Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

constant freezing and page not responding


  • Please log in to reply
9 replies to this topic

#1 player102

player102

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 10 June 2018 - 08:35 PM

I have ignored the many warnings to not download miscellaneous programs and mods. I now have a laptop that constantly freezes, and gives me page not responding messages. In attempting to fix this issue I have downloaded more stuff...stupid I know. I now have multiple anti malware programs that detect each other and dont really help anything...I need help cleaning up the mess 

 

 

Please

 

frst.txt:

 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by michael (administrator) on MICHAELS (10-06-2018 20:37:13)
Running from C:\Users\michael\Downloads
Loaded Profiles: michael (Available Profiles: michael)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Users\michael\Desktop\virus scans\SASCORE64.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(SUPERAntiSpyware) C:\Users\michael\Desktop\virus scans\SUPERANTISPYWARE.EXE
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}\GoogleUpdateSetup.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\GUM643.tmp\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_none_7ef6e89821f9a6be\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskkill.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\Run: [Discord] => C:\Users\michael\AppData\Local\Discord\app-0.0.293\Discord.exe
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\Run: [SUPERAntiSpyware] => C:\Users\michael\Desktop\virus scans\SUPERAntiSpyware.exe [8887216 2018-04-12] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-12-04]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{3dbbcdc1-269b-4c29-b56f-d1025616e887}: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{8e02059e-ec13-441b-afd6-cd70c258610a}: [DhcpNameServer] 40.20.1.201 40.20.1.202
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKU\S-1-5-21-3643028776-2184831414-2025981211-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3643028776-2184831414-2025981211-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-01] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-08-11] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-01] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3643028776-2184831414-2025981211-1002: @nsroblox.roblox.com/launcher -> C:\Users\michael\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3643028776-2184831414-2025981211-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\michael\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default [2018-06-10]
CHR Extension: (Slides) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Docs) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Google Drive) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Sheets) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Fiery Music) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon [2016-01-01]
CHR Extension: (Norton Identity Safe) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (Gmail) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Users\michael\Desktop\virus scans\SASCORE64.EXE [173472 2018-04-12] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-27] ()
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-02] (EasyAntiCheat Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LavasoftAdAwareService11; C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\N360.exe [326144 2017-07-14] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20180411.001\BHDrvx64.sys [1879632 2018-04-11] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20180412.061\IDSvia64.sys [1299024 2018-04-12] (Symantec Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [294104 2015-08-02] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\drivers\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Users\michael\Desktop\virus scans\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\michael\Desktop\virus scans\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\160A000.055\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-08-10] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-01-07] (Wellbia.com Co., Ltd.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170718.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170718.007\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-10 20:37 - 2018-06-10 20:45 - 000022325 _____ C:\Users\michael\Downloads\FRST.txt
2018-06-10 20:35 - 2018-06-10 20:37 - 000000000 ____D C:\FRST
2018-06-10 20:33 - 2018-06-10 20:35 - 002413056 _____ (Farbar) C:\Users\michael\Downloads\FRST64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-10 20:28 - 2016-09-28 04:53 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-10 20:27 - 2016-09-28 04:53 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-10 20:05 - 2017-08-11 14:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2018-06-10 20:02 - 2016-09-28 04:09 - 000006660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-10 20:00 - 2016-07-16 02:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-10 19:59 - 2015-08-23 18:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-10 19:59 - 2014-12-25 17:10 - 000000000 ____D C:\Users\michael\Documents\Youcam
2018-06-10 19:56 - 2016-09-28 04:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-10 19:56 - 2016-09-28 04:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-10 19:46 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-10 19:43 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-26 17:55 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
 
==================== Files in the root of some directories =======
 
2016-07-14 06:26 - 2016-07-14 06:26 - 000375336 _____ () C:\Users\michael\createfileassoc.exe
2016-07-14 06:26 - 2016-07-14 06:26 - 000433944 _____ (TeamSpeak Systems GmbH) C:\Users\michael\error_report.exe
2016-03-08 10:08 - 2016-03-08 10:08 - 001262592 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\michael\libeay32.dll
2013-10-04 21:38 - 2013-10-04 21:38 - 000455328 _____ (Microsoft Corporation) C:\Users\michael\msvcp120.dll
2013-10-04 21:38 - 2013-10-04 21:38 - 000970912 _____ (Microsoft Corporation) C:\Users\michael\msvcr120.dll
2016-07-14 06:26 - 2016-07-14 06:26 - 000459032 _____ (TeamSpeak Systems GmbH) C:\Users\michael\package_inst.exe
2015-12-11 06:44 - 2015-12-11 06:44 - 004734464 _____ (The Qt Company Ltd) C:\Users\michael\Qt5Core.dll
2016-04-19 10:40 - 2016-04-19 10:40 - 003169792 _____ (The Qt Company Ltd) C:\Users\michael\Qt5Gui.dll
2016-04-19 10:34 - 2016-04-19 10:34 - 000848896 _____ (The Qt Company Ltd) C:\Users\michael\Qt5Network.dll
2015-12-11 06:45 - 2015-12-11 06:45 - 000164864 _____ (The Qt Company Ltd) C:\Users\michael\Qt5Sql.dll
2015-12-11 06:48 - 2015-12-11 06:48 - 004406784 _____ (The Qt Company Ltd) C:\Users\michael\Qt5Widgets.dll
2016-07-14 06:25 - 2016-07-14 06:25 - 000149272 _____ () C:\Users\michael\quazip.dll
2016-03-08 10:08 - 2016-03-08 10:08 - 000272896 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\michael\ssleay32.dll
2016-07-14 06:25 - 2016-07-14 06:25 - 009894680 _____ (TeamSpeak Systems GmbH) C:\Users\michael\ts3client_win32.exe
2016-10-04 21:51 - 2016-10-04 21:51 - 000393350 _____ (TeamSpeak Systems GmbH) C:\Users\michael\Uninstall.exe
2016-12-24 12:00 - 2016-12-24 12:00 - 007680000 _____ () C:\Program Files (x86)\GUT7577.tmp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-12 21:25
 
==================== End of FRST.txt ============================
 
 
 
 
 
addition.txt:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by michael (10-06-2018 20:56:20)
Running from C:\Users\michael\Downloads
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-28 09:00:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3643028776-2184831414-2025981211-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3643028776-2184831414-2025981211-503 - Limited - Disabled)
Guest (S-1-5-21-3643028776-2184831414-2025981211-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3643028776-2184831414-2025981211-1004 - Limited - Enabled)
michael (S-1-5-21-3643028776-2184831414-2025981211-1002 - Administrator - Enabled) => C:\Users\michael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-f594756d-cea3-422d-a8fc-ced5205c861a) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (HKLM\...\{05B0CF4A-564C-4549-913E-AE3EDA16971A}) (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}) (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-67a03dfc-1d66-47d3-bc08-9a960e05c1bc) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (HKLM\...\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}) (Version: 3.0.129.0 - Lavasoft) Hidden
AVG 2015 (HKLM\...\{CBEB60E3-3008-424D-ACE8-96AB98E480FB}) (Version: 15.0.4284 - AVG Technologies) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-d289ec68-1f25-4f2b-ba18-86a20a21bc62) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-8c1524c4-154e-48c1-9d0e-de089ad24105) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-73552c2f-075c-4734-8305-d61cc64f6bff) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-51d1343d-3d81-4ede-9006-04b2be370e43) (Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-7a3200ac-a8c8-4a24-8f9d-1322c5984d44) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-41e95925-8de8-4966-8b6f-39104fca2c0d) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-bb4b4313-02fb-4516-b909-11928a5a3ef3) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-410ced0d-8414-4126-a7e5-3a4c77c6d5e8) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-46580f9e-769c-43d3-9dea-256e9e1d09df) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-0d9b177b-6105-4263-8018-fbf6cbf55172) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-68d441b2-c8f5-499f-96e1-6c93f7dab728) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-7f58df73-a448-48ba-b304-fc490ae02a7f) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.54 - Softex Inc.) Hidden
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-85145c7b-75a2-48d4-89bb-4168d89f47a0) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-537118ba-a615-4d10-8bd5-6a461f5e5fa4) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Software Updater Beta (HKLM-x32\...\{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-23746366-401a-4c3e-8074-4cd5e7772844) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-c636fc44-f491-4f3b-9e82-fed402533998) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-f60926f8-4f6a-4a38-9df5-e2927ec1f7fc) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3.1 - MP3 Rocket Inc)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-2b23e2e0-e38c-4d60-8e17-7ee68c32006b) (Version: 2.2.0.98 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.10.0.85 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (HKLM-x32\...\WTA-e36ab41b-84de-4891-b4ac-4c42415d828a) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-9b6dc59b-5d81-4c6f-8733-82ae9078a7f8) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-1624dfaa-74eb-4a04-b0d1-2816bc270b19) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-bb0a5787-6371-4fdd-ac8a-5702d596c923) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.59 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-24b516d7-0fa5-49af-b5f8-2b3dd95cd50d) (Version: 2.2.0.98 - WildTangent) Hidden
ROBLOX Player for michael (HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-61166e11-25af-458a-bdb6-58e3bdab6835) (Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-05973e5c-9595-40e3-910a-ba1b6178d68c) (Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-9173cba2-bfe3-462a-8bbc-6e837f324d64) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-11f72db7-03ee-4570-8cc1-e63492ed09eb) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3643028776-2184831414-2025981211-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\michael\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\RobloxProxy64.dll (ROBLOX Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-29] (Cyberlink)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll [2016-07-18] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-29] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll [2016-07-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C56B0C0-B4CA-4992-8908-A9F00CC052A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1DB48A1C-741D-4BDE-9442-9CB97179E468} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2E2CA06C-0ACC-407C-B60E-D7757F9918A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {2ED2EC94-389D-4E2C-A29B-5A7150DFFFDE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {3168B174-F2E7-472E-B2E9-AC27AB1BA240} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {394C089E-40F0-462C-A786-CD90DAB82481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4DA4F6BF-4540-4606-9D70-D8DC5D298ACA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\michael\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5D0A5854-5DCC-4968-8E9E-A18C9E8B16CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {674B3774-256B-41E4-B9CC-7CE936E1609B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {693FECE8-9B5A-4EC4-9BA1-A2F3FE6B4FCB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {6EEE1ED0-51A5-4D01-9C6F-017127B09312} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {756375CF-1E2A-4B8D-8E6F-8CC034C6AA02} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {7ACB0AE0-7DBE-4CB4-BF8F-2332E2A75200} - \WPD\SqmUpload_S-1-5-21-3643028776-2184831414-2025981211-1002 -> No File <==== ATTENTION
Task: {7D84EB17-0181-4512-B856-331D8F567D81} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {84EA935A-3B2B-4F4B-B048-477131CD089F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84FD8081-423F-4940-A02F-4E08531E05D3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {86F1BB7C-AD4B-4B67-B3D9-146D3320C879} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-12-27] (Synaptics Incorporated)
Task: {882FA529-C063-464E-9A7C-0EC5E7266987} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {91B7259D-65AE-441F-BB1C-D705EE02CF9A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {988F7E91-FFF7-4C9B-A278-ECBC1F21D0A5} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A32E686E-C48E-405E-8DB9-32815783FAC1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe
Task: {AE92DB45-700B-4C1C-8998-FAF2504765EC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AFED852B-AD69-4E40-92CD-CB18629506E8} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {B08635B7-94D4-4F6B-BC76-C15A1670E25D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B4CC447E-9375-4E54-B1A7-4F9AB23CB1AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BABDABCF-2AD0-4E08-9807-656A94B80ED6} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3643028776-2184831414-2025981211-1002 -> No File <==== ATTENTION
Task: {EE52E0A8-71F7-49CC-A3C9-16178DF9E4D4} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {EFA6EBE4-4CB2-418D-A839-0C1853672435} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FD4F92FB-B92B-4E21-9572-B6736059DC3C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-14 09:03 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-09-26 14:28 - 2013-09-26 14:28 - 002540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 000306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 001298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-26 14:26 - 2013-09-26 14:26 - 000109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 14:32 - 2013-09-26 14:32 - 000627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-25 09:48 - 2013-09-25 09:48 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-25 09:49 - 2013-09-25 09:49 - 000099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-07-18 21:22 - 2016-07-18 21:22 - 000732056 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 21:27 - 2016-07-18 21:27 - 000030464 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000068872 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000146184 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 011625208 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 003420880 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 21:27 - 2016-07-18 21:27 - 001005824 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 21:27 - 2016-07-18 21:27 - 000124672 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000040192 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000986864 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000623360 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000837872 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000111336 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000134368 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001049856 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000901392 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001104624 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000268016 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001630464 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000226048 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001179384 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001377512 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 21:27 - 2016-07-18 21:27 - 000039680 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001025784 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001205504 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 002663672 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001520872 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001457904 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 003464440 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 003124472 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001327864 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000073480 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001905408 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001031912 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000467688 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 003159808 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001313512 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001033960 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001597680 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 001170704 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000535280 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 004123896 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
2016-09-28 21:20 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-27 18:44 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-27 18:44 - 2017-03-04 02:30 - 000693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-03-27 18:39 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-27 18:39 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 18:39 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-14 09:03 - 2017-06-21 02:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-14 09:03 - 2017-06-21 02:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-14 09:03 - 2017-06-21 02:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-26 14:34 - 2013-09-26 14:34 - 000064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-07-18 21:26 - 2016-07-18 21:26 - 009571552 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 21:26 - 2016-07-18 21:26 - 000539392 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 002485992 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 21:26 - 2016-07-18 21:26 - 000871672 _____ () C:\Users\michael\Desktop\virus scans\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2015-12-15 14:38 - 2015-12-15 14:38 - 000326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 17:44 - 2015-10-27 17:44 - 000404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2014-09-09 22:49 - 2013-08-05 03:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-06-02 19:06 - 2016-06-02 19:06 - 045077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-06-02 19:06 - 2016-06-02 19:06 - 001650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 19:06 - 2016-06-02 19:06 - 000082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2018-04-12 20:28 - 2018-03-20 02:07 - 003737944 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-12 20:28 - 2018-03-20 02:07 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3643028776-2184831414-2025981211-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\michael\Downloads\SKYPE MEMES\dont bleep with the madman.jpeg
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8D444952-FDB7-4FA5-901C-2462C1A37F99}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF3331A2-97B7-4313-AC3F-01DBA6B2C4FE}] => (Allow) LPort=2869
FirewallRules: [{150FBC6F-7AB5-4063-A0FB-EAC794994B93}] => (Allow) LPort=1900
FirewallRules: [{70521059-D7C3-4DFC-9837-9529ADE31AAE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E0DE7089-5186-4D73-8F97-B2D8D91EB007}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3425237F-6EEB-4EF0-8846-B81C01C65961}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{5D188B46-F749-4724-AA7A-51CD03D4100A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{CF95BA2F-BDBD-48B2-ABCA-5CD35D49EBA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{97BCECF8-A98A-4638-A8D6-F3C2D8680246}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C45C2B8C-8373-4420-B256-DC47D3AF94E0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{29DA20AB-AB83-4D2C-91B7-7A5F58C958FC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4600DE9F-6F96-42C2-BA8C-7EAC8A72BED5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1A20E605-831B-4ED5-ADFD-083856BDEF7C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0002C34E-16E3-47E8-84DE-F2F4FE304BA5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DC7787BB-BD4E-481D-897B-A891DBF4A3CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{216882A8-A5E0-42CC-8DED-B301F9945D22}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{44C3D9E5-BF24-4F46-9D40-3B821DA2F3EF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5E3D28C3-B263-455B-BC04-0A252BC07C66}] => (Allow) C:\Users\michael\Favorites\HP\Steam\Steam.exe
FirewallRules: [{9ACD0904-CCB3-49F9-A725-AE0C47B330C2}] => (Allow) C:\Users\michael\Favorites\HP\Steam\Steam.exe
FirewallRules: [{57C4D0D1-2CA9-42A6-83D0-813E1C8629D4}] => (Allow) C:\Users\michael\OneDrive\Steam\Steam.exe
FirewallRules: [{552A7055-97FD-4880-AFF7-B0F0DE6AC08F}] => (Allow) C:\Users\michael\OneDrive\Steam\Steam.exe
FirewallRules: [{D6C86BA4-2A7F-44D2-A957-564048377EF7}] => (Allow) C:\Users\michael\OneDrive\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7F98D00-C62B-4ED4-947F-049D0E3E4BC8}] => (Allow) C:\Users\michael\OneDrive\Steam\bin\steamwebhelper.exe
FirewallRules: [{16846BBE-A5E9-4AA7-BFEA-057F176FEA3C}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0CFF719B-54E2-48D0-9676-4A070888A5BA}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{197B8E4C-A0D5-4379-97F2-036CB749CE02}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{C2E7FBAE-1629-4504-982E-F10E495F0713}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{43ABE5F3-C729-43BE-95BD-135D3C0DAC37}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{4781BB17-5D33-49C9-81E0-6BE561F25E74}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{52CE17BD-6DE2-48C4-B343-C044B0B5BE6E}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{800E464E-A5B1-4232-BD17-65CF120EDFC8}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{629C64DB-12A2-49DB-B13A-CE73CC69EC63}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C6488CF3-C888-4175-B4C1-E72B7CEA62E4}] => (Allow) C:\Users\michael\OneDrive\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{3B593C0A-BB84-47CB-B2D1-19FE9C58237E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DE47A893-8E08-4336-9C43-15A1DFC6C400}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5A673373-F1CB-4721-9304-00FB9763559F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{413E7A86-ECAD-4E87-BD89-DFB099D5C9F8}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{EF8A0123-F732-4A6A-8269-78A6BF5DA44A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B569FC4F-69CC-435C-9CB8-DED5D163BDF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{283477BF-7841-47E1-A27B-A8148A6F5C97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{47508212-6557-4927-BF14-6151F08C6106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{01277E0F-0C54-4D90-A120-F8722348EF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{115CE057-7E12-4E86-B4BB-470FD7B14695}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{6DC03056-F260-4A92-9E97-38466796EAC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{FFC0BFB1-A2EF-4694-A5F6-F95B8582400A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{11540FB7-363E-42AD-A6E4-B9450F6907AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{32714428-ACB4-4EF9-92D4-739CA5B1482D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{FB7FC07E-3E72-4972-996B-76AAAFFBAEF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{1BCBCC75-C229-4C10-8617-007222B060C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{0532143F-10E5-4BD6-A677-69967DCCF2C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{89AF5A28-5091-4DBB-A104-6C0158F54BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{70491297-2649-4A4F-B9D8-6B572F09244C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{BE6CA7BC-92D1-4E39-B7B8-F233EF095951}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{262DFAF1-29C7-4EFB-9CD9-3010FAB7F865}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C63CB8E1-9F9F-4851-A246-E0BCC4160ACF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C3EDC196-6080-45FE-8C24-33E5A28BE247}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0F7B9AC5-CB51-446A-873F-4824EB596C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1510C5CC-E535-4EB7-B3BA-C17156DBEEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{2A703A7F-78D8-4083-BDE9-3796A1EE53F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{0CDF9C78-94A7-47E9-8A0A-6F789A6AA7EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{B3E54808-E861-42CB-86C8-08082184FF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{A076E571-14AD-463E-99CD-80A12D2CDF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{85D75551-5CB8-46E1-9CFC-D3F1E4622F0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Codename CURE\cure.exe
FirewallRules: [{D016B445-BB6E-4851-91B1-0231C6A395E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Codename CURE\cure.exe
FirewallRules: [{AC901025-214D-4694-BC85-B9568C94DDAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{1C9EE1E0-34A9-41F0-A358-D85FCAF2592A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{7CBEC8EB-5726-4EC1-B8D4-B0C561A82DC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{278BBA82-C56C-4223-B252-445D5EC7E27E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{23F01303-43F9-4DB3-BCB5-386704FD5D9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{235C2633-75FB-42DE-95FA-A4213AA0A4BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{C52A03E4-0FF8-479C-8034-B4A7BCC68C26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DNSteamLauncher.exe
FirewallRules: [{D8640246-2A9A-47A1-B0FA-819C5B2E337C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DNSteamLauncher.exe
FirewallRules: [{BAD5C355-A914-4726-9DB9-CE1BD4E08329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest\DragonNest.exe
FirewallRules: [{E6B165BD-5FFB-469E-A7B4-2E1928305219}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest\DragonNest.exe
FirewallRules: [{C5F72082-0A84-4D9C-8965-79F7C1006ABE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{3B0B2C51-5F73-4C5D-89ED-152CB369B0EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{58370E5C-1708-4B93-B00F-EDB339B30ECE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44E4CA25-2430-4515-AE13-9995CF076096}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43D86E72-CE4E-4EA9-A087-E1C690617D51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67DA9073-8E79-4806-8222-5F5968C3504F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BAFCCFD4-FA3E-4D4C-BB44-17EF804D8114}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E941A055-2322-49DB-9530-EDC4433E8F89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C57B844D-E1A1-4229-A547-FA2FF9E12403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Feel The Snow\FeelTheSnow.exe
FirewallRules: [{63074947-919C-4507-82A7-0E6D328F022C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Feel The Snow\FeelTheSnow.exe
FirewallRules: [{2E6E4822-8BDE-4B60-B1F9-ADACA1C38796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{C40FE36E-6840-4C9B-9D60-AF6EFB39E946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{110BBEC6-FAA6-49C1-A403-A9896464270A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D5C68B5C-CA9A-4262-A928-E83765A7BFB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{2CE27B41-E771-491D-B54A-6765B3CE04EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-07-2017 23:29:48 Windows Update
17-07-2017 15:13:52 Windows Update
12-04-2018 17:46:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/10/2018 09:00:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:35 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:35 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:30 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:30 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:25 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:24 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (06/10/2018 08:53:19 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
 
System errors:
=============
Error: (06/10/2018 08:52:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (06/10/2018 08:52:54 PM) (Source: DCOM) (EventID: 10001) (User: MICHAELS)
Description: Unable to start a DCOM Server: App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
 
Error: (06/10/2018 08:52:49 PM) (Source: DCOM) (EventID: 10001) (User: MICHAELS)
Description: Unable to start a DCOM Server: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
 
Error: (06/10/2018 08:50:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (06/10/2018 08:14:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/10/2018 08:08:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/10/2018 08:02:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0841: 2017-08 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4034658).
 
Error: (06/10/2018 08:01:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2017-03-08 22:58:04.402
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {6B2D7429-AA09-4E36-83A4-5323BEEA73B5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
==================== Memory info =========================== 
 
Processor: AMD E1-2100 APU with Radeon™ HD Graphics 
Percentage of memory in use: 66%
Total physical RAM: 3554.07 MB
Available physical RAM: 1173.55 MB
Total Virtual: 5474.07 MB
Available Virtual: 2107.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:443.9 GB) (Free:306.15 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{99c16e7c-a388-4d23-926d-8995aafd2e33}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS
\\?\Volume{416632e5-a50c-443d-a927-6f294a9365bd}\ () (Fixed) (Total:0.85 GB) (Free:0.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A9A16C4F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 11 June 2018 - 07:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM643.tmp\GoogleUpdate.exe
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)[/B]
C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}
C:\Program Files (x86)\GUM643.tmp\

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Update Malwrebytes to version 3 and scan your computer.
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know if the problem persists.

#3 player102

player102
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 11 June 2018 - 03:06 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by michael (11-06-2018 08:38:02) Run:1
Running from C:\Users\michael\Downloads
Loaded Profiles: michael (Available Profiles: michael)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM643.tmp\GoogleUpdate.exe
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)[/B]
C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}
C:\Program Files (x86)\GUM643.tmp\
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}\GoogleUpdateSetup.exe => Could not close process
C:\Program Files (x86)\GUM643.tmp\GoogleUpdate.exe => Could not close process
"HKLM\System\CurrentControlSet\Services\Trufos" => removed successfully
Trufos => service removed successfully
"C:\Program Files (x86)\Google\Update\Install\{F55746CB-884C-4718-86D4-583CE548F233}" => not found
"C:\Program Files (x86)\GUM643.tmp" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1408175 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49266699 B
Java, Flash, Steam htmlcache => 196596612 B
Windows/system/drivers => 20733598 B
Edge => 651376 B
Chrome => 611853820 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 454408 B
NetworkService => 43328560 B
michael => 45287117 B
 
RecycleBin => 356968843 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:48:38 ====
 
 
 
 
 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/11/18
Scan Time: 10:02 AM
Log File: 17125d6a-6d80-11e8-af6b-8cdcd4902a25.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5436
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.1480)
CPU: x64
File System: NTFS
User: MICHAELS\michael
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 310433
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 16 min, 49 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-11.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-11-2018
# Duration: 00:01:13
# OS:       Windows 10 Home
# Scanned:  41221
# Detected: 3
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 12 June 2018 - 07:24 AM

Hi,

Remove everything that was identified by AdwCleaner.

How is the computer running now?

#5 player102

player102
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 June 2018 - 10:53 AM

3 items from scan removed. Computer still very slow and clunky. Lots of blue spinning cursor, startup takes forever as does trying to open chrome and get to this site.I opened task manager and noted the the computer tab shows 98-99% usage pretty steadily.  



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 12 June 2018 - 12:56 PM

Hi,

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

This page may help also.

High CPU usage. Windows 8 and 10.
http://www.itphobia.com/windows-modules-installer-worker-high-cpu-usage/
<<<>>>

Keep me posted.

#7 player102

player102
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 June 2018 - 02:15 PM

I tried to run the SFC commands as per the instructions. once I enter the command into the run tab (windows+r) the black prompt box( not sure of the correct name) flashes on the screen for a split second but disappears. There doesnt seem to be a .txt file so I am assuming the command isnt working. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 13 June 2018 - 06:42 AM

Hi,

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#9 player102

player102
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 June 2018 - 03:18 PM

i can not get networking on in safe mode. the F8 key does nothing, so I tried msconfig and that went into safe mode but no networking. I then used the window key with restart and went into options that way. set it to restart in safe mode with networking and again it goes into safe mode, but the internet is off. The wifi light is off, and does not turn back on when pushed while in safe mode. Thats about the extent of my knowledge of how to get it in safe mode. 

 

Can I run the tweaking stuff NOT in safe mode? 

 

I will keep trying as I await your response. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 14 June 2018 - 07:23 AM

Hi,

I see 3 restore points that are available in your Addition.txt log.
11-07-2017 23:29:48 Windows Update
17-07-2017 15:13:52 Windows Update
12-04-2018 17:46:36 Windows Update


If all was well on the 12th of April I would restore my system to that date.

How to:
https://www.windowscentral.com/how-use-system-restore-windows-10

If all goes well then run the Farbar program and post fresh FRST.txt and Addiltion.txt logs for my review.
Will take it from there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users