Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Computer Slowness -- malware? or something else?


  • This topic is locked This topic is locked
12 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 16 June 2018 - 11:55 PM

Mom is complaining about her computer and browser being massively slow...most critical issue is not being able to play Words with Friends :-)

 

Logs from FRST are below....

 

Thank you very much!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by sheila (administrator) on SHEILA-PC (16-06-2018 21:33:20)
Running from C:\Users\sheila\Downloads
Loaded Profiles: sheila &  (Available Profiles: sheila)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2svc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2comm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2pre.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2tray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2mainh.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2host.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2audioh.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2printh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-05-30] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{71c6a0b2-eadd-44b5-ace8-e6b9c8664eeb}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-16] (Google Inc.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\AjXNNDfR.default [2014-12-07]
FF Extension: (Avira Browser Safety) - C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\AjXNNDfR.default\Extensions\abs@avira.com [2015-12-05] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.msn.com/"
CHR Profile: C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default [2018-06-16]
CHR Extension: (Docs) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-22]
CHR Extension: (Google Drive) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-22]
CHR Extension: (Gmail) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [879128 2018-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [224472 2018-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [224472 2018-06-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-06-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [452352 2018-05-30] (Avira Operations GmbH & Co. KG)
R2 GoToMyPC; C:\Program Files (x86)\GoToMyPC\g2svc.exe [1893336 2018-05-22] (LogMeIn, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-05-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-05-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-04-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-04-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-04-06] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-06-16] (Malwarebytes)
R2 monblanking; C:\WINDOWS\system32\DRIVERS\monblanking.sys [47696 2018-05-22] (LogMeIn, Inc)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-16 21:33 - 2018-06-16 21:34 - 000022732 _____ C:\Users\sheila\Downloads\FRST.txt
2018-06-16 21:31 - 2018-06-16 21:31 - 002413056 _____ (Farbar) C:\Users\sheila\Downloads\FRST64.exe
2018-06-16 21:31 - 2018-06-16 21:31 - 002413056 _____ (Farbar) C:\Users\sheila\Downloads\FRST64 (1).exe
2018-06-11 12:23 - 2018-06-11 12:23 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk
2018-06-05 12:01 - 2018-06-05 12:01 - 000000000 ____D C:\Program Files\Softland
2018-06-05 12:00 - 2018-05-22 00:08 - 000047696 _____ (LogMeIn, Inc) C:\WINDOWS\system32\Drivers\monblanking.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-16 21:33 - 2015-06-30 21:13 - 000000000 ____D C:\FRST
2018-06-16 20:13 - 2018-02-02 13:02 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2F9ADDE-17FA-4D6D-8533-F4AE1D3156F4}
2018-06-16 02:44 - 2018-02-18 21:27 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-15 12:16 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-15 12:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-15 12:12 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-14 22:04 - 2018-02-02 12:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-14 08:47 - 2015-12-05 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-06-14 04:02 - 2014-10-05 16:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 04:02 - 2014-10-05 16:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-12 16:50 - 2014-10-04 21:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 16:47 - 2017-10-11 03:59 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 16:47 - 2014-10-04 21:31 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-11 12:22 - 2014-10-04 20:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-07 15:22 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-05 12:01 - 2017-08-15 12:54 - 000000000 ____D C:\Users\sheila\AppData\Roaming\GoToMyPC
2018-06-05 11:59 - 2017-08-15 12:54 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoToMyPC.lnk
2018-06-05 11:59 - 2017-08-15 12:54 - 000000000 ____D C:\ProgramData\GoToMyPC
2018-06-05 11:59 - 2017-08-15 12:54 - 000000000 ____D C:\Program Files (x86)\GoToMyPC
2018-05-22 00:15 - 2014-10-04 21:31 - 000163288 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\gotomon_x64.dll
2018-05-17 22:55 - 2018-02-02 13:02 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 22:55 - 2018-02-02 13:02 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 05:21 - 2018-02-02 13:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 05:20 - 2015-12-06 22:20 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 07:39
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by sheila (16-06-2018 21:35:25)
Running from C:\Users\sheila\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-02-02 20:05:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2534099351-527031699-1384085060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2534099351-527031699-1384085060-503 - Limited - Disabled)
Guest (S-1-5-21-2534099351-527031699-1384085060-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2534099351-527031699-1384085060-1002 - Limited - Enabled)
sheila (S-1-5-21-2534099351-527031699-1384085060-1000 - Administrator - Enabled) => C:\Users\sheila
WDAGUtilityAccount (S-1-5-21-2534099351-527031699-1384085060-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{606c7b25-e58d-4e72-82dd-4a0e4e163086}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C7FA948A-FC14-4316-92DC-23AF70C55A10}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{d2c9315d-82be-4e7a-8d9f-ccbe716c2552}) (Version: 1.2.113.25350 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.200 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{00F52082-1D82-4EF3-B504-CC1EB61D8820}) (Version: 10.0.2324 - LogMeIn, Inc.)
GoToMyPC Print Assistant (HKLM\...\{57414DD3-55A7-4D2E-916F-2F1407AABE91}) (Version: 8.6.942 - Softland)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-14] (Avira Operations GmbH & Co. KG)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07DA66D6-EA60-4F49-98E4-60154777B94D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0BECEC76-D850-4690-AC6D-CC28C5EA2A26} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0DC9C025-C19C-46E5-B16C-327F1D03D3C1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {133AABA0-51E1-40FB-B384-00CEF8C502E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {210E27B5-0A31-4547-87BC-29BD68D546CB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {27FDD4D5-3AA5-4642-811E-2C0BC3E7A574} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2D44101B-F886-4625-878D-03CE78A02185} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {335924CF-DD36-41BA-BC31-F3708E1E6EA0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {33D1E219-5083-4240-94E3-7046EC2096D8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3778E6DB-ABB5-4588-B69B-D9F7F9B49354} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3797DAAC-2FA9-437A-A069-A0981BF9DD68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {440120DA-B254-43D2-82AC-70CF01182F26} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52CCD7F1-7681-4887-862A-A8ADA8A6CF05} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-06-14] (Avira Operations GmbH & Co. KG)
Task: {63ABBE93-A1B0-4DE1-BCDE-66EE049F6343} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {68311F76-4593-4460-8549-175B1EB9E20A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {895E5EEE-2D15-417F-B381-BD1289C26B05} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {905FAF0A-B8FE-4D7E-A406-879060FE6F28} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {943E96FA-4B63-4F35-A5BB-87CDBC450959} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9F28423-9083-4ACE-8B94-09246BAF6236} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AAF93311-FCB4-4532-9F73-698CA0ACCBBA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE7B1C8E-BC34-4D9C-A6D5-E51A660FE8E3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD95C1FD-87C8-4697-BFB3-BBA9524A89EE} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {BF229E97-C8E8-4622-97C3-0905CCED380A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CEAB9AC9-96BF-45ED-ADB6-A63292F7EE6C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5F76246-8A00-47F6-8479-48DF5D7B6D2C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD54A3A0-9F24-4E92-9EB2-C3A5952E0F08} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1830EF2-3A71-4953-A81F-5D5AFE10C4A4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E59E24E6-740E-459D-BFE1-D73596757634} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA967E7E-058A-4FAA-BBB9-2880A2F1DFCA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-01 18:02 - 2014-05-15 12:25 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-06-17 12:43 - 2016-06-17 12:43 - 000145696 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-14 06:10 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 06:10 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-06-14 04:02 - 2018-06-11 22:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 04:02 - 2018-06-11 22:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-12-03 09:56 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347755\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339725\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343017\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024345957\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351216\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348414\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347439\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347413\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024340554\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024349872\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347300\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024346544\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024347683\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347909\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339833\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343133\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346082\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351341\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348523\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347532\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347632\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024340820\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350122\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347566\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024346732\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024347886\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2534099351-527031699-1384085060-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04072018024347978\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018024339986\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018024343202\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018024346223\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018024351434\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018024348617\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132018024347689\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142018024347913\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04152018024341085\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018024350356\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018024347925\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04182018024347138\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2534099351-527031699-1384085060-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018024348011\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{635C82B1-3FD2-4871-9104-FC45A4925733}] => (Allow) LPort=8501
FirewallRules: [{308CA341-ACDF-4EA2-B805-23BD0B613D7F}] => (Allow) LPort=8501
FirewallRules: [{C6DED849-A1C0-497F-A4AC-4E12808B3490}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
23-05-2018 19:39:03 Scheduled Checkpoint
02-06-2018 00:26:08 Scheduled Checkpoint
07-06-2018 15:20:09 Windows Update
12-06-2018 16:46:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2018 10:23:54 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (06/12/2018 04:50:34 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL W3SVC. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (06/12/2018 04:50:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL ASP.NET_64_2.0.50727. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (06/12/2018 04:50:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/12/2018 04:50:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/31/2018 10:41:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SHEILA-PC)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (05/31/2018 10:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.16299.251, time stamp: 0x5a8e0ebc
Faulting module name: edgehtml.dll, version: 11.0.16299.309, time stamp: 0x4ad775d4
Exception code: 0xc0000005
Fault offset: 0x00000000003cdd06
Faulting process id: 0x1edc
Faulting application start time: 0x01d3d98f012e035e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: 7a7fcd85-84cb-48c5-a614-7b9269e98b58
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (05/31/2018 10:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.16299.251, time stamp: 0x5a8e0ebc
Faulting module name: edgehtml.dll, version: 11.0.16299.309, time stamp: 0x4ad775d4
Exception code: 0xc0000005
Fault offset: 0x00000000003cdd06
Faulting process id: 0x1edc
Faulting application start time: 0x01d3d98f012e035e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: f967747f-3f25-486a-9f29-388a1cf0d7dd
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (06/16/2018 09:26:19 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 09:23:12 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 09:16:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (06/16/2018 08:50:11 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 08:12:05 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 06:11:28 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 03:01:00 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 12:27:24 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-09 20:11:58.558
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-09 20:11:57.529
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-09 20:11:10.962
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-09 20:11:10.232
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-09 20:11:03.845
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-09 20:10:57.808
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-17 22:22:07.381
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-17 22:22:06.579
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 91%
Total physical RAM: 4008.64 MB
Available physical RAM: 346.76 MB
Total Virtual: 10663.98 MB
Available Virtual: 1863.33 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.84 GB) (Free:422.54 GB) NTFS
 
\\?\Volume{00e8907a-4c2a-11e4-b480-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{2f15f158-0000-0000-0000-d03b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2F15F158)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=846 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
 


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 20 June 2018 - 05:11 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 20 June 2018 - 11:31 PM

OK thank you.
 
Logs from all three tasks are below.
 
One thing that occurred to me is that this machine has Avira for Antivirus, but I believe it also has Windows Defender AND malwayebytes.  Could be too many different security programs running?
 
 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 18th June, 2018
Running from:C:\Users\sheila\Desktop\Spyware Tools (20:42:02 - 06/20/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Avira Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Avira Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Acrobat Reader DC (18.011.20040)
Google Chrome (67.0.3396.87)
Java (8.0.1010.13) ==> is out of Date
Malwarebytes (3.3.1.2183) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
 
***----------------Analysis Complete-------------------------***
 
 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2018.06.21.01
  rootkit: v2018.06.21.01
 
Windows 10 x64 NTFS
Internet Explorer 11.371.16299.0
sheila :: SHEILA-PC [administrator]
 
6/20/2018 8:52:14 PM
mbar-log-2018-06-20 (20-52-14).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 202247
Time elapsed: 18 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-19.4
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-20-2018
# Duration: 00:00:08
# OS:       Windows 10 Home
# Cleaned:  2
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1281 octets] - [20/06/2018 21:16:59]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 20 June 2018 - 11:58 PM

Please download Zemana AntiMalware and save it to your Desktop.
- Start it...
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 25 June 2018 - 05:18 PM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response within 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 28 June 2018 - 12:55 PM

Greetings. Sorry for the delay in response.  

 

1. Zemana reported NO issues.

 

2. Addition and FRST logs are below.  

 

Thanks.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by sheila (20-06-2018 22:12:49)
Running from C:\Users\sheila\Desktop\Spyware Tools
Windows 10 Home Version 1709 16299.371 (X64) (2018-02-02 20:05:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2534099351-527031699-1384085060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2534099351-527031699-1384085060-503 - Limited - Disabled)
Guest (S-1-5-21-2534099351-527031699-1384085060-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2534099351-527031699-1384085060-1002 - Limited - Enabled)
sheila (S-1-5-21-2534099351-527031699-1384085060-1000 - Administrator - Enabled) => C:\Users\sheila
WDAGUtilityAccount (S-1-5-21-2534099351-527031699-1384085060-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{606c7b25-e58d-4e72-82dd-4a0e4e163086}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C7FA948A-FC14-4316-92DC-23AF70C55A10}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{d2c9315d-82be-4e7a-8d9f-ccbe716c2552}) (Version: 1.2.113.25350 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.200 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{00F52082-1D82-4EF3-B504-CC1EB61D8820}) (Version: 10.0.2324 - LogMeIn, Inc.)
GoToMyPC Print Assistant (HKLM\...\{57414DD3-55A7-4D2E-916F-2F1407AABE91}) (Version: 8.6.942 - Softland)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2534099351-527031699-1384085060-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Unity Web Player (HKU\S-1-5-21-2534099351-527031699-1384085060-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-14] (Avira Operations GmbH & Co. KG)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07DA66D6-EA60-4F49-98E4-60154777B94D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0BECEC76-D850-4690-AC6D-CC28C5EA2A26} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0DC9C025-C19C-46E5-B16C-327F1D03D3C1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {133AABA0-51E1-40FB-B384-00CEF8C502E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {210E27B5-0A31-4547-87BC-29BD68D546CB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {27FDD4D5-3AA5-4642-811E-2C0BC3E7A574} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2D44101B-F886-4625-878D-03CE78A02185} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {335924CF-DD36-41BA-BC31-F3708E1E6EA0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {33D1E219-5083-4240-94E3-7046EC2096D8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3778E6DB-ABB5-4588-B69B-D9F7F9B49354} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3797DAAC-2FA9-437A-A069-A0981BF9DD68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {440120DA-B254-43D2-82AC-70CF01182F26} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52CCD7F1-7681-4887-862A-A8ADA8A6CF05} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-06-14] (Avira Operations GmbH & Co. KG)
Task: {63ABBE93-A1B0-4DE1-BCDE-66EE049F6343} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {68311F76-4593-4460-8549-175B1EB9E20A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {895E5EEE-2D15-417F-B381-BD1289C26B05} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {905FAF0A-B8FE-4D7E-A406-879060FE6F28} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {943E96FA-4B63-4F35-A5BB-87CDBC450959} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9F28423-9083-4ACE-8B94-09246BAF6236} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AAF93311-FCB4-4532-9F73-698CA0ACCBBA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE7B1C8E-BC34-4D9C-A6D5-E51A660FE8E3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD95C1FD-87C8-4697-BFB3-BBA9524A89EE} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {BF229E97-C8E8-4622-97C3-0905CCED380A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CEAB9AC9-96BF-45ED-ADB6-A63292F7EE6C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5F76246-8A00-47F6-8479-48DF5D7B6D2C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD54A3A0-9F24-4E92-9EB2-C3A5952E0F08} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1830EF2-3A71-4953-A81F-5D5AFE10C4A4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E59E24E6-740E-459D-BFE1-D73596757634} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA967E7E-058A-4FAA-BBB9-2880A2F1DFCA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-02-01 18:02 - 2014-05-15 12:25 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-06-17 12:43 - 2016-06-17 12:43 - 000145696 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2018-06-20 20:47 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-20 20:47 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-14 06:10 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 06:10 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-21 17:12 - 2018-05-21 17:14 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-21 17:12 - 2018-05-21 17:14 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-21 17:12 - 2018-05-21 17:14 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-21 17:12 - 2018-05-21 17:14 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-19 03:01 - 2018-05-19 03:02 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-08 04:45 - 2018-05-08 04:45 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-14 04:02 - 2018-06-11 22:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 04:02 - 2018-06-11 22:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-12-03 09:56 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2534099351-527031699-1384085060-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sheila\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{635C82B1-3FD2-4871-9104-FC45A4925733}] => (Allow) LPort=8501
FirewallRules: [{308CA341-ACDF-4EA2-B805-23BD0B613D7F}] => (Allow) LPort=8501
FirewallRules: [{C6DED849-A1C0-497F-A4AC-4E12808B3490}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-06-2018 00:26:08 Scheduled Checkpoint
07-06-2018 15:20:09 Windows Update
12-06-2018 16:46:36 Windows Update
18-06-2018 15:51:40 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/20/2018 09:14:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\sheila\Desktop\Spyware Tools\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.371_none_15c7d1789365a290.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.371_none_5d75084fa7e1cb96.manifest.
 
Error: (06/20/2018 08:41:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgnt.exe, version: 15.0.36.198, time stamp: 0x5b1a61dd
Faulting module name: ccmsg.dll, version: 15.0.36.198, time stamp: 0x5b1a618d
Exception code: 0xc0000005
Fault offset: 0x000132d5
Faulting process id: 0x1fd0
Faulting application start time: 0x01d4074e22a7110a
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Faulting module path: c:\program files (x86)\avira\antivirus\ccmsg.dll
Report Id: 8a2f53c6-e201-4760-afa0-9d85275c16b8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/20/2018 08:35:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\sheila\Desktop\Spyware Tools\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.371_none_15c7d1789365a290.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.371_none_5d75084fa7e1cb96.manifest.
 
Error: (06/18/2018 11:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 67.0.3396.87, time stamp: 0x5b1f54ed
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff831de0441
Faulting process id: 0xe3c
Faulting application start time: 0x01d40798399b071d
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: d09c2a2c-f32f-4c1a-b0c0-33838878bcef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/17/2018 09:05:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x6e98
Faulting application start time: 0x01d405f258df1db4
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: e6f39d52-c17e-4257-9d31-61026ad7f449
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (06/14/2018 10:23:54 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (06/12/2018 04:50:34 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL W3SVC. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (06/12/2018 04:50:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL ASP.NET_64_2.0.50727. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
 
System errors:
=============
Error: (06/20/2018 10:00:07 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:44:31 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:26:51 PM) (Source: DCOM) (EventID: 10001) (User: SHEILA-PC)
Description: Unable to start a DCOM Server: {9AA46009-3CE0-458A-A354-715610A075E6} as Unavailable/Unavailable. The error:
"5"
Happened while starting this command:
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
 
Error: (06/20/2018 09:26:39 PM) (Source: DCOM) (EventID: 10016) (User: SHEILA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user SHEILA-PC\sheila SID (S-1-5-21-2534099351-527031699-1384085060-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:25:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:25:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:25:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/20/2018 09:25:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-20 21:15:02.618
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 21:15:01.904
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 21:14:37.801
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 21:14:37.573
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 21:14:27.178
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 21:14:26.987
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-20 20:48:04.487
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-20 20:47:06.043
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 53%
Total physical RAM: 4008.64 MB
Available physical RAM: 1874.38 MB
Total Virtual: 10152.64 MB
Available Virtual: 7665.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.84 GB) (Free:412.17 GB) NTFS
 
\\?\Volume{00e8907a-4c2a-11e4-b480-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{2f15f158-0000-0000-0000-d03b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2F15F158)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=846 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by sheila (administrator) on SHEILA-PC (20-06-2018 22:11:47)
Running from C:\Users\sheila\Desktop\Spyware Tools
Loaded Profiles: sheila (Available Profiles: sheila)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2svc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2comm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2pre.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2tray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2mainh.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2host.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2audioh.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToMyPC\g2printh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-05-30] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2534099351-527031699-1384085060-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{71c6a0b2-eadd-44b5-ace8-e6b9c8664eeb}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-16] (Google Inc.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2534099351-527031699-1384085060-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-16] (Google Inc.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\AjXNNDfR.default [2014-12-07]
FF Extension: (Avira Browser Safety) - C:\Users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\AjXNNDfR.default\Extensions\abs@avira.com [2015-12-05] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2534099351-527031699-1384085060-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\sheila\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.msn.com/"
CHR Profile: C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default [2018-06-20]
CHR Extension: (Docs) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-22]
CHR Extension: (Google Drive) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-22]
CHR Extension: (Gmail) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [879128 2018-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [224472 2018-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [224472 2018-06-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-06-14] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [452352 2018-05-30] (Avira Operations GmbH & Co. KG)
R2 GoToMyPC; C:\Program Files (x86)\GoToMyPC\g2svc.exe [1893336 2018-05-22] (LogMeIn, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-05-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-05-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-06-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-06-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-06-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-06-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-06-20] (Malwarebytes)
R2 monblanking; C:\WINDOWS\system32\DRIVERS\monblanking.sys [47696 2018-05-22] (LogMeIn, Inc)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-20] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-20 22:01 - 2018-06-20 22:11 - 000011344 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-20 22:01 - 2018-06-20 22:11 - 000003664 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-20 22:01 - 2018-06-20 22:01 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-20 22:01 - 2018-06-20 22:01 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-20 22:01 - 2018-06-20 22:01 - 000000000 ____D C:\Users\sheila\AppData\Local\Zemana
2018-06-20 20:50 - 2018-06-20 20:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\636368E7.sys
2018-06-20 20:47 - 2018-06-20 21:19 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-20 20:47 - 2018-06-20 21:19 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-20 20:47 - 2018-06-20 21:19 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-20 20:47 - 2018-06-20 21:19 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-20 20:47 - 2018-06-20 21:19 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-20 20:47 - 2018-06-20 20:47 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-20 20:47 - 2018-06-20 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-20 20:47 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-20 20:46 - 2018-06-20 21:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-20 20:35 - 2018-06-20 20:35 - 000899584 _____ C:\Users\sheila\Downloads\RGSA.exe
2018-06-16 21:35 - 2018-06-16 21:36 - 000038395 _____ C:\Users\sheila\Downloads\Addition.txt
2018-06-16 21:33 - 2018-06-16 21:36 - 000027152 _____ C:\Users\sheila\Downloads\FRST.txt
2018-06-16 21:31 - 2018-06-16 21:31 - 002413056 _____ (Farbar) C:\Users\sheila\Downloads\FRST64.exe
2018-06-16 21:31 - 2018-06-16 21:31 - 002413056 _____ (Farbar) C:\Users\sheila\Downloads\FRST64 (1).exe
2018-06-11 12:23 - 2018-06-11 12:23 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk
2018-06-05 12:01 - 2018-06-05 12:01 - 000000000 ____D C:\Program Files\Softland
2018-06-05 12:00 - 2018-05-22 00:08 - 000047696 _____ (LogMeIn, Inc) C:\WINDOWS\system32\Drivers\monblanking.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-20 22:11 - 2015-06-30 21:13 - 000000000 ____D C:\Users\sheila\Desktop\Spyware Tools
2018-06-20 22:11 - 2015-06-30 21:13 - 000000000 ____D C:\FRST
2018-06-20 22:02 - 2018-02-02 12:45 - 000000000 ____D C:\Users\sheila
2018-06-20 21:35 - 2018-02-02 12:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-20 21:23 - 2018-02-02 13:00 - 001015156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-20 21:22 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-20 21:18 - 2018-02-02 13:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-20 21:18 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-20 21:17 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2018-06-20 21:16 - 2015-07-03 21:00 - 000000000 ____D C:\AdwCleaner
2018-06-20 20:52 - 2015-07-03 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-20 20:01 - 2018-02-02 13:02 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2F9ADDE-17FA-4D6D-8533-F4AE1D3156F4}
2018-06-20 07:30 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-20 07:30 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-18 20:31 - 2018-01-27 22:54 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-18 20:16 - 2018-02-02 13:01 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2018-06-18 20:16 - 2018-02-02 13:01 - 000024768 _____ C:\WINDOWS\diagerr.xml
2018-06-18 19:02 - 2018-04-12 03:19 - 000000000 ___HD C:\$WINDOWS.~BT
2018-06-18 19:02 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-18 15:37 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-06-18 14:48 - 2018-02-02 14:06 - 000000000 ___RD C:\Users\sheila\3D Objects
2018-06-18 14:48 - 2016-02-13 06:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-18 14:40 - 2018-02-02 12:42 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-18 14:37 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-18 14:37 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-18 14:37 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-18 14:37 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-14 08:47 - 2015-12-05 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-06-14 04:02 - 2014-10-05 16:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 04:02 - 2014-10-05 16:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-12 16:50 - 2014-10-04 21:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 16:47 - 2017-10-11 03:59 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 16:47 - 2014-10-04 21:31 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-11 12:22 - 2014-10-04 20:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-07 15:22 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-05 16:24 - 2018-02-03 17:19 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 16:24 - 2018-02-03 17:19 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 12:01 - 2017-08-15 12:54 - 000000000 ____D C:\Users\sheila\AppData\Roaming\GoToMyPC
2018-06-05 11:59 - 2017-08-15 12:54 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoToMyPC.lnk
2018-06-05 11:59 - 2017-08-15 12:54 - 000000000 ____D C:\ProgramData\GoToMyPC
2018-06-05 11:59 - 2017-08-15 12:54 - 000000000 ____D C:\Program Files (x86)\GoToMyPC
2018-05-22 00:15 - 2014-10-04 21:31 - 000163288 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\gotomon_x64.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 07:39
 
==================== End of FRST.txt ============================


#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 28 June 2018 - 01:42 PM

Uninstall Chrome extension(s)
CHR Extension: (Chrome Web Store Payments) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14]

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 28 June 2018 - 07:05 PM

Greetings.  

 

1. I uninstalled ALL chrome extensions.

 

2.  I browsed to C:\Users\sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ and deleted the two folders you mentioned.  NOTE:  there were still 4-5 additional folders there.

 

3.  There were no threats detected by MBAM.  Log is below...

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/28/18
Scan Time: 4:47 PM
Log File: a91c04e5-7b2d-11e8-a124-d4bed9bea717.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5675
License: Premium
 
-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: SHEILA-PC\sheila
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 291334
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 29 June 2018 - 03:45 AM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Enable all your antivirus and antimalware software.
 

***


Can you tell me how your computer is running now and if there are any remaining malware related problems.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 02 July 2018 - 02:38 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response within 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 July 2018 - 12:52 PM

Ran eSet....no issues reported. one other thing I decided to do was uninstall Avast and let Windows Security Essentials take care of everything.  Let me know if there is anything else I should do.



#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 02 July 2018 - 01:03 PM

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.
or internet-networking forum section.



===================================


***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:53 PM

Posted 05 July 2018 - 05:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users