only problem was the cursor lagging but it does that outside of IE too.  

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Floretta (administrator) on LA-LA-LOOPSY (14-06-2018 23:10:59)
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{0E333C8D-0090-4B2F-A96D-1AAE408DB9B9}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: Caramello222
FF ProfilePath: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 [2018-06-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925 -> type", 0
FF Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\uBlock0@raymondhill.net.xpi [2018-05-25]
FF Extension: (NoScript) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-29]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\ngi7b3ks.default-1512793097925\features\{6883ce2d-cb0f-44e0-80f6-68ad0f5faf3f}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-02] [Legacy]
FF ProfilePath: C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222 [2018-06-14]
FF Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222\Extensions\uBlock0@raymondhill.net.xpi [2018-06-13]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Floretta\AppData\Roaming\Mozilla\Firefox\Profiles\Caramello222\features\{6d5b2651-70aa-43fc-b7e7-c9ce81d736f5}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default [2018-06-14]
CHR Extension: (Google Drive) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-26]
CHR Extension: (YouTube) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-26]
CHR Extension: (uBlock Origin) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-27]
CHR Extension: (HP Network Check Launcher) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-26]
CHR Extension: (Gmail) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Floretta\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-13]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-07-14] (SUPERAntiSpyware.com)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-06-28] (Power Admin LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R0 C9294A81; C:\WINDOWS\System32\drivers\C9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-28] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 10:35 - 2018-05-25 01:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-14 10:35 - 2018-05-25 00:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-14 10:35 - 2018-05-25 00:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-14 10:35 - 2018-05-25 00:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-14 10:35 - 2018-05-25 00:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-14 10:35 - 2018-05-25 00:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-14 10:35 - 2018-05-25 00:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-14 10:35 - 2018-05-25 00:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-14 10:35 - 2018-05-24 23:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-14 10:35 - 2018-05-24 23:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-14 10:35 - 2018-05-24 23:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-14 10:35 - 2018-05-24 23:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-14 10:35 - 2018-05-24 23:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-14 10:35 - 2018-05-24 23:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-14 10:35 - 2018-05-24 23:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-14 10:35 - 2018-05-24 23:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-14 10:35 - 2018-05-24 23:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-14 10:35 - 2018-05-24 23:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-14 10:35 - 2018-05-24 23:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-14 10:35 - 2018-05-24 23:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-14 10:35 - 2018-05-24 23:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-14 10:35 - 2018-05-24 23:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-14 10:35 - 2018-05-24 23:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-14 10:35 - 2018-05-24 23:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-14 10:35 - 2018-05-24 23:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-14 10:35 - 2018-05-23 01:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-14 10:35 - 2018-05-23 01:45 - 000027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-14 10:35 - 2018-05-23 01:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-14 10:35 - 2018-05-23 00:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-14 10:35 - 2018-05-15 01:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-14 10:35 - 2018-05-15 01:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-14 10:35 - 2018-05-15 01:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-14 10:35 - 2018-05-15 00:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-14 10:35 - 2018-05-15 00:17 - 000032640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-14 10:35 - 2018-05-15 00:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-14 10:35 - 2018-05-14 23:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-14 10:35 - 2018-05-14 22:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-14 10:35 - 2018-05-14 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-14 10:35 - 2018-05-12 17:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-14 10:35 - 2018-05-12 17:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-14 10:35 - 2018-05-12 16:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-14 10:35 - 2018-05-12 16:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-14 10:35 - 2018-05-12 15:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-14 10:35 - 2018-05-10 23:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-14 10:35 - 2018-05-05 15:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-14 10:35 - 2018-05-05 14:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-14 10:35 - 2018-05-05 12:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-14 10:35 - 2018-05-05 12:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-14 10:35 - 2018-04-07 12:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-14 10:35 - 2018-04-07 12:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-14 10:35 - 2018-04-07 12:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-14 10:35 - 2018-04-07 12:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-14 10:35 - 2018-04-07 11:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-14 10:35 - 2018-04-07 11:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-14 10:35 - 2018-04-05 13:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-14 10:35 - 2018-04-05 13:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-14 10:35 - 2018-03-28 21:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-14 10:35 - 2018-03-28 21:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-14 10:35 - 2018-03-28 21:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-14 10:35 - 2018-03-28 21:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-14 10:35 - 2018-03-28 20:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-06-14 10:35 - 2018-03-28 20:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-13 18:16 - 2018-06-13 18:25 - 000004273 _____ C:\Users\Floretta\Desktop\Fixlog.txt
2018-06-13 18:02 - 2018-06-13 18:02 - 000000989 _____ C:\Users\Floretta\Desktop\JRT.txt
2018-06-13 17:55 - 2018-06-13 17:55 - 001790024 _____ (Malwarebytes) C:\Users\Floretta\Desktop\JRT.exe
2018-06-04 17:22 - 2018-06-04 17:22 - 000422652 _____ C:\Users\Floretta\Desktop\Autoruns2.txt
2018-06-04 16:55 - 2018-06-09 22:47 - 000000000 ____D C:\Users\Floretta\Desktop\FRST-OlderVersion
2018-06-04 16:54 - 2018-06-04 16:54 - 000002533 _____ C:\Users\Floretta\Desktop\quick mal.txt
2018-05-28 16:25 - 2018-05-28 16:25 - 000001295 _____ C:\Users\Floretta\Desktop\MBytesScan.txt
2018-05-28 15:40 - 2018-05-28 15:52 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-28 15:36 - 2018-05-28 15:36 - 000422594 _____ C:\Users\Floretta\Desktop\autoruns1.txt
2018-05-28 11:43 - 2018-06-09 22:51 - 000041169 _____ C:\Users\Floretta\Desktop\Addition.txt
2018-05-28 11:41 - 2018-06-14 23:11 - 000010712 _____ C:\Users\Floretta\Desktop\FRST.txt
2018-05-28 11:40 - 2018-06-14 23:10 - 000000000 ____D C:\FRST
2018-05-28 11:24 - 2018-05-28 11:27 - 000000000 ____D C:\Users\Floretta\Desktop\All MVP
2018-05-28 00:02 - 2018-06-07 07:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 00:02 - 2018-06-07 07:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-28 00:02 - 2018-06-06 21:54 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000943 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-05-26 23:43 - 2018-05-26 23:43 - 000000000 ____D C:\Users\Floretta\AppData\Roaming\Google
2018-05-26 23:41 - 2018-06-12 17:28 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-26 23:41 - 2018-06-12 17:28 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-26 23:40 - 2018-05-26 23:52 - 000000000 ____D C:\Users\Floretta\AppData\Local\Google
2018-05-26 23:40 - 2018-05-26 23:40 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-26 23:40 - 2018-05-26 23:40 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-26 23:40 - 2018-05-26 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-26 23:34 - 2018-05-26 23:40 - 000000000 ____D C:\Users\Floretta\AppData\Local\Deployment
2018-05-26 23:34 - 2018-05-26 23:34 - 000000000 ____D C:\Users\Floretta\AppData\Local\Apps\2.0
2018-05-22 23:00 - 2018-06-09 22:47 - 002413056 _____ (Farbar) C:\Users\Floretta\Desktop\FRST64.exe
2018-05-22 22:59 - 2018-05-22 22:59 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
2018-05-22 21:08 - 2018-05-22 21:08 - 038976024 _____ (Mozilla) C:\Users\Floretta\Desktop\Firefox Setup 60.0.1.exe
2018-05-22 20:54 - 2018-05-22 20:54 - 038976024 _____ (Mozilla) C:\Users\Floretta\Downloads\Firefox Setup 60.0.1.exe
2018-05-22 18:11 - 2018-06-07 14:18 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-22 18:11 - 2018-06-07 14:18 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-22 18:10 - 2018-05-22 18:11 - 000000000 ____D C:\Users\Floretta\AppData\Local\Adobe
2018-05-22 15:13 - 2018-05-22 15:13 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-22 15:13 - 2018-05-22 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-22 15:13 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-22 15:12 - 2018-05-22 15:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-22 01:49 - 2018-05-22 01:49 - 000000000 ____D C:\ProgramData\MB2Migration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 23:10 - 2016-02-21 19:51 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Adblock Plus for IE
2018-06-14 18:13 - 2017-06-28 00:04 - 000000000 ____D C:\Users\Floretta\AppData\LocalLow\Mozilla
2018-06-14 17:18 - 2016-04-09 21:30 - 000000000 ____D C:\Users\Floretta\AppData\Local\CrashDumps
2018-06-14 15:51 - 2018-02-10 15:30 - 000003190 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFloretta
2018-06-14 15:51 - 2018-02-10 15:30 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job
2018-06-14 15:43 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-14 15:40 - 2016-02-20 21:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-14 15:40 - 2013-08-22 09:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-06-14 12:30 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-14 10:57 - 2016-02-19 17:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 10:53 - 2017-10-11 12:17 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 10:53 - 2016-02-19 17:27 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-14 10:52 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-14 10:48 - 2016-02-22 20:43 - 000000000 ____D C:\Users\Floretta\OneDrive
2018-06-12 18:34 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-12 17:28 - 2016-02-19 13:00 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
2018-06-12 12:27 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-08 20:34 - 2017-02-20 20:53 - 000000000 ____D C:\Users\Floretta\Desktop\Hidden City Pics
2018-06-07 14:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 14:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 01:45 - 2016-02-20 21:54 - 000000000 ____D C:\Users\Floretta
2018-06-05 15:19 - 2018-03-15 10:18 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 15:19 - 2018-03-15 10:18 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-28 16:31 - 2017-07-14 18:56 - 000000000 ____D C:\AdwCleaner
2018-05-28 16:31 - 2016-02-19 13:42 - 000729734 _____ C:\WINDOWS\ntbtlog.txt
2018-05-27 22:51 - 2016-06-21 01:09 - 000000000 ____D C:\Users\Floretta\Desktop\Printable Puzzles
2018-05-27 21:32 - 2017-12-25 13:56 - 000000000 ____D C:\Users\Floretta\AppData\Local\SkypePlugin
2018-05-27 13:01 - 2017-07-14 17:37 - 000003118 _____ C:\Users\Floretta\Desktop\Rkill.txt
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-18 12:31 - 2016-02-26 15:31 - 000000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
2018-05-15 09:52 - 2016-02-21 16:47 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-09 00:04

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Floretta (14-06-2018 23:13:09)
Running from C:\Users\Floretta\Desktop
Windows 8.1 (Update) (X64) (2016-02-21 02:19:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:\Users\Floretta
Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{7A48FE92-F9B4-8FFA-7BAD-21CB7DEE1569}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4BC416EA-CBC5-13FD-C83A-4B1FAF67098C}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A6E62176-8E19-D5FD-E6B1-C7AC8B0BE9CF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{03D53E62-3033-2B6E-6250-94654C7062BF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{03B1860D-A09B-27EB-7EAC-0E5F174032CA}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{F3CE6F28-D740-5366-D67B-D7398F44070B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{E5F6E095-5DF7-A975-E20A-F65CF09C7F86}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{83F34886-010B-6557-AF96-476B11064769}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{EBA40A2A-104A-7494-7963-BC57B5E01BA5}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22D2669B-33CC-C6C4-88B8-974AD4A214DB}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{0320DCC1-BF31-C4F1-11D9-A7F8AF76A2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{32841394-3CE1-B9AD-09C3-282D9B067B1B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7ACC0D20-8698-07B4-5D47-65C62E7A5A55}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{0134E878-7296-5829-EE57-93694856559E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8D1A4287-CD2E-CED5-82CF-91623D0D150D}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{77C3894A-381D-EADC-C563-80E0FFCCBF99}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{93C07327-4DFD-ECFE-330F-F3C57467F2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{A3E8927D-6EA7-6627-1C91-ECC2AEF84B37}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{43C32BFA-A561-E815-D107-DDDE2A554C7F}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F9234F4E-4A77-228E-0A22-30B5E7FFC555}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A1C005FB-2101-7DB0-626B-130420EAFEF6}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.18.3 - HP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A88D1A9-6C18-4B22-A903-B3EEF21D0392} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {20BE4CFD-460E-436B-9181-644A0827D93D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3A1E4B46-A32F-444B-A609-3223371C251F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {3CA45824-207F-42F8-BE97-099660955587} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {43A2F4D9-1F0E-4371-89BB-E05EAB0F3EB2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {4853AD43-C3CE-4892-A19C-03AFC0C2D5E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {7318E5DD-C0AD-4065-B450-CC2961A6F30D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {7DFD7891-9940-486E-9905-A28599E00594} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {A6EA9588-98FC-4ABA-828A-5E5C6814E73E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {BFD5E213-CECC-4613-B21A-36A4A3717134} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C791C589-41A8-456F-9069-09C7524AF371} - System32\Tasks\HPCeeScheduleForFloretta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9C1F9DB-77C6-425A-A3C1-09290A794C19} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {CC901A7E-F995-48E1-967B-00FC5D227780} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAB29C2C-EF05-4888-AC31-FB0891B79C1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-14507302110.lnk -> hxxp://www.100reasonstorecover.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\-3047420720.lnk -> hxxp://www.rheumatology.org/I-Am-A/Patient-Caregive
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\13569778940.lnk -> hxxp://www.rheumresearch.org/patients-familie
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\4409334790.lnk -> hxxp://www.niams.nih.gov
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\6214829320.lnk -> hxxp://www.arthritis.org
Shortcut: C:\Users\Floretta\AppData\Local\Microsoft\Windows\RoamingTiles\7206166770.lnk -> hxxp://simpletasks.org

ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-14507302110.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x0e162895 -pinnedTimeHigh 0x01d21a01 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000023 hxxp://www.100reasonstorecover.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-3047420720.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x3f50896e -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000034 hxxp://www.rheumatology.org/I-Am-A/Patient-Caregiver
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\13569778940.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xf59b6a37 -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000001 -url 0x0000002e hxxp://www.rheumresearch.org/patients-families
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4409334790.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x9bf0adbe -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.niams.nih.gov/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\6214829320.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x5af70f22 -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.arthritis.org/
ShortcutWithArgument: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7206166770.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x7488770f -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000017 hxxp://simpletasks.org/

==================== Loaded Modules (Whitelisted) ==============

2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-02-18 20:07 - 2013-03-12 10:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 02:53 - 2013-03-13 02:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\microsoft.com -> hxxps://support.microsoft.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\coupons.com -> www.coupons.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\ppjol.net -> hxxp://s.ppjol.net
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\tradedoubler.com -> clkuk.tradedoubler.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-05-28 11:22 - 000475748 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net

There are 12587 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Floretta\Pictures\RoyalBarge_EN-US7484780716_1920x1200.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2018 00:58:18 Scheduled Checkpoint
03-06-2018 14:05:11 Scheduled Checkpoint
08-06-2018 23:00:14 Windows Update
13-06-2018 17:57:32 JRT Pre-Junkware Removal
13-06-2018 18:16:20 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2018 11:13:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:13:42Z. Error Code: 0x80070005.

Error: (06/14/2018 11:13:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:13:12Z. Error Code: 0x80070005.

Error: (06/14/2018 11:12:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:12:42Z. Error Code: 0x80070005.

Error: (06/14/2018 11:12:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:12:12Z. Error Code: 0x80070005.

Error: (06/14/2018 11:11:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:11:42Z. Error Code: 0x80070005.

Error: (06/14/2018 11:11:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:11:12Z. Error Code: 0x80070005.

Error: (06/14/2018 11:10:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:10:42Z. Error Code: 0x80070005.

Error: (06/14/2018 11:10:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-22T03:10:12Z. Error Code: 0x80070005.

System errors:
=============
Error: (06/14/2018 12:31:27 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (06/14/2018 12:31:18 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (06/14/2018 11:03:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/14/2018 02:50:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/13/2018 07:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/13/2018 06:16:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/13/2018 06:16:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/13/2018 06:16:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 10 time(s).

Windows Defender:
===================================
Date: 2018-06-13 19:36:54.786
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1616B914-3222-42C5-8390-597E83D90E82}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 19:29:28.593
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {55F73D05-F60D-43A0-B7FF-EFC2B88A58F5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 19:17:08.877
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {D649E33D-5C70-4D82-8974-1A1A846C5FAD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 19:12:42.642
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {93F1A897-B1FD-4F4F-A3F2-050D8494976D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 18:41:34.379
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {57ED8199-E5AA-41E5-B663-43BD3E07EF28}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-14 10:34:45.306
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1188.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-14 10:34:45.306
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1188.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-14 10:34:44.056
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-14 10:34:44.040
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-06-14 10:34:03.618
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1188.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-05-22 23:05:34.797
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-22 23:05:33.140
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:04.911
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:01.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:18.538
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:16.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-14 18:29:05.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2017-06-15 15:24:34.709
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 3541.63 MB
Available physical RAM: 2558.02 MB
Total Virtual: 4924.38 MB
Available Virtual: 3646.74 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:389.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7fa8be3a-4d0a-45fc-a706-4728fca00ad0}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{459a5572-f25b-45fe-98b3-e2ef6e4d26bd}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

==================== End of Addition.txt ============================



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 15 June 2018 - 09:47 AM

Thank you.

Please do this.

===================================================

Adding Internet Explorer Restricted Site

--------------------
  • Launch Internet Explorer
  • Click Tools, then Internet Options
  • Click the Security Tab, then click on Restricted Sites
  • Click Sites and a pop up box should appear
  • Under Add this website to the zone: type r.bat.bing.com then click Add
  • Click Close, then OK
  • Close Internet Explorer, relaunch it, then check the performance
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
cmd: chkdsk
cmd: sfc /scannow
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • A SystemSummary file will be created on your Desktop. Attach that file to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Internet Explorer behavior
  • Fixlog
  • Attached System Summary file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 15 June 2018 - 07:37 PM

I'm having trouble attaching the System Summary file. It's 2.58mb and both uploaders gave me the same error message "Error You aren't permitted to upload this kind of file". The name of the file is "SystemSummary.nfo". Do I need to change the file type to attach it?

Internet Explorer is behaving good except for the quick messages above the address bar that it's not responding. That happened on youtube every time a new page with a video loaded and the message was only a quick flash, but the pages loaded correctly and at a good speed so the message is odd. R,bat,bing is a rough rider, I put it on the restricted list, clicked ok, closed IE and launched it again. I did some searches in bing and r,bat,bing still has it's misleading ads at the top and bottom of my search results. I also tried searches after the fix restarted my computer and it's still here. After the fix I haven't had any sudden lagging happen, but I haven't had a chance yet to test my browser game to see if it happens there. If it does happen there does that mean the game is the cause? I hope not, the game is the only reason why I have Firefox and Chrome. The game is slow in Firefox but in Chrome it's fast except for the CPU spiking every minute and freezing the game, so I've been looking for a browser I can play it on that's easy on CPU and Memory. If you know of one please let me know, and also some tips on how to keep my computer safe while playing. Especially since I just recently found out that you can get malware on your computer by using Flash Player which I use to play The Secret Society but Hidden City uses Web-GL.

FIXLOG:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Floretta (15-06-2018 12:10:02) Run:2
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
cmd: chkdsk
cmd: sfc /scannow

*****************

Processes closed successfully.

========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========

========= End of CMD: =========

========= chkdsk =========

The type of the file system is NTFS.
Volume label is Windows.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 0 of 433664 done; Stage:  0%; Total:  0%; ETA:   0:20:52   
Progress: 3073 of 433664 done; Stage:  0%; Total:  0%; ETA:   0:20:49 . 
Progress: 12497 of 433664 done; Stage:  2%; Total:  1%; ETA:   0:20:41 ..
Progress: 22148 of 433664 done; Stage:  5%; Total:  1%; ETA:   0:01:13 ...
Progress: 31661 of 433664 done; Stage:  7%; Total:  2%; ETA:   0:01:10   
Progress: 39225 of 433664 done; Stage:  9%; Total:  3%; ETA:   0:01:10 . 
Progress: 51591 of 433664 done; Stage: 11%; Total:  4%; ETA:   0:01:05 ..
Progress: 59719 of 433664 done; Stage: 13%; Total:  4%; ETA:   0:01:04 ...
Progress: 60338 of 433664 done; Stage: 13%; Total:  4%; ETA:   0:01:13   
Progress: 71281 of 433664 done; Stage: 16%; Total:  5%; ETA:   0:01:10 . 
Progress: 80015 of 433664 done; Stage: 18%; Total:  6%; ETA:   0:01:08 ..
Progress: 93257 of 433664 done; Stage: 21%; Total:  7%; ETA:   0:01:05 ...
Progress: 103681 of 433664 done; Stage: 23%; Total:  8%; ETA:   0:01:02   
Progress: 115718 of 433664 done; Stage: 26%; Total:  9%; ETA:   0:01:00 . 
Progress: 130218 of 433664 done; Stage: 30%; Total: 10%; ETA:   0:00:59 ..
Progress: 144600 of 433664 done; Stage: 33%; Total: 11%; ETA:   0:00:55 ...
Progress: 157147 of 433664 done; Stage: 36%; Total: 12%; ETA:   0:00:54   
Progress: 170666 of 433664 done; Stage: 39%; Total: 13%; ETA:   0:00:52 . 
Progress: 183271 of 433664 done; Stage: 42%; Total: 14%; ETA:   0:00:51 ..
Progress: 188144 of 433664 done; Stage: 43%; Total: 15%; ETA:   0:00:51 ...
Progress: 196097 of 433664 done; Stage: 45%; Total: 15%; ETA:   0:00:51   
Progress: 205657 of 433664 done; Stage: 47%; Total: 16%; ETA:   0:00:51 . 
Progress: 209210 of 433664 done; Stage: 48%; Total: 16%; ETA:   0:00:52 ..
Progress: 213121 of 433664 done; Stage: 49%; Total: 17%; ETA:   0:00:52 ...
Progress: 217448 of 433664 done; Stage: 50%; Total: 17%; ETA:   0:00:54   
Progress: 227472 of 433664 done; Stage: 52%; Total: 18%; ETA:   0:00:54 . 
Progress: 239634 of 433664 done; Stage: 55%; Total: 19%; ETA:   0:00:52 ..
Progress: 250945 of 433664 done; Stage: 57%; Total: 20%; ETA:   0:00:51 ...
Progress: 258962 of 433664 done; Stage: 59%; Total: 21%; ETA:   0:00:51   
Progress: 290615 of 433664 done; Stage: 67%; Total: 23%; ETA:   0:00:46 . 
Progress: 315626 of 433664 done; Stage: 72%; Total: 25%; ETA:   0:00:43 ..
Progress: 315627 of 433664 done; Stage: 72%; Total: 25%; ETA:   0:00:43 ...
Progress: 330786 of 433664 done; Stage: 76%; Total: 27%; ETA:   0:00:41   
Progress: 340583 of 433664 done; Stage: 78%; Total: 27%; ETA:   0:00:41 . 
Progress: 353025 of 433664 done; Stage: 81%; Total: 28%; ETA:   0:00:41 ..
Progress: 365206 of 433664 done; Stage: 84%; Total: 29%; ETA:   0:00:39 ...
Progress: 369758 of 433664 done; Stage: 85%; Total: 30%; ETA:   0:00:40   
Progress: 378641 of 433664 done; Stage: 87%; Total: 30%; ETA:   0:00:39 . 
Progress: 411959 of 433664 done; Stage: 94%; Total: 33%; ETA:   0:00:36 ..
Progress: 433664 of 433664 done; Stage: 100%; Total: 34%; ETA:   0:00:35 ...
                                                                                      
                                                                                      
  433664 file records processed.                                                       

File verification completed.
Progress: 8237 of 8237 done; Stage: 100%; Total: 26%; ETA:   0:00:49   
                                                                                      
                                                                                      
  8237 large file records processed.                                  

Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:00:49 . 
                                                                                      
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
Progress: 4486 of 530664 done; Stage:  0%; Total: 27%; ETA:   0:00:49 ..
Progress: 21034 of 530664 done; Stage:  3%; Total: 28%; ETA:   0:00:49 ...
Progress: 37135 of 530664 done; Stage:  6%; Total: 29%; ETA:   0:00:47   
Progress: 58584 of 530664 done; Stage: 11%; Total: 30%; ETA:   0:00:46 . 
Progress: 81892 of 530664 done; Stage: 15%; Total: 31%; ETA:   0:00:44 ..
Progress: 103572 of 530664 done; Stage: 19%; Total: 33%; ETA:   0:00:43 ...
Progress: 120599 of 530664 done; Stage: 22%; Total: 34%; ETA:   0:00:43   
Progress: 137516 of 530664 done; Stage: 25%; Total: 35%; ETA:   0:00:41 . 
Progress: 157445 of 530664 done; Stage: 29%; Total: 36%; ETA:   0:00:39 ..
Progress: 177181 of 530664 done; Stage: 33%; Total: 37%; ETA:   0:00:39 ...
Progress: 193457 of 530664 done; Stage: 36%; Total: 38%; ETA:   0:00:38   
Progress: 208327 of 530664 done; Stage: 39%; Total: 39%; ETA:   0:00:38 . 
Progress: 225934 of 530664 done; Stage: 42%; Total: 40%; ETA:   0:00:36 ..
Progress: 245834 of 530664 done; Stage: 46%; Total: 42%; ETA:   0:00:35 ...
Progress: 260733 of 530664 done; Stage: 49%; Total: 43%; ETA:   0:00:35   
Progress: 315679 of 530664 done; Stage: 59%; Total: 46%; ETA:   0:00:31 . 
Progress: 331611 of 530664 done; Stage: 62%; Total: 47%; ETA:   0:00:30 ..
Progress: 352196 of 530664 done; Stage: 66%; Total: 48%; ETA:   0:00:30 ...
Progress: 377926 of 530664 done; Stage: 71%; Total: 50%; ETA:   0:00:28   
Progress: 428331 of 530664 done; Stage: 80%; Total: 53%; ETA:   0:00:25 . 
Progress: 434311 of 530664 done; Stage: 81%; Total: 53%; ETA:   0:00:25 ..
Progress: 434421 of 530664 done; Stage: 81%; Total: 54%; ETA:   0:00:25 ...
Progress: 434603 of 530664 done; Stage: 81%; Total: 54%; ETA:   0:00:25   
Progress: 434767 of 530664 done; Stage: 81%; Total: 54%; ETA:   0:00:25 . 
Progress: 434950 of 530664 done; Stage: 81%; Total: 55%; ETA:   0:00:25 ..
Progress: 435173 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25 ...
Progress: 435351 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25   
Progress: 435553 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25 . 
Progress: 435807 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25 ..
Progress: 436030 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25 ...
Progress: 436244 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:25   
Progress: 436409 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:27 . 
Progress: 436565 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:27 ..
Progress: 436674 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:27 ...
Progress: 436929 of 530664 done; Stage: 82%; Total: 55%; ETA:   0:00:27   
Progress: 437238 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:27 . 
Progress: 437557 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:27 ..
Progress: 437818 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28 ...
Progress: 438239 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28   
Progress: 438558 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28 . 
Progress: 438831 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28 ..
Progress: 439020 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28 ...
Progress: 439431 of 530664 done; Stage: 82%; Total: 56%; ETA:   0:00:28   
Progress: 439813 of 530664 done; Stage: 82%; Total: 57%; ETA:   0:00:30 . 
Progress: 440165 of 530664 done; Stage: 82%; Total: 57%; ETA:   0:00:30 ..
Progress: 440420 of 530664 done; Stage: 82%; Total: 57%; ETA:   0:00:30 ...
Progress: 440837 of 530664 done; Stage: 83%; Total: 57%; ETA:   0:00:30   
Progress: 441223 of 530664 done; Stage: 83%; Total: 57%; ETA:   0:00:30 . 
Progress: 441520 of 530664 done; Stage: 83%; Total: 57%; ETA:   0:00:30 ..
Progress: 441717 of 530664 done; Stage: 83%; Total: 57%; ETA:   0:00:30 ...
Progress: 442083 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:30   
Progress: 442361 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:30 . 
Progress: 442670 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32 ..
Progress: 442976 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32 ...
Progress: 443298 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32   
Progress: 443497 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32 . 
Progress: 444143 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32 ..
Progress: 444781 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32 ...
Progress: 445204 of 530664 done; Stage: 83%; Total: 58%; ETA:   0:00:32   
Progress: 445505 of 530664 done; Stage: 83%; Total: 59%; ETA:   0:00:32 . 
Progress: 445910 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33 ..
Progress: 446242 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33 ...
Progress: 447011 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33   
Progress: 447668 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33 . 
Progress: 448246 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33 ..
Progress: 448589 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33 ...
Progress: 449514 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:33   
Progress: 449652 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:35 . 
Progress: 449783 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:35 ..
Progress: 449910 of 530664 done; Stage: 84%; Total: 59%; ETA:   0:00:35 ...
Progress: 450067 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35   
Progress: 450166 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35 . 
Progress: 450246 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35 ..
Progress: 450343 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35 ...
Progress: 450607 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35   
Progress: 451011 of 530664 done; Stage: 84%; Total: 60%; ETA:   0:00:35 . 
Progress: 451131 of 530664 done; Stage: 85%; Total: 60%; ETA:   0:00:35 ..
Progress: 451356 of 530664 done; Stage: 85%; Total: 60%; ETA:   0:00:36 ...
Progress: 451744 of 530664 done; Stage: 85%; Total: 60%; ETA:   0:00:36   
Progress: 452325 of 530664 done; Stage: 85%; Total: 60%; ETA:   0:00:36 . 
Progress: 452544 of 530664 done; Stage: 85%; Total: 61%; ETA:   0:00:36 ..
Progress: 452880 of 530664 done; Stage: 85%; Total: 61%; ETA:   0:00:36 ...
Progress: 453203 of 530664 done; Stage: 85%; Total: 61%; ETA:   0:00:36   
Progress: 453750 of 530664 done; Stage: 85%; Total: 61%; ETA:   0:00:36 . 
Progress: 454605 of 530664 done; Stage: 85%; Total: 61%; ETA:   0:00:36 ..
Progress: 454785 of 530664 done; Stage: 85%; Total: 63%; ETA:   0:00:36 ...
Progress: 454918 of 530664 done; Stage: 85%; Total: 64%; ETA:   0:00:35   
Progress: 455645 of 530664 done; Stage: 85%; Total: 64%; ETA:   0:00:35 . 
Progress: 456067 of 530664 done; Stage: 85%; Total: 64%; ETA:   0:00:35 ..
Progress: 456631 of 530664 done; Stage: 86%; Total: 64%; ETA:   0:00:35 ...
Progress: 456768 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:34   
Progress: 456865 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 . 
Progress: 457490 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 ..
Progress: 458179 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 ...
Progress: 458755 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31   
Progress: 459334 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 . 
Progress: 460579 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 ..
Progress: 460995 of 530664 done; Stage: 86%; Total: 67%; ETA:   0:00:31 ...
Progress: 461356 of 530664 done; Stage: 86%; Total: 68%; ETA:   0:00:31   
Progress: 461960 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:31 . 
Progress: 462406 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32 ..
Progress: 462876 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32 ...
Progress: 463513 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32   
Progress: 464259 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32 . 
Progress: 464591 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32 ..
Progress: 464924 of 530664 done; Stage: 87%; Total: 68%; ETA:   0:00:32 ...
Progress: 464929 of 530664 done; Stage: 87%; Total: 75%; ETA:   0:00:31   
Progress: 464971 of 530664 done; Stage: 87%; Total: 75%; ETA:   0:00:23 . 
Progress: 465937 of 530664 done; Stage: 87%; Total: 75%; ETA:   0:00:23 ..
Progress: 466478 of 530664 done; Stage: 87%; Total: 75%; ETA:   0:00:23 ...
Progress: 467050 of 530664 done; Stage: 88%; Total: 75%; ETA:   0:00:24   
Progress: 468626 of 530664 done; Stage: 88%; Total: 75%; ETA:   0:00:23 . 
Progress: 469238 of 530664 done; Stage: 88%; Total: 75%; ETA:   0:00:24 ..
Progress: 470158 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:23 ...
Progress: 470309 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24   
Progress: 470626 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24 . 
Progress: 470856 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24 ..
Progress: 471328 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:23 ...
Progress: 471569 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:23   
Progress: 471788 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24 . 
Progress: 471956 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24 ..
Progress: 472159 of 530664 done; Stage: 88%; Total: 76%; ETA:   0:00:24 ...
Progress: 472433 of 530664 done; Stage: 89%; Total: 76%; ETA:   0:00:24   
Progress: 472622 of 530664 done; Stage: 89%; Total: 76%; ETA:   0:00:24 . 
Progress: 472860 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 ..
Progress: 473060 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 ...
Progress: 473201 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24   
Progress: 473822 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 . 
Progress: 474326 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 ..
Progress: 474894 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 ...
Progress: 475197 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24   
Progress: 475663 of 530664 done; Stage: 89%; Total: 77%; ETA:   0:00:24 . 
Progress: 475991 of 530664 done; Stage: 89%; Total: 78%; ETA:   0:00:23 ..
Progress: 476415 of 530664 done; Stage: 89%; Total: 78%; ETA:   0:00:23 ...
Progress: 476849 of 530664 done; Stage: 89%; Total: 79%; ETA:   0:00:23   
Progress: 477054 of 530664 done; Stage: 89%; Total: 79%; ETA:   0:00:23 . 
Progress: 477739 of 530664 done; Stage: 90%; Total: 79%; ETA:   0:00:23 ..
Progress: 478205 of 530664 done; Stage: 90%; Total: 79%; ETA:   0:00:23 ...
Progress: 478794 of 530664 done; Stage: 90%; Total: 79%; ETA:   0:00:23   
Progress: 479655 of 530664 done; Stage: 90%; Total: 79%; ETA:   0:00:23 . 
Progress: 480380 of 530664 done; Stage: 90%; Total: 79%; ETA:   0:00:23 ..
Progress: 481064 of 530664 done; Stage: 90%; Total: 80%; ETA:   0:00:23 ...
Progress: 481659 of 530664 done; Stage: 90%; Total: 80%; ETA:   0:00:23   
Progress: 530664 of 530664 done; Stage: 100%; Total: 80%; ETA:   0:00:23 . 
                                                                                      
                                                                                      
  530664 index entries processed.                                                      

Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:23 ..
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:23 ...
                                                                                      
                                                                                      
  0 unindexed files scanned.                                       

Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:23   
                                                                                      
                                                                                      
  0 unindexed files recovered.                                     

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 5 of 5 done; Stage: 100%; Total: 99%; ETA:   0:00:00 . 
                                                                                      
                                                                                      
  48501 data files processed.                                          

CHKDSK is verifying Usn Journal...
Progress: 0 of 4301 done; Stage:  0%; Total: 99%; ETA:   0:00:00 ..
Progress: 2787 of 4301 done; Stage: 64%; Total: 95%; ETA:   0:00:04 ...
Progress: 4301 of 4301 done; Stage: 100%; Total: 96%; ETA:   0:00:04   
                                                                                      
                                                                                      
  35237360 USN bytes processed.                                                          

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 474201087 KB total disk space.
  65386272 KB in 226775 files.
    161440 KB in 48502 indexes.
         0 KB in bad sectors.
    552475 KB in use by the system.
     65536 KB occupied by the log file.
 408100900 KB available on disk.

      4096 bytes in each allocation unit.
 118550271 total allocation units on disk.
 102025225 allocation units available on disk.

========= End of CMD: =========

========= sfc /scannow =========

 

Beginning system scan.  This process will take some time.

 

Beginning verification phase of system scan.

Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some

of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not

supported in offline servicing scenarios.

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog 13:06:24 ====

 

 

 

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 16 June 2018 - 03:18 PM

Greetings.

Please upload the System Summary file here. In addition, upload the CBS zip file as well (see below instructions).

Repeat the Resetting Internet Explorer Settings steps but this time place a check mark in Delete personal settings. Take note of what will be modified.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
Zip: C:\Windows\Logs\CBS\CBS.log
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please upload the file as instructed above.
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Right click on gsmartcontrol.exe and select Run as administrator
  • Follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files\gsmartcontrol folder
  • Right click the gsmartcontrol application icon (size approx. 1,934 KB) and select Run as administrator
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the Self-tests tab
  • Make sure that the Test Type is set to Short-Self test
  • Click the Execute button
  • After the test completes, click the View Output button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Uploaded files
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 PM

Posted 16 June 2018 - 09:19 PM

I did a full reset of IE but r,bat,bing is still giving me fake ad search results. I'm still having trouble with Task Scheduler Engine running 2 at the same time and slowing down my computer. When it happens during game play, after the 2 tasks are done the game doesn't recover the speed lost due to them. I also find it odd that my CPU and Memory don't go up when the 2 tasks run but yet they lagging. I opened task scheduler while they were running but whatever task they were running didn't show in "display running tasks", I concluded that because when they disappeared from Task Manager the 3 running tasks didn't disappear too. I also looked at tasks scheduled to run and found the following: GoogleUpdateTaskMachineUA - trigger at 11:45pm every day - after triggered repeat every 1 hour for the duration of 1 day, GoogleUpdateTaskMachineCore - multiple triggers, Adobe Flash Player Updater - trigger 7:18pm every day - after triggered repeat every 1 hour for the duration of 1 day, Adobe Flash Player NPAPI - trigger every 7 days - after triggered repeat every 1 hour for the duration of 1 day. To me that's update over kill and how do I change that nonsense? I also need to change the amount of time idle task starts, right now it's set for 4 minutes and I need more time than that because it also causes lagging.

 

Fixlog.txt:

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Floretta (16-06-2018 20:34:20) Run:3
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Zip: C:\Windows\Logs\CBS\CBS.log

*****************

================== Zip: ===================
C:\Windows\Logs\CBS\CBS.log -> copied successfully to C:\Users\Floretta\Desktop\16.06.2018_20.34.20.zip
=========== Zip: End ===========

==== End of Fixlog 20:34:22 ====

 

GSmart Report:

 

smartctl 6.6 2017-11-05 r4594 [i686-w64-mingw32-win8.1(64)] (sf-6.6-1)
Copyright © 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.14 (AF)
Device Model:     ST500DM002-1BD142
Serial Number:    W2AY9JVB
LU WWN Device Id: 5 000c50 06ab22f23
Firmware Version: HP73
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Rotation Rate:    7200 rpm
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA8-ACS T13/1699-D revision 4
SATA Version is:  SATA 3.0, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Sat Jun 16 21:14:15 2018 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
AAM feature is:   Unavailable
APM feature is:   Unavailable
Rd look-ahead is: Enabled
Write cache is:   Enabled
DSN feature is:   Unavailable
ATA Security is:  Disabled, frozen [SEC2]

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
     was completed without error.
     Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
     without error or no self-test has ever
     been run.
Total time to complete Offline
data collection:   (  592) seconds.
Offline data collection
capabilities:     (0x5b) SMART execute Offline immediate.
     Auto Offline data collection on/off support.
     Suspend Offline collection upon new
     command.
     Offline surface scan supported.
     Self-test supported.
     No Conveyance Self-test supported.
     Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
     power-saving mode.
     Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
     General Purpose Logging supported.
Short self-test routine
recommended polling time:   (   2) minutes.
Extended self-test routine
recommended polling time:   (  78) minutes.
SCT capabilities:         (0x103b) SCT Status supported.
     SCT Error Recovery Control supported.
     SCT Feature Control supported.
     SCT Data Table supported.

SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
  1 Raw_Read_Error_Rate     POSR-K   116   099   006    -    102039960
  3 Spin_Up_Time            PO---K   100   100   000    -    0
  4 Start_Stop_Count        -O--CK   093   093   020    -    7993
  5 Reallocated_Sector_Ct   PO--CK   100   100   036    -    0
  7 Seek_Error_Rate         POSR-K   087   060   030    -    552652233
  9 Power_On_Hours          -O--CK   079   079   000    -    18810
 10 Spin_Retry_Count        PO--CK   100   100   097    -    0
 12 Power_Cycle_Count       -O--CK   093   093   020    -    7979
180 Unknown_HDD_Attribute   PO-R-K   100   100   000    -    1403927517
183 Runtime_Bad_Block       -O--CK   100   100   000    -    0
184 End-to-End_Error        PO--CK   100   100   097    -    0
187 Reported_Uncorrect      -O--CK   100   100   000    -    0
188 Command_Timeout         -O--CK   100   099   000    -    1 1 1
189 High_Fly_Writes         -O-RCK   100   100   000    -    0
190 Airflow_Temperature_Cel -O---K   060   055   045    -    40 (Min/Max 35/41 #1)
194 Temperature_Celsius     -O---K   040   045   000    -    40 (128 0 0 0 0)
195 Hardware_ECC_Recovered  -O-RCK   058   037   000    -    102039960
196 Reallocated_Event_Count -O--CK   100   100   036    -    0
197 Current_Pending_Sector  -O--CK   100   100   000    -    0
198 Offline_Uncorrectable   ----CK   100   100   000    -    0
199 UDMA_CRC_Error_Count    -O--CK   200   200   000    -    0
                            ||||||_ K auto-keep
                            |||||__ C event count
                            ||||___ R error rate
                            |||____ S speed/performance
                            ||_____ O updated online
                            |______ P prefailure warning

General Purpose Log Directory Version 1
SMART           Log Directory Version 1 [multi-sector log support]
Address    Access  R/W   Size  Description
0x00       GPL,SL  R/O      1  Log Directory
0x01           SL  R/O      1  Summary SMART error log
0x02           SL  R/O      5  Comprehensive SMART error log
0x03       GPL     R/O      5  Ext. Comprehensive SMART error log
0x06           SL  R/O      1  SMART self-test log
0x07       GPL     R/O      1  Extended self-test log
0x09           SL  R/W      1  Selective self-test log
0x10       GPL     R/O      1  NCQ Command Error log
0x11       GPL     R/O      1  SATA Phy Event Counters log
0x21       GPL     R/O      1  Write stream error log
0x22       GPL     R/O      1  Read stream error log
0x80-0x9f  GPL,SL  R/W     16  Host vendor specific log
0xa1       GPL,SL  VS      20  Device vendor specific log
0xa2       GPL     VS    2248  Device vendor specific log
0xa8       GPL,SL  VS     129  Device vendor specific log
0xa9       GPL,SL  VS       1  Device vendor specific log
0xab       GPL     VS       1  Device vendor specific log
0xb0       GPL     VS    2928  Device vendor specific log
0xbd       GPL     VS     252  Device vendor specific log
0xbe-0xbf  GPL     VS   65535  Device vendor specific log
0xe0       GPL,SL  R/W      1  SCT Command/Status
0xe1       GPL,SL  R/W      1  SCT Data Transfer

SMART Extended Comprehensive Error Log Version: 1 (5 sectors)
No Errors Logged

SMART Extended Self-test Log Version: 1 (1 sectors)
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     18810         -
# 2  Short offline       Completed without error       00%     10070         -
# 3  Short offline       Completed without error       00%     10024         -
# 4  Short offline       Completed without error       00%     10002         -
# 5  Short offline       Completed without error       00%      9965         -
# 6  Short offline       Completed without error       00%      9921         -
# 7  Short offline       Completed without error       00%      9857         -
# 8  Short offline       Completed without error       00%      9795         -
# 9  Short offline       Completed without error       00%      9755         -
#10  Short offline       Completed without error       00%      9722         -
#11  Short offline       Completed without error       00%      9670         -
#12  Short offline       Completed without error       00%      9606         -
#13  Short offline       Completed without error       00%      9585         -
#14  Short offline       Completed without error       00%      9562         -
#15  Short offline       Completed without error       00%      9517         -
#16  Short offline       Completed without error       00%      9515         -
#17  Short offline       Completed without error       00%      9503         -
#18  Short offline       Completed without error       00%      9493         -
#19  Short offline       Completed without error       00%      9237         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

SCT Status Version:                  3
SCT Version (vendor specific):       522 (0x020a)
SCT Support Level:                   1
Device State:                        Active (0)
Current Temperature:                    40 Celsius
Power Cycle Min/Max Temperature:     35/41 Celsius
Lifetime    Min/Max Temperature:     15/45 Celsius
Under/Over Temperature Limit Count:   0/0

SCT Temperature History Version:     2
Temperature Sampling Period:         1 minute
Temperature Logging Interval:        59 minutes
Min/Max recommended Temperature:     14/55 Celsius
Min/Max Temperature Limit:           10/60 Celsius
Temperature History Size (Index):    128 (6)

Index    Estimated Time   Temperature Celsius
   7    2018-06-11 15:31    24  *****
   8    2018-06-11 16:30     ?  -
   9    2018-06-11 17:29    26  *******
  10    2018-06-11 18:28     ?  -
  11    2018-06-11 19:27    27  ********
  12    2018-06-11 20:26     ?  -
  13    2018-06-11 21:25    30  ***********
  14    2018-06-11 22:24     ?  -
  15    2018-06-11 23:23    25  ******
  16    2018-06-12 00:22     ?  -
  17    2018-06-12 01:21    24  *****
  18    2018-06-12 02:20     ?  -
  19    2018-06-12 03:19    28  *********
  20    2018-06-12 04:18    38  *******************
  21    2018-06-12 05:17    37  ******************
  22    2018-06-12 06:16     ?  -
  23    2018-06-12 07:15    32  *************
  24    2018-06-12 08:14     ?  -
  25    2018-06-12 09:13    28  *********
  26    2018-06-12 10:12    40  *********************
  27    2018-06-12 11:11     ?  -
  28    2018-06-12 12:10    22  ***
  29    2018-06-12 13:09    37  ******************
  30    2018-06-12 14:08     ?  -
  31    2018-06-12 15:07    22  ***
  32    2018-06-12 16:06     ?  -
  33    2018-06-12 17:05    23  ****
  34    2018-06-12 18:04    39  ********************
  35    2018-06-12 19:03     ?  -
  36    2018-06-12 20:02    31  ************
  37    2018-06-12 21:01     ?  -
  38    2018-06-12 22:00    36  *****************
  39    2018-06-12 22:59    38  *******************
  40    2018-06-12 23:58    38  *******************
  41    2018-06-13 00:57    39  ********************
  42    2018-06-13 01:56    40  *********************
  43    2018-06-13 02:55    41  **********************
  44    2018-06-13 03:54     ?  -
  45    2018-06-13 04:53    24  *****
  46    2018-06-13 05:52     ?  -
  47    2018-06-13 06:51    32  *************
  48    2018-06-13 07:50     ?  -
  49    2018-06-13 08:49    23  ****
  50    2018-06-13 09:48    36  *****************
  51    2018-06-13 10:47    37  ******************
  52    2018-06-13 11:46    39  ********************
  53    2018-06-13 12:45    41  **********************
  54    2018-06-13 13:44    38  *******************
  55    2018-06-13 14:43    40  *********************
  56    2018-06-13 15:42    39  ********************
  57    2018-06-13 16:41     ?  -
  58    2018-06-13 17:40    27  ********
  59    2018-06-13 18:39     ?  -
  60    2018-06-13 19:38    25  ******
  61    2018-06-13 20:37     ?  -
  62    2018-06-13 21:36    26  *******
  63    2018-06-13 22:35     ?  -
  64    2018-06-13 23:34    35  ****************
  65    2018-06-14 00:33     ?  -
  66    2018-06-14 01:32    36  *****************
  67    2018-06-14 02:31     ?  -
  68    2018-06-14 03:30    24  *****
  69    2018-06-14 04:29    39  ********************
  70    2018-06-14 05:28    41  **********************
  71    2018-06-14 06:27    41  **********************
  72    2018-06-14 07:26    41  **********************
  73    2018-06-14 08:25    39  ********************
  74    2018-06-14 09:24    38  *******************
  75    2018-06-14 10:23     ?  -
  76    2018-06-14 11:22    24  *****
  77    2018-06-14 12:21     ?  -
  78    2018-06-14 13:20    38  *******************
  79    2018-06-14 14:19    41  **********************
  80    2018-06-14 15:18     ?  -
  81    2018-06-14 16:17    26  *******
  82    2018-06-14 17:16    38  *******************
  83    2018-06-14 18:15    38  *******************
  84    2018-06-14 19:14     ?  -
  85    2018-06-14 20:13    24  *****
  86    2018-06-14 21:12    39  ********************
  87    2018-06-14 22:11    41  **********************
  88    2018-06-14 23:10     ?  -
  89    2018-06-15 00:09    25  ******
  90    2018-06-15 01:08     ?  -
  91    2018-06-15 02:07    32  *************
  92    2018-06-15 03:06    43  ************************
  93    2018-06-15 04:05    39  ********************
  94    2018-06-15 05:04    39  ********************
  95    2018-06-15 06:03    39  ********************
  96    2018-06-15 07:02    41  **********************
  97    2018-06-15 08:01     ?  -
  98    2018-06-15 09:00    25  ******
  99    2018-06-15 09:59     ?  -
 100    2018-06-15 10:58    31  ************
 101    2018-06-15 11:57     ?  -
 102    2018-06-15 12:56    26  *******
 103    2018-06-15 13:55     ?  -
 104    2018-06-15 14:54    37  ******************
 105    2018-06-15 15:53     ?  -
 106    2018-06-15 16:52    33  **************
 107    2018-06-15 17:51     ?  -
 108    2018-06-15 18:50    30  ***********
 109    2018-06-15 19:49    41  **********************
 110    2018-06-15 20:48    39  ********************
 111    2018-06-15 21:47     ?  -
 112    2018-06-15 22:46    30  ***********
 113    2018-06-15 23:45    37  ******************
 114    2018-06-16 00:44     ?  -
 115    2018-06-16 01:43    23  ****
 116    2018-06-16 02:42     ?  -
 117    2018-06-16 03:41    27  ********
 118    2018-06-16 04:40     ?  -
 119    2018-06-16 05:39    24  *****
 120    2018-06-16 06:38     ?  -
 121    2018-06-16 07:37    35  ****************
 122    2018-06-16 08:36     ?  -
 123    2018-06-16 09:35    33  **************
 124    2018-06-16 10:34    37  ******************
 125    2018-06-16 11:33     ?  -
 126    2018-06-16 12:32    35  ****************
 127    2018-06-16 13:31     ?  -
   0    2018-06-16 14:30    35  ****************
   1    2018-06-16 15:29     ?  -
   2    2018-06-16 16:28    35  ****************
   3    2018-06-16 17:27    38  *******************
   4    2018-06-16 18:26    38  *******************
   5    2018-06-16 19:25    40  *********************
   6    2018-06-16 20:24    39  ********************

SCT Error Recovery Control:
           Read: Disabled
          Write: Disabled

Device Statistics (GP/SMART Log 0x04) not supported

SATA Phy Event Counters (GP Log 0x11)
ID      Size     Value  Description
0x000a  2            1  Device-to-host register FISes sent due to a COMRESET
0x0001  2            0  Command failed due to ICRC error
0x0003  2            0  R_ERR response for device-to-host data FIS
0x0004  2            0  R_ERR response for host-to-device data FIS
0x0006  2            0  R_ERR response for device-to-host non-data FIS
0x0007  2            0  R_ERR response for host-to-device non-data FIS



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:50 PM

Posted 17 June 2018 - 02:38 PM

I would like to run this before doing anything else.

===================================================

SeaTools for Windows Hard Drive Test

--------------
  • Please download Seatools for Windows and save it to your Desktop
  • Close all open windows or programs
  • Right click on the icon and select Run as administrator
  • Install the program following the prompts
  • Hit the Windows Key + E at the same time
  • Navigate to C:\Program Files\Seagate\SeaTools for Windows\SeaToolsforWindows.exe
  • Right click on SeaToolsforWindows.exe and select Run as administrator
  • Place a check mark next to your listed hard drive
  • On the Basic Test dropdown menu select Short Drive Self Test to start the test
  • Once the test is complete you will be notified regarding the state of your hard drive. Include that information in your reply
  • Hit the Windows Key + E at the same time
  • Navigate to C:\Program Files\Seagate\SeaTools for Windows
  • Copy and paste the contents of the .log file created today (i.e. 090403FBE200LCJUB2PF.log) in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Seatools log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users