Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 10-Icon tray "controls" wifi, mouse, firefox menu (even cell ph infected)


  • Please log in to reply
7 replies to this topic

#1 Belit

Belit

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 03 July 2018 - 10:34 AM

Hello and thanks for any help.

As the title says, the Icon tray took control of my wifi, mouse, firefox menu, even infected my cell phone. I can't use the mouse, only the pad on the laptop. The Airplane mode and wifi connected buttons appear "on" at the same time. I can only access wifi through settings,

Sometimes the wifi button on the tray disappears.The firefox browser buttons and menus are frozen/fake. But sometimes it all returns to normal. Also, do you have any help for Androids?  The flishlight on my cell phone turns on by itself occasionally. Thank you!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Mabel (administrator) on LAPTOP-HI1T83GM (03-07-2018 10:51:00)
Running from C:\Users\Mabel\Downloads
Loaded Profiles: Mabel (Available Profiles: Mabel)
Platform: Windows 10 Home Version 1511 10586.1176 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Shield\ioloSSTray.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM\...\RunOnce: [73_8466412207482] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [514 2018-07-03] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\RunOnce: [73_8417042207482] => C:\Users\Mabel\AppData\Local\LMIR0001.tmp_r.bat [512 2018-07-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9 14 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9-x64 01 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Winsock: Catalog9-x64 02 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Winsock: Catalog9-x64 14 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{72f82765-f516-4b12-af91-6cfb37015bae}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: db33hwnv.default
FF ProfilePath: C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default [2018-07-03]
FF Extension: (Spanish (Mexico) Dictionary) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\diccionario@mozilla-mexico.org [2018-06-08] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-06-30]
FF Extension: (Español (España) Language Pack) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-07-02]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-02] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Docs) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-11]
CHR Extension: (YouTube) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-03] (Microsoft Corporation)
R2 CrypKey License; C:\windows\system32\crypserv.exe [126976 2013-04-11] (CrypKey (Canada) Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-27] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-21] (iolo technologies, LLC)
R2 osrss; C:\windows\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2015-12-08] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [54808 2016-04-02] (Advanced Micro Devices, Inc.)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-02] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [277240 2016-04-02] (Advanced Micro Devices, Inc. )
R2 AMP; C:\windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Advanced Micro Devices)
R1 NetworkX; C:\windows\System32\ckldrv.sys [31416 2013-04-11] ()
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [41576 2016-02-21] (EldoS Corporation)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek )
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [68728 2016-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U1 aswbdisk; no ImagePath
S3 mfeaack01; \Device\mfeaack01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 10:51 - 2018-07-03 10:52 - 000014206 _____ C:\Users\Mabel\Downloads\FRST.txt
2018-07-03 10:49 - 2018-07-03 10:51 - 000000000 ____D C:\FRST
2018-07-03 10:48 - 2018-07-03 10:49 - 002412544 _____ (Farbar) C:\Users\Mabel\Downloads\FRST64.exe
2018-07-03 08:48 - 2018-07-03 08:48 - 000000706 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2018-07-03 08:48 - 2018-07-03 08:48 - 000000514 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2018-07-03 08:48 - 2018-07-03 08:48 - 000000512 _____ C:\Users\Mabel\AppData\Local\LMIR0001.tmp_r.bat
2018-07-03 08:38 - 2018-07-03 08:38 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2018-07-03 08:37 - 2018-07-03 08:38 - 002209320 _____ (LogMeIn, Inc.) C:\Users\Mabel\Downloads\Support-LogMeInRescue.exe
2018-07-02 10:11 - 2018-07-02 10:11 - 005219157 _____ C:\Users\Mabel\Downloads\Manual SOCIAL MEDIA MANAGER-2018(3).pdf
2018-07-02 10:09 - 2018-07-02 10:09 - 001070804 _____ C:\Users\Mabel\Downloads\Manual SOCIAL MEDIA MANAGER-2018(2).pdf
2018-06-15 18:43 - 2018-06-15 18:51 - 005219157 _____ C:\Users\Mabel\Downloads\Manual SOCIAL MEDIA MANAGER-2018(1).pdf
2018-06-13 21:38 - 2018-06-13 21:38 - 005219157 _____ C:\Users\Mabel\Downloads\Manual SOCIAL MEDIA MANAGER-2018.pdf
2018-06-11 10:49 - 2018-06-11 10:49 - 000170750 _____ C:\Users\Mabel\Downloads\WebpageFX Full-Time Remote Copy Editor Job in Harrisburg, PA   Glassdoor.htm
2018-06-08 09:20 - 2018-06-08 09:20 - 000043997 _____ C:\Users\Mabel\Downloads\Mabel Rodriguez certification_order_receipt.pdf
2018-06-08 09:12 - 2018-06-08 09:13 - 000217574 _____ C:\Users\Mabel\Downloads\certificado CAPM Mabel Rodriguez.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 10:50 - 2016-04-15 14:18 - 000000948 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-07-03 09:50 - 2016-04-15 14:18 - 000000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-07-03 08:48 - 2018-02-18 12:46 - 000000000 ____D C:\Users\Mabel\AppData\LocalLow\Mozilla
2018-07-03 08:00 - 2015-10-30 03:11 - 000000000 ____D C:\windows\CbsTemp
2018-07-03 07:46 - 2018-02-18 15:41 - 000004166 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{FCD23B2D-2774-4389-89F6-C75BAFB085C1}
2018-07-02 16:21 - 2015-11-03 02:05 - 000972104 _____ C:\windows\system32\PerfStringBackup.INI
2018-07-02 16:21 - 2015-10-30 03:21 - 000000000 ____D C:\windows\INF
2018-07-02 16:17 - 2018-02-18 12:45 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 16:17 - 2018-02-18 12:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-02 16:17 - 2018-02-18 12:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-02 16:16 - 2018-04-04 14:12 - 000000408 _____ C:\windows\SysWOW64\iolo.ini
2018-07-02 16:16 - 2018-04-04 14:12 - 000000408 _____ C:\windows\system32\iolo.ini
2018-07-02 16:16 - 2018-04-04 14:12 - 000000392 _____ C:\windows\SysWOW64\iolo.ini.txt
2018-07-02 16:16 - 2015-10-30 03:24 - 000000144 _____ C:\windows\win.ini
2018-07-02 16:15 - 2017-01-12 16:19 - 000733146 _____ C:\windows\SysWOW64\rootpa.e2e
2018-07-02 16:14 - 2015-11-02 14:02 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-07-02 16:13 - 2017-01-12 15:08 - 000065536 _____ C:\windows\system32\spu_storage.bin
2018-07-02 16:13 - 2015-10-30 02:28 - 000524288 ___SH C:\windows\system32\config\BBI
2018-07-02 14:20 - 2017-11-27 11:28 - 000000000 ____D C:\Users\Mabel\AppData\Local\Packages
2018-07-02 07:56 - 2017-11-27 21:42 - 000000000 ____D C:\Users\Mabel\AppData\Roaming\WildTangent
2018-07-02 07:56 - 2017-01-12 16:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-07-02 07:56 - 2017-01-12 16:22 - 000000000 ____D C:\ProgramData\WildTangent
2018-07-02 07:56 - 2017-01-12 16:22 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-07-01 13:48 - 2018-02-18 12:31 - 000003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForMabel
2018-07-01 13:48 - 2018-02-18 12:31 - 000000364 _____ C:\windows\Tasks\HPCeeScheduleForMabel.job
2018-07-01 12:44 - 2017-12-14 09:15 - 000000000 ____D C:\Users\Mabel\Desktop\pen drive con todo 2017 y antes
2018-06-28 10:20 - 2018-02-25 06:53 - 000000818 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-06-28 10:19 - 2018-03-01 15:55 - 000000806 _____ C:\Users\Mabel\Desktop\Windows 10 Update Assistant.lnk
2018-06-28 10:19 - 2018-02-25 06:52 - 000000000 ____D C:\Windows10Upgrade
2018-06-26 09:14 - 2018-04-11 16:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-26 09:14 - 2018-02-18 15:14 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-22 19:43 - 2017-11-27 11:38 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1252144337-538660414-2737996322-1002
2018-06-22 19:42 - 2017-11-27 11:35 - 000002370 _____ C:\Users\Mabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-22 19:42 - 2017-11-27 11:35 - 000000000 ___RD C:\Users\Mabel\OneDrive
2018-06-21 23:34 - 2017-11-27 11:28 - 000000000 ____D C:\Users\Mabel
2018-06-21 10:54 - 2018-02-23 13:03 - 000000000 ____D C:\Users\Mabel\Documents\2018
2018-06-16 21:57 - 2017-01-12 16:32 - 000000000 ____D C:\ProgramData\CyberLink
2018-06-12 15:29 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-12 15:29 - 2015-10-30 03:24 - 000000000 ____D C:\windows\AppReadiness

==================== Files in the root of some directories =======

2018-07-03 08:48 - 2018-07-03 08:48 - 000000706 _____ () C:\Program Files (x86)\LMIR0002.tmp.bat
2018-07-03 08:48 - 2018-07-03 08:48 - 000000514 _____ () C:\Program Files (x86)\LMIR0002.tmp_r.bat
2018-03-20 15:37 - 2018-03-20 22:25 - 000000000 _____ () C:\Users\Mabel\AppData\Roaming\MCVi2UserDetail.ini
2018-07-03 08:48 - 2018-07-03 08:48 - 000000512 _____ () C:\Users\Mabel\AppData\Local\LMIR0001.tmp_r.bat

Some files in TEMP:
====================
2018-03-05 17:48 - 2018-06-25 13:31 - 006612768 _____ (Microsoft Corporation) C:\Users\Mabel\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-25 15:00

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Mabel (03-07-2018 10:54:18)
Running from C:\Users\Mabel\Downloads
Windows 10 Home Version 1511 10586.1176 (X64) (2017-11-27 15:27:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1252144337-538660414-2737996322-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1252144337-538660414-2737996322-503 - Limited - Disabled)
Guest (S-1-5-21-1252144337-538660414-2737996322-501 - Limited - Disabled)
Mabel (S-1-5-21-1252144337-538660414-2737996322-1002 - Administrator - Enabled) => C:\Users\Mabel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: System Shield (Enabled - Up to date) {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
AS: System Shield (Enabled - Up to date) {EAC013B5-54EC-F474-23D9-D0938EA81F22}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-f1b84329-6129-4e95-a06b-edb92987df51) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.11 - CYREN Inc.) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-824829c2-b729-4af4-bde3-a754769c9da0) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-59aa5f99-d8ff-4de9-a7a7-ef83e160d9d7) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-8a8d0188-89ad-42ed-b638-b339efa21c9b) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-03094b9d-0019-4e1f-89e4-26ed88c2397c) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-0794cb69-d7a7-46ac-a2ba-5ff6ec71379a) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Green City: Go South (HKLM-x32\...\WTA-8b26d7eb-24c6-4f15-959d-4229b4c2776a) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-59c3f7d5-66b2-4f87-8415-aa4b92ff58af) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-7138d01c-2b79-49f0-a622-4009331edd02) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.18.3 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-9c80a758-3fa6-4245-84c7-d186bb9cd738) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-de637646-804c-469f-b220-40f4c1de45dc) (Version: 3.0.2.59 - WildTangent) Hidden
iolo technologies' System Shield (HKLM-x32\...\{882362E0-C71A-411B-B16F-46D1B66E1890}_is1) (Version: 5.0.6 - iolo technologies, LLC)
Jewel Match Snowscapes (HKLM-x32\...\WTA-11071c12-212c-46de-87fa-cf5d3d298806) (Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-cb59c705-009a-4ca4-9887-aa47585903e9) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-c3c4eb0d-49e2-4f6a-987e-a9fc081c7a78) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-253bc640-a406-4f31-9d50-ec137ddf249b) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-b26b1d5d-779f-4786-9783-8cf60f143233) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9001.2171 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-9533b82a-e5ac-4058-9158-7073dd748353) (Version: 3.0.2.59 - WildTangent) Hidden
PM FASTrack CAPM v3 (HKLM\...\PM FASTrack CAPM v3-v3002) (Version: 3.0.0.2 - RMC Project Management, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-7d0bfa17-c1c3-4e42-8570-918684811267) (Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-2c89e6e3-1901-4558-9029-26e8e7947cd2) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-9b358a70-96c7-4938-aff1-71e8c9a24d76) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-8cacb54d-b1f3-4aba-9a4f-309e2fa031f7) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-143b3a59-1d95-4eb8-9c11-2a83fe8be091) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-b801abcc-146c-49b4-bf72-edd863ddc647) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-e6bd639c-fc04-4f2d-82b0-44fbbecb1d37) (Version: 3.0.2.59 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
System Shield 4 AntiVirus & AntiSpyware (HKLM-x32\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version: 5.0.6 - ) Hidden
Tasty Blue (HKLM-x32\...\WTA-c12c216a-dff9-4983-8aaa-b5d34d0665a7) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-e5a5820d-26f8-4692-a937-958c0a6aa321) (Version: 3.0.2.59 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-27] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AA7FF9-2A63-466E-B8C4-851E56F6A229} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {053DB5DC-5A37-4C6F-B777-EFBD9AA61249} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {08132034-CBB1-4E6F-9B6F-8C49D6757DE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {1C5427E6-2315-49F7-9FB1-196CD6D1DFE0} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {2269A00B-4289-4B24-843A-D26230881FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {263DD091-749E-4AB4-A86A-C6C5604CC934} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-12-08] (AVAST Software)
Task: {3BFD0603-123B-4851-91AF-C89D0DED1F31} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2015-12-08] (AVAST Software)
Task: {3F4487E0-15A9-4EBC-A230-75594F80B615} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4C8ADF8F-7EFD-45CB-BB87-9AF473336838} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {4F7507F8-99B1-4DC9-886D-E3A45DF1B97E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-03] (Microsoft Corporation)
Task: {52F1A6CA-6A90-4AD1-B7CF-AE36CF5A4B50} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {53D5B8F7-DFA7-4E20-BA80-A37DC3EB6D13} - System32\Tasks\HPCeeScheduleForMabel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5ABFAA66-C8B3-4EEF-B4CE-21B539536E15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-27] (Dropbox, Inc.)
Task: {70628A73-5016-42CE-B4E3-E73A9CD637D9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-27] (Dropbox, Inc.)
Task: {81933D8C-576B-421A-BDF5-49B550DF83B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {8CD136A3-7E13-4743-BDD7-D0224168D58F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {990D0147-9CBA-4E8E-B9C8-DAE9C5F7EF4B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-25] (Microsoft Corporation)
Task: {9D2134B8-CC3A-48AD-BB96-48E9173CE489} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-03] (Microsoft Corporation)
Task: {C13D6C66-2BE7-4B75-B74B-A988119E62DF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-25] (Microsoft Corporation)
Task: {C3296120-9D33-4100-84EC-CA88EE371770} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {C8B4A056-E946-41D7-97EC-6974A9E697C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMabel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2018-04-04 14:09 - 2016-02-21 23:35 - 000160256 _____ () C:\windows\system32\iavlsp64.dll
2018-02-25 07:28 - 2017-03-04 01:31 - 000185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2018-02-25 07:09 - 2017-09-05 05:31 - 002656960 _____ () C:\windows\system32\CoreUIComponents.dll
2017-01-12 16:32 - 2014-04-14 22:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-12 16:22 - 2015-12-08 20:58 - 000452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-04-15 14:06 - 2016-04-15 14:06 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2018-02-25 07:28 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2018-02-25 07:27 - 2017-03-28 03:19 - 000674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2018-02-25 07:27 - 2017-09-05 02:14 - 001055232 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll
2018-02-25 07:27 - 2017-09-05 01:57 - 005010432 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\PeopleShared.dll
2018-02-25 07:08 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-25 07:09 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-25 07:08 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-02-25 07:08 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-11-27 13:37 - 2017-11-27 13:38 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-06-25 21:34 - 2015-06-25 21:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 21:37 - 2015-06-25 21:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 21:35 - 2015-06-25 21:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 21:38 - 2015-06-25 21:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 20:53 - 2015-06-25 20:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 20:51 - 2015-06-25 20:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-11-27 13:37 - 2017-11-27 13:38 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2017-11-27 13:37 - 2017-11-27 13:38 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-12 16:22 - 2015-12-08 20:58 - 038561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2017-11-27 13:02 - 2018-02-25 08:26 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A0035D56-54CC-4D50-A5B9-70167C6B0F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82167496-2394-4196-B2D2-1FF39FA1D101}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{766F8B39-FD22-4803-B610-082A6C772CDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62A248B8-EA28-4D81-8D4F-D238EED262EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49F49075-AAD5-4C8B-8A7D-963E0156B45C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{AFF19F44-8196-4378-BC83-D9095E76156F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{935B6411-269B-4369-9055-EE23F934FD05}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A9B07028-3F4C-4C72-AEE3-7DA64496F0A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{96E60ABE-C121-4149-91A6-7CB0B8B3814C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{DF4B7B27-2378-47C8-8AD9-F39A215839A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A502C90C-CA34-4942-A802-DE5A66957397}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2DC93B93-14E3-4D92-B3A6-60B57DCA466E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{799F4D18-97AE-4DAE-B10A-E47910402994}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{606894D9-3030-4369-96DC-8C656241EDB1}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{32E58E37-04C6-47DC-911B-C8B0F24A8C88}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{75A906F0-8D17-4668-8513-5B470B6CD1E1}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [TCP Query User{6E160D42-AEE7-4218-9EB8-67E96DA41EA6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{779C5D49-04E8-4761-9035-C2993E6B5F75}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{32BCE0CC-0F81-477A-A36D-F247B30FA3FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-06-2018 07:58:55 Scheduled Checkpoint
25-06-2018 18:04:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2018 08:16:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6187

Error: (07/03/2018 08:16:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6187

Error: (07/03/2018 08:16:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2018 08:16:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4515

Error: (07/03/2018 08:16:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4515

Error: (07/03/2018 08:16:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2018 08:16:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734

Error: (07/03/2018 08:16:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734


System errors:
=============
Error: (07/03/2018 12:03:37 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HI1T83GM)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (07/02/2018 11:25:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/02/2018 04:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/02/2018 04:12:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_a2285b7 service to connect.

Error: (07/02/2018 04:12:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a2285b7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/02/2018 04:12:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HI1T83GM)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (07/02/2018 08:37:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_28a7cfd service to connect.

Error: (07/02/2018 08:37:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_28a7cfd service to connect.


Windows Defender:
===================================
Date: 2018-04-19 18:05:54.495
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {7C04D63B-C074-4CCC-A430-338585D70EED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-19 16:40:35.728
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6D32B9D5-9AD0-4CF7-B95E-63F413E8A5B4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 22:36:56.947
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {EDB8D19F-1AB5-4E8D-86BD-5386900C8270}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 10:47:50.009
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5BFDC297-BEA5-4E23-A159-4865C03A9E90}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-01 22:52:36.987
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DA759839-93BC-4E82-B986-E0F56F1B959B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-19 17:34:24.068
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x800704c7
Error description: The operation was canceled by the user.

Date: 2018-04-19 16:37:52.877
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.11804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.866
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.865
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.800
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-03-20 09:09:59.546
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-17 12:48:09.185
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-17 03:22:18.703
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-17 03:18:52.894
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-17 03:18:44.050
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-25 20:14:26.199
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-25 20:14:26.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-25 20:14:24.292
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 62%
Total physical RAM: 3529.02 MB
Available physical RAM: 1307.45 MB
Total Virtual: 6345.02 MB
Available Virtual: 3345.11 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:446.16 GB) (Free:394.09 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.37 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Las piedras) (CDROM) (Total:2.24 GB) (Free:0 GB) UDF

\\?\Volume{4c0ffc9d-4d43-4f9c-9060-939827fa7f4c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4541579E)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 08 July 2018 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/680024 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 11 July 2018 - 08:29 AM

Hello, Welcome to BleepingComputer.

If you still need help please follow the instructions by the HelpBot I will review you logs.

#4 Belit

Belit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 12 July 2018 - 04:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Mabel (administrator) on LAPTOP-HI1T83GM (12-07-2018 15:58:20)
Running from C:\Users\Mabel\Downloads
Loaded Profiles: Mabel (Available Profiles: Mabel)
Platform: Windows 10 Home Version 1511 10586.1176 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Shield\ioloSSTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(BlueJeans) C:\Users\Mabel\AppData\Local\BlueJeans\current\BlueJeans.Detector.exe
(BlueJeans) C:\Users\Mabel\AppData\Local\BlueJeans\current\BlueJeans.Detector.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.1040_none_366d2a34ce5cd854\TiWorker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\Run: [BlueJeans.Detector] => C:\Users\Mabel\AppData\Local\BlueJeans\BlueJeans.Detector.exe [203200 2018-06-13] (BlueJeans)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9 14 C:\windows\SysWOW64\iavlsp.dll [118784 2016-02-21] (iolo technologies, LLC)
Winsock: Catalog9-x64 01 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Winsock: Catalog9-x64 02 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Winsock: Catalog9-x64 14 C:\windows\system32\iavlsp64.dll [160256 2016-02-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{033dfe5e-6a21-49ee-b8a0-2e0da1fb5f00}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{72f82765-f516-4b12-af91-6cfb37015bae}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: db33hwnv.default
FF ProfilePath: C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default [2018-07-12]
FF Extension: (Spanish (Mexico) Dictionary) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\diccionario@mozilla-mexico.org [2018-06-08] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-06-30]
FF Extension: (Español (España) Language Pack) - C:\Users\Mabel\AppData\Roaming\Mozilla\Firefox\Profiles\db33hwnv.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-07-02]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-06] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Docs) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-11]
CHR Extension: (YouTube) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Mabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
R2 CrypKey License; C:\windows\system32\crypserv.exe [126976 2013-04-11] (CrypKey (Canada) Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-27] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-21] (iolo technologies, LLC)
R2 osrss; C:\windows\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2015-12-08] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [54808 2016-04-02] (Advanced Micro Devices, Inc.)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-02] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [277240 2016-04-02] (Advanced Micro Devices, Inc. )
R2 AMP; C:\windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Advanced Micro Devices)
R3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 NetworkX; C:\windows\System32\ckldrv.sys [31416 2013-04-11] ()
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [41576 2016-02-21] (EldoS Corporation)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek )
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [68728 2016-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated)
R3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U1 aswbdisk; no ImagePath
S3 mfeaack01; \Device\mfeaack01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-11 18:41 - 2018-07-11 18:58 - 000000000 ____D C:\Users\Mabel\AppData\Local\Adobe
2018-07-11 18:31 - 2018-07-11 18:31 - 000107186 _____ C:\Users\Mabel\Downloads\Mabel Rodríguez(1).pdf
2018-07-11 14:01 - 2018-07-11 14:01 - 000107186 _____ C:\Users\Mabel\Downloads\Mabel Rodríguez.pdf
2018-07-11 09:02 - 2018-07-11 09:02 - 000000000 ___SD C:\windows\UpdateAssistantV2
2018-07-10 10:22 - 2018-07-10 10:24 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-10 10:19 - 2018-06-01 19:31 - 000264704 _____ (Microsoft Corporation) C:\windows\system32\Notifier.exe
2018-07-10 10:08 - 2018-07-10 10:09 - 000000000 ____D C:\windows\UpdateAssistant
2018-07-10 09:22 - 2018-04-10 04:49 - 000323072 _____ (Microsoft Corporation) C:\windows\system32\EOSNotify.exe
2018-07-10 09:22 - 2018-04-10 03:14 - 000030048 _____ (Microsoft Corporation) C:\windows\system32\OOBEUpdater.exe
2018-07-07 20:53 - 2018-07-07 20:53 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-07 20:53 - 2018-07-07 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-07 12:42 - 2018-07-07 12:42 - 000014111 _____ C:\Users\Mabel\Desktop\Build Your Own Solar Panel.htm
2018-07-06 21:22 - 2015-10-29 19:43 - 009893888 _____ (Microsoft Corporation) C:\windows\system32\NlsLexicons000a.dll
2018-07-06 21:22 - 2015-10-29 19:42 - 009893888 _____ (Microsoft Corporation) C:\windows\SysWOW64\NlsLexicons000a.dll
2018-07-06 21:22 - 2015-10-29 19:26 - 009687552 _____ (Microsoft Corporation) C:\windows\system32\NlsData000a.dll
2018-07-06 21:22 - 2015-10-29 19:24 - 009566208 _____ (Microsoft Corporation) C:\windows\SysWOW64\NlsData000a.dll
2018-07-06 21:20 - 2018-03-21 03:15 - 000026400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2018-07-06 21:20 - 2018-03-21 02:03 - 000032256 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2018-07-06 21:20 - 2018-03-21 01:34 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2018-07-06 21:20 - 2018-03-21 01:10 - 000381952 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2018-07-06 21:20 - 2018-03-21 00:40 - 002279936 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2018-07-06 21:20 - 2018-03-01 03:37 - 000011264 _____ (Microsoft Corporation) C:\windows\system32\wuapihost.exe
2018-07-06 21:20 - 2018-03-01 03:32 - 000048128 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2018-07-06 21:20 - 2018-03-01 02:45 - 000023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2018-07-06 21:20 - 2018-03-01 02:39 - 000848896 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2018-07-06 21:20 - 2018-03-01 02:35 - 000270848 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2018-07-06 21:20 - 2018-03-01 02:01 - 000706048 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2018-07-06 21:20 - 2018-01-14 18:31 - 001110016 _____ (Microsoft Corporation) C:\windows\system32\qmgr.dll
2018-07-06 21:20 - 2017-10-15 23:36 - 000192512 _____ (Microsoft Corporation) C:\windows\system32\MusNotification.exe
2018-07-06 21:20 - 2017-10-15 23:20 - 000379392 _____ (Microsoft Corporation) C:\windows\system32\usocore.dll
2018-07-06 20:51 - 2018-07-06 20:51 - 000002076 _____ C:\Users\Mabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJeans.lnk
2018-07-06 20:51 - 2018-07-06 20:51 - 000002068 _____ C:\Users\Mabel\Desktop\BlueJeans.lnk
2018-07-06 20:51 - 2018-07-06 20:51 - 000000000 ____D C:\Users\Mabel\AppData\Local\IsolatedStorage
2018-07-06 20:50 - 2018-07-06 21:05 - 000000000 ____D C:\Users\Mabel\AppData\Local\BlueJeans
2018-07-06 20:50 - 2018-07-06 20:50 - 000000000 ____D C:\Users\Mabel\AppData\Local\Package Cache
2018-07-06 20:28 - 2018-07-06 20:50 - 023447984 _____ (BlueJeans Network, Inc.) C:\Users\Mabel\Downloads\BlueJeansLauncher.exe
2018-07-05 09:35 - 2018-07-05 09:36 - 000000026 _____ C:\Users\Mabel\Desktop\ascii.txt
2018-07-03 12:22 - 2018-07-03 12:22 - 000001301 _____ C:\Users\Mabel\Desktop\sierraclub.txt
2018-07-03 10:54 - 2018-07-03 10:56 - 000039926 _____ C:\Users\Mabel\Downloads\Addition.txt
2018-07-03 10:51 - 2018-07-12 16:00 - 000014963 _____ C:\Users\Mabel\Downloads\FRST.txt
2018-07-03 10:49 - 2018-07-12 15:58 - 000000000 ____D C:\FRST
2018-07-03 10:48 - 2018-07-03 10:49 - 002412544 _____ (Farbar) C:\Users\Mabel\Downloads\FRST64.exe
2018-07-03 08:37 - 2018-07-03 08:38 - 002209320 _____ (LogMeIn, Inc.) C:\Users\Mabel\Downloads\Support-LogMeInRescue.exe
2018-06-13 21:38 - 2018-06-13 21:38 - 005219157 _____ C:\Users\Mabel\Downloads\Manual SOCIAL MEDIA MANAGER-2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-12 15:50 - 2016-04-15 14:18 - 000000948 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-07-12 15:27 - 2018-02-18 15:41 - 000004166 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{FCD23B2D-2774-4389-89F6-C75BAFB085C1}
2018-07-12 15:25 - 2018-02-18 12:46 - 000000000 ____D C:\Users\Mabel\AppData\LocalLow\Mozilla
2018-07-12 15:23 - 2016-04-15 14:18 - 000000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-07-11 21:27 - 2015-11-03 02:05 - 000972104 _____ C:\windows\system32\PerfStringBackup.INI
2018-07-11 21:27 - 2015-10-30 03:21 - 000000000 ____D C:\windows\INF
2018-07-11 21:22 - 2015-10-30 03:24 - 000000000 ____D C:\windows\AppReadiness
2018-07-11 21:21 - 2015-10-30 03:24 - 000000144 _____ C:\windows\win.ini
2018-07-11 21:20 - 2018-04-04 14:12 - 000000408 _____ C:\windows\SysWOW64\iolo.ini
2018-07-11 21:20 - 2018-04-04 14:12 - 000000408 _____ C:\windows\system32\iolo.ini
2018-07-11 21:20 - 2018-04-04 14:12 - 000000392 _____ C:\windows\SysWOW64\iolo.ini.txt
2018-07-11 21:20 - 2017-01-12 16:19 - 000761347 _____ C:\windows\SysWOW64\rootpa.e2e
2018-07-11 21:19 - 2018-02-18 12:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 21:19 - 2018-02-18 12:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-11 21:19 - 2018-02-18 12:31 - 000000364 _____ C:\windows\Tasks\HPCeeScheduleForMabel.job
2018-07-11 21:19 - 2015-11-02 14:02 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-07-11 19:04 - 2017-01-12 15:08 - 000065536 _____ C:\windows\system32\spu_storage.bin
2018-07-11 19:04 - 2015-10-30 02:28 - 000524288 ___SH C:\windows\system32\config\BBI
2018-07-11 17:19 - 2017-11-27 11:28 - 000000000 ____D C:\Users\Mabel\AppData\Local\Packages
2018-07-11 14:29 - 2018-02-23 13:03 - 000000000 ____D C:\Users\Mabel\Documents\2018
2018-07-11 09:02 - 2015-10-30 03:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2018-07-11 09:02 - 2015-10-30 03:11 - 000000000 ____D C:\windows\CbsTemp
2018-07-10 15:11 - 2018-02-18 12:31 - 000003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForMabel
2018-07-10 11:39 - 2018-02-25 06:52 - 000000000 ____D C:\Windows10Upgrade
2018-07-10 11:38 - 2018-03-01 15:55 - 000000802 _____ C:\Users\Mabel\Desktop\Windows 10 Update Assistant.lnk
2018-07-10 11:38 - 2018-02-25 06:53 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-07-10 11:23 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-10 11:01 - 2018-02-25 09:14 - 000000000 ____D C:\windows\system32\MRT
2018-07-10 10:30 - 2018-02-25 09:13 - 133315992 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-07-10 10:30 - 2018-02-25 09:13 - 133315992 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-07-10 10:28 - 2015-11-02 13:43 - 000000000 ____D C:\windows\Panther
2018-07-10 10:08 - 2018-02-22 10:23 - 000000000 ____D C:\Program Files\rempl
2018-07-07 21:34 - 2015-10-30 03:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-07 20:53 - 2017-11-27 13:19 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-07 20:53 - 2017-11-27 13:19 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-07 20:53 - 2017-11-27 13:19 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-07 20:49 - 2016-04-15 14:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-07 13:40 - 2018-04-04 14:09 - 000001501 _____ C:\Users\Mabel\Desktop\System Shield.lnk
2018-07-06 21:22 - 2015-10-30 05:03 - 000000000 ____D C:\windows\OCR
2018-07-06 11:14 - 2018-02-18 12:45 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 07:56 - 2017-11-27 21:42 - 000000000 ____D C:\Users\Mabel\AppData\Roaming\WildTangent
2018-07-02 07:56 - 2017-01-12 16:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-07-02 07:56 - 2017-01-12 16:22 - 000000000 ____D C:\ProgramData\WildTangent
2018-07-02 07:56 - 2017-01-12 16:22 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-07-01 12:44 - 2017-12-14 09:15 - 000000000 ____D C:\Users\Mabel\Desktop\pen drive con todo 2017 y antes
2018-06-26 09:14 - 2018-04-11 16:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-26 09:14 - 2018-02-18 15:14 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-22 19:43 - 2017-11-27 11:38 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1252144337-538660414-2737996322-1002
2018-06-22 19:42 - 2017-11-27 11:35 - 000002370 _____ C:\Users\Mabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-22 19:42 - 2017-11-27 11:35 - 000000000 ___RD C:\Users\Mabel\OneDrive
2018-06-21 23:34 - 2017-11-27 11:28 - 000000000 ____D C:\Users\Mabel
2018-06-16 21:57 - 2017-01-12 16:32 - 000000000 ____D C:\ProgramData\CyberLink

==================== Files in the root of some directories =======

2018-03-20 15:37 - 2018-03-20 22:25 - 000000000 _____ () C:\Users\Mabel\AppData\Roaming\MCVi2UserDetail.ini

Some files in TEMP:
====================
2018-03-05 17:48 - 2018-07-05 10:34 - 006612768 _____ (Microsoft Corporation) C:\Users\Mabel\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-05 16:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Mabel (12-07-2018 16:01:40)
Running from C:\Users\Mabel\Downloads
Windows 10 Home Version 1511 10586.1176 (X64) (2017-11-27 15:27:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1252144337-538660414-2737996322-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1252144337-538660414-2737996322-503 - Limited - Disabled)
Guest (S-1-5-21-1252144337-538660414-2737996322-501 - Limited - Disabled)
Mabel (S-1-5-21-1252144337-538660414-2737996322-1002 - Administrator - Enabled) => C:\Users\Mabel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: System Shield (Enabled - Out of date) {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
AS: System Shield (Enabled - Out of date) {EAC013B5-54EC-F474-23D9-D0938EA81F22}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-f1b84329-6129-4e95-a06b-edb92987df51) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.11 - CYREN Inc.) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-824829c2-b729-4af4-bde3-a754769c9da0) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-59aa5f99-d8ff-4de9-a7a7-ef83e160d9d7) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-8a8d0188-89ad-42ed-b638-b339efa21c9b) (Version: 3.0.2.48 - WildTangent) Hidden
BlueJeans (HKLM\...\{CCC11093-4115-4CD4-960B-6DFBB31F05D1}) (Version: 2.6.536 - BlueJeans Network, Inc.) Hidden
BlueJeans (HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\{7e5725b9-fecb-4d0a-ba3c-e57ca258bbb8}) (Version: 2.6.536 - BlueJeans Network, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-03094b9d-0019-4e1f-89e4-26ed88c2397c) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-0794cb69-d7a7-46ac-a2ba-5ff6ec71379a) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Green City: Go South (HKLM-x32\...\WTA-8b26d7eb-24c6-4f15-959d-4229b4c2776a) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-59c3f7d5-66b2-4f87-8415-aa4b92ff58af) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-7138d01c-2b79-49f0-a622-4009331edd02) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-9c80a758-3fa6-4245-84c7-d186bb9cd738) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-de637646-804c-469f-b220-40f4c1de45dc) (Version: 3.0.2.59 - WildTangent) Hidden
iolo technologies' System Shield (HKLM-x32\...\{882362E0-C71A-411B-B16F-46D1B66E1890}_is1) (Version: 5.0.6 - iolo technologies, LLC)
Jewel Match Snowscapes (HKLM-x32\...\WTA-11071c12-212c-46de-87fa-cf5d3d298806) (Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-cb59c705-009a-4ca4-9887-aa47585903e9) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-c3c4eb0d-49e2-4f6a-987e-a9fc081c7a78) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-253bc640-a406-4f31-9d50-ec137ddf249b) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-b26b1d5d-779f-4786-9783-8cf60f143233) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-9533b82a-e5ac-4058-9158-7073dd748353) (Version: 3.0.2.59 - WildTangent) Hidden
PM FASTrack CAPM v3 (HKLM\...\PM FASTrack CAPM v3-v3002) (Version: 3.0.0.2 - RMC Project Management, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-7d0bfa17-c1c3-4e42-8570-918684811267) (Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-2c89e6e3-1901-4558-9029-26e8e7947cd2) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-9b358a70-96c7-4938-aff1-71e8c9a24d76) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-8cacb54d-b1f3-4aba-9a4f-309e2fa031f7) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-143b3a59-1d95-4eb8-9c11-2a83fe8be091) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-b801abcc-146c-49b4-bf72-edd863ddc647) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-e6bd639c-fc04-4f2d-82b0-44fbbecb1d37) (Version: 3.0.2.59 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
System Shield 4 AntiVirus & AntiSpyware (HKLM-x32\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version: 5.0.6 - ) Hidden
Tasty Blue (HKLM-x32\...\WTA-c12c216a-dff9-4983-8aaa-b5d34d0665a7) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-e5a5820d-26f8-4692-a937-958c0a6aa321) (Version: 3.0.2.59 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-27] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AA7FF9-2A63-466E-B8C4-851E56F6A229} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {053DB5DC-5A37-4C6F-B777-EFBD9AA61249} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {08132034-CBB1-4E6F-9B6F-8C49D6757DE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {1C5427E6-2315-49F7-9FB1-196CD6D1DFE0} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {2269A00B-4289-4B24-843A-D26230881FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {263DD091-749E-4AB4-A86A-C6C5604CC934} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-12-08] (AVAST Software)
Task: {3969E396-6CC2-4EEA-B4B7-6D272614060D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {3BFD0603-123B-4851-91AF-C89D0DED1F31} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2015-12-08] (AVAST Software)
Task: {3F4487E0-15A9-4EBC-A230-75594F80B615} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3F711D5D-50C9-4A12-A424-3EB029396744} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {3FCEE327-2FCC-402D-BC9D-018EEC8F89D3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-06] (Microsoft Corporation)
Task: {4C8ADF8F-7EFD-45CB-BB87-9AF473336838} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {52F1A6CA-6A90-4AD1-B7CF-AE36CF5A4B50} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {548A5504-C6E7-4D2D-BE30-C1BBE37607D0} - System32\Tasks\HPCeeScheduleForMabel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5ABFAA66-C8B3-4EEF-B4CE-21B539536E15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-27] (Dropbox, Inc.)
Task: {70628A73-5016-42CE-B4E3-E73A9CD637D9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-27] (Dropbox, Inc.)
Task: {81933D8C-576B-421A-BDF5-49B550DF83B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {8CD136A3-7E13-4743-BDD7-D0224168D58F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {C230D27D-FDD8-44D9-82FB-700A19456159} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-06] (Microsoft Corporation)
Task: {C3296120-9D33-4100-84EC-CA88EE371770} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {C8B4A056-E946-41D7-97EC-6974A9E697C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {FFE90787-8068-4CF3-92A4-6B25FAEA6E61} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-06] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMabel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2018-04-04 14:09 - 2016-02-21 23:35 - 000160256 _____ () C:\windows\system32\iavlsp64.dll
2017-01-12 16:32 - 2014-04-14 22:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-12 16:22 - 2015-12-08 20:58 - 000452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2018-02-25 07:28 - 2017-03-04 01:31 - 000185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2018-02-25 07:09 - 2017-09-05 05:31 - 002656960 _____ () C:\windows\system32\CoreUIComponents.dll
2016-04-15 14:06 - 2016-04-15 14:06 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2018-02-25 07:28 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2018-02-25 07:08 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-25 07:09 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-25 07:08 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-02-25 07:08 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 21:34 - 2015-06-25 21:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 21:37 - 2015-06-25 21:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 21:35 - 2015-06-25 21:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 21:38 - 2015-06-25 21:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 20:53 - 2015-06-25 20:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 20:51 - 2015-06-25 20:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-12 16:22 - 2015-12-08 20:58 - 038561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1252144337-538660414-2737996322-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1252144337-538660414-2737996322-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A0035D56-54CC-4D50-A5B9-70167C6B0F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82167496-2394-4196-B2D2-1FF39FA1D101}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{766F8B39-FD22-4803-B610-082A6C772CDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62A248B8-EA28-4D81-8D4F-D238EED262EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49F49075-AAD5-4C8B-8A7D-963E0156B45C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{AFF19F44-8196-4378-BC83-D9095E76156F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{935B6411-269B-4369-9055-EE23F934FD05}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A9B07028-3F4C-4C72-AEE3-7DA64496F0A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{96E60ABE-C121-4149-91A6-7CB0B8B3814C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{DF4B7B27-2378-47C8-8AD9-F39A215839A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A502C90C-CA34-4942-A802-DE5A66957397}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2DC93B93-14E3-4D92-B3A6-60B57DCA466E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{799F4D18-97AE-4DAE-B10A-E47910402994}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{606894D9-3030-4369-96DC-8C656241EDB1}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{32E58E37-04C6-47DC-911B-C8B0F24A8C88}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{75A906F0-8D17-4668-8513-5B470B6CD1E1}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [TCP Query User{6E160D42-AEE7-4218-9EB8-67E96DA41EA6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{779C5D49-04E8-4761-9035-C2993E6B5F75}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{32BCE0CC-0F81-477A-A36D-F247B30FA3FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{879B9DAC-43DA-4451-B062-9E4C5428EC50}C:\users\mabel\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\mabel\appdata\local\bluejeans\current\bluejeans.exe
FirewallRules: [UDP Query User{82596347-7F4A-44B1-940E-C21ED998A6C1}C:\users\mabel\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\mabel\appdata\local\bluejeans\current\bluejeans.exe

==================== Restore Points =========================

25-06-2018 18:04:52 Scheduled Checkpoint
04-07-2018 18:34:55 Scheduled Checkpoint
10-07-2018 10:06:27 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2018 03:45:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-HI1T83GM)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/12/2018 03:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22099984

Error: (07/12/2018 03:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22099984

Error: (07/12/2018 03:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2018 09:07:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x56f72873
Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x56f72873
Exception code: 0xc0000005
Fault offset: 0x000000000000b9f4
Faulting process id: 0xfc4
Faulting application start time: 0x01d4197ec0ad1390
Faulting application path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
Faulting module path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
Report Id: 5bbf8a5f-036f-4cb6-9bb7-f52241358864
Faulting package full name:
Faulting package-relative application ID:

Error: (07/12/2018 08:38:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34548078

Error: (07/12/2018 08:38:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34548078

Error: (07/12/2018 08:38:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/12/2018 09:14:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2f5bf3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/12/2018 09:14:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2f5bf3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/12/2018 09:14:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2f5bf3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/12/2018 09:14:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2f5bf3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/12/2018 09:07:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/12/2018 08:38:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/12/2018 08:37:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3a589 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2018 11:02:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3a589 service to connect.


Windows Defender:
===================================
Date: 2018-04-19 18:05:54.495
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {7C04D63B-C074-4CCC-A430-338585D70EED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-19 16:40:35.728
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6D32B9D5-9AD0-4CF7-B95E-63F413E8A5B4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 22:36:56.947
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {EDB8D19F-1AB5-4E8D-86BD-5386900C8270}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 10:47:50.009
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5BFDC297-BEA5-4E23-A159-4865C03A9E90}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-01 22:52:36.987
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DA759839-93BC-4E82-B986-E0F56F1B959B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-19 17:34:24.068
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x800704c7
Error description: The operation was canceled by the user.

Date: 2018-04-19 16:37:52.877
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.11804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.866
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.865
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-19 16:37:52.800
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.207.2950.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12101.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-07-11 21:30:19.330
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-11 09:17:48.251
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-10 11:21:07.968
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-10 11:21:07.889
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iavlsp64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-10 11:09:09.182
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-07 20:52:26.350
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-06 21:36:34.708
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-20 09:09:59.546
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 53%
Total physical RAM: 3529.02 MB
Available physical RAM: 1634.54 MB
Total Virtual: 5833.02 MB
Available Virtual: 3182.35 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:446.16 GB) (Free:390.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.37 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Las piedras) (CDROM) (Total:2.24 GB) (Free:0 GB) UDF

\\?\Volume{4c0ffc9d-4d43-4f9c-9060-939827fa7f4c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4541579E)

Partition: GPT.

==================== End of Addition.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 13 July 2018 - 07:35 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Run the following programs and delete all the entries that will be found.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know what problem persists with this computer.

#6 Belit

Belit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 July 2018 - 09:43 PM

Hi, thanks for your help. I will run the adwcleaner scan again to remove them. That's what I need to do, right? I'll let you know if it gets better. Hope I did this right.

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/19/18
Scan Time: 11:56 AM
Log File: 5ade6552-8b6c-11e8-8d42-ec8eb5fad113.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.5971
License: Trial

-System Information-
OS: Windows 10 (Build 10586.1176)
CPU: x64
File System: NTFS
User: LAPTOP-HI1T83GM\Mabel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 281177
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 23 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-19.5
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-19-2018
# Duration: 00:00:51
# OS:       Windows 10 Home
# Scanned:  41739
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 



#7 Belit

Belit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 July 2018 - 10:12 PM

Hello, I ran the adwcleaner. you know what is peculiar?  Right after I found this forum and started posting here, before you answered, the situation got a bit better, by itself, (i.e. the mouse stopped misbehaving, the icon bar got less erratic, the firefox menu hasn't acted up.) That's weird.

 

But, it's still a problem. On the "action center", 3 buttons are turned on right know, (while the laptop is using the android's signal):  bluetooth, airplane mode and Android... ... if I press bluetooth, the action center closes itself down. When I look again, bluetooth is still on.  If I press the android button on the action center, the airplane mode also turns off. Then immediately after turning tethering on, the airplane mode stays off.  Hope you can see what I'm saying. Thank you!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 PM

Posted 20 July 2018 - 08:23 AM

Hi,

I must admit that I do not used the Control Center.

You may already have see this article.
https://www.thewindowsclub.com/open-use-windows-10-action-center

If you cannot solve your problem I suggest you ask for help in the Windows 10 Forum.
https://www.bleepingcomputer.com/forums/f/229/windows-10-support/

This is not malwarea not my forte.

====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users