User Tag List

help please

This is a discussion on help please within the Resolved HJT Threads forums, part of the Tech Support Forum category. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.16299.15 Run by Jack at 12:23:17 on 2018-04-06 Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7814.2253 [GMT


 
 
Thread Tools Search this Thread
Old 04-06-2018, 02:50 AM   #1
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15
Run by Jack at 12:23:17 on 2018-04-06
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.7814.2253 [GMT 3:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SEMgrSvc
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\windows\system32\sihost.exe
C:\Program Files\Elantech\ETDCtrl.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Program Files\Elantech\ETDTouch.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\WINDOWS\system32\igfxext.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Jack\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\WINDOWS\system32\osk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s DoSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\syswow64\backgroundTaskHost.exe
svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uLocal Page = %11%\blank.htm
uDefault_Page_URL = hxxp://samsung13.msn.com
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [ycAutoLaunch_822802423B0C1A64BCAACA67C9B682DB] "C:\Users\Jack\AppData\Local\yc\Application\yc.exe" /prefetch:5
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
dRunOnce: [Application Restart #1] C:\WINDOWS\System32\osk.exe
dRunOnce: [Application Restart #0] C:\WINDOWS\System32\osk.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2a0411c8-4b11-46d8-987b-41b116d52d13} : NameServer = ,,
TCP: Interfaces\{41542e40-c020-4170-a980-ebf2a10f9a82} : NameServer = ,,
TCP: Interfaces\{a9f55109-d9de-4ba7-b3b8-f2285cbf2a9d} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\34F435D4F44554D2936454131403 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\357756564784F6573756 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\7596C6C6461697 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}\85D26496C6560234F6D6075747562737 : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [RtHDVBg_SRSSA] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\System32\CbFsMntNtf3.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2013-1-7 56336]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-4 59800]
R1 cbfs3;cbfs3;C:\WINDOWS\System32\drivers\cbfs3.sys [2013-1-7 352456]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 MpKsl15463fab;MpKsl15463fab;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\MpKsl15463fab.sys [2018-4-5 58120]
R1 MpKsl537549bc;MpKsl537549bc;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F031E7-AB80-4D23-951C-041CA749921D}\MpKsl537549bc.sys [2018-3-27 58120]
R1 MpKslaade24fe;MpKslaade24fe;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8109FE7-A0FD-4C06-A048-6181337652B6}\MpKslaade24fe.sys [2018-3-23 58120]
R1 MpKslad0077f9;MpKslad0077f9;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A87F319D-70CC-4012-B5BF-6E8EF373C7C1}\MpKslad0077f9.sys [2018-3-28 58120]
R1 MpKslb0231e50;MpKslb0231e50;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93B69CBE-C2A5-49D6-B436-C66FBAAA5C32}\MpKslb0231e50.sys [2018-3-26 58120]
R1 MpKslc45df63f;MpKslc45df63f;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{079C9383-74FC-4564-A60D-2D1F3C51D46C}\MpKslc45df63f.sys [2018-3-24 58120]
R1 MpKsldff02c52;MpKsldff02c52;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF4C1803-CC14-4FAF-BE15-569D4005B6AE}\MpKsldff02c52.sys [2018-3-25 58120]
R1 SDiskWindows10;SDiskWindows10;C:\WINDOWS\System32\drivers\SDiskWindows10.sys [2016-10-4 111320]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-11-6 171664]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [2016-10-4 403264]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_130e830b;Connected Devices Platform User Service_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2015-6-19 1593664]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2016-11-11 129952]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-6 223008]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MbamChameleon.sys [2018-4-2 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-2 6479136]
R2 Oasis2Service (Smart Advisor);Oasis2Service (Smart Advisor);C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe [2017-12-11 72000]
R2 OneSyncSvc_130e830b;Sync Host_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SamsungLinkService;SamsungLinkService;C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [2016-10-4 25017064]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2015-7-15 16216]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2015-7-15 143656]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-14 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2017-10-11 3298208]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-14 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_130e830b;Windows Push Notifications User Service_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 acpials;ALS Sensor Filter;C:\WINDOWS\System32\drivers\acpials.sys [2017-9-29 11776]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-4-11 165344]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 ETD;Samsung TouchPad Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2016-11-11 444504]
R3 ETDSMBus;ETDSMBus;C:\WINDOWS\System32\drivers\ETDSMBus.sys [2015-9-23 31832]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2018-4-2 253664]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2017-9-29 3343872]
R3 PimIndexMaintenanceSvc_130e830b;Contact Data_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 RadioHIDMini;Radio HID Mini-driver;C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-7-27 23408]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-30 895256]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UnistoreSvc_130e830b;User Data Storage_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-10-10 47072]
R3 UserDataSvc_130e830b;User Data Access_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-3-2 129568]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe [2018-3-2 356152]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-10-10 188896]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2017-3-23 729048]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 icacl;icacl;C:\WINDOWS\System32\icacl.exe --> C:\WINDOWS\System32\icacl.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 DevicesFlowUserSvc_130e830b;DevicesFlow_130e830b;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-21 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_130e830b;MessagingService_130e830b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-14 192512]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_130e830b;PrintWorkflow_130e830b;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-14 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-1 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-1 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-14 75264]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-2-14 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-9-29 25088]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-05 15:32:54 58120 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\MpKsl15463fab.sys
2018-04-05 15:32:42 14558320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{519CE95E-AE07-4744-9633-948228D81EEB}\mpengine.dll
2018-04-04 10:56:40 14558320 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-02 18:31:13 -------- d--h--w- C:\$SysReset
2018-04-02 17:37:02 193768 ----a-w- C:\WINDOWS\System32\drivers\MbamChameleon.sys
2018-04-02 17:35:36 253664 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-04-02 17:35:28 76192 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-03-28 05:46:37 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A87F319D-70CC-4012-B5BF-6E8EF373C7C1}\MpKslad0077f9.sys
2018-03-27 05:05:40 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F031E7-AB80-4D23-951C-041CA749921D}\MpKsl537549bc.sys
2018-03-26 06:17:24 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93B69CBE-C2A5-49D6-B436-C66FBAAA5C32}\MpKslb0231e50.sys
2018-03-25 07:53:19 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF4C1803-CC14-4FAF-BE15-569D4005B6AE}\MpKsldff02c52.sys
2018-03-24 06:01:50 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{079C9383-74FC-4564-A60D-2D1F3C51D46C}\MpKslc45df63f.sys
2018-03-23 0648 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8109FE7-A0FD-4C06-A048-6181337652B6}\MpKslaade24fe.sys
2018-03-22 0640 1094320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BA9519F-C9D6-4E31-A0E6-0CD97E10FF2A}\gapaengine.dll
2018-03-21 12:33:07 -------- d-----w- C:\Users\Jack\AppData\Local\PlaceholderTileLogoFolder
2018-03-14 07:45:00 75168 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-03-14 07:45:00 65536 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2018-03-14 07:45:00 344576 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2018-03-14 07:45:00 162304 ----a-w- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
2018-03-14 07:45:00 155648 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
.
==================== Find3M ====================
.
2018-03-14 08:00:48 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-14 07:46:09 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-14 07:46:08 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-02 21:09:11 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-02 21:09:11 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-02 14:40:55 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-03-02 14:40:55 288296 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-03-02 14:40:55 129568 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
2018-03-01 07:11:44 93600 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2018-03-01 07:10:40 1779936 ----a-w- C:\WINDOWS\System32\mfplat.dll
2018-03-01 07:10:27 22936 ----a-w- C:\WINDOWS\System32\drivers\isapnp.sys
2018-03-01 07:09:14 1054272 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-03-01 06:51:03 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-03-01 06:48:05 1930736 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-03-01 06:39:42 213400 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-03-01 06:30:09 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-03-01 06:29:50 574960 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-03-01 06:29:08 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-03-01 06:28:27 115096 ----a-w- C:\WINDOWS\SysWow64\offlinelsa.dll
2018-03-01 06:28:20 6480616 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-03-01 06:27:39 284112 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2018-03-01 06:27:39 221592 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2018-03-01 06:26:41 1524776 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2018-03-01 06:26:41 1057816 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-03-01 06:23:01 5105664 ----a-w- C:\WINDOWS\SysWow64\AuthFWSnapin.dll
2018-03-01 06:21:25 1558856 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2018-03-01 06:09:58 25251840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-03-01 06:03:58 2902528 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-03-01 06:03:26 471552 ----a-w- C:\WINDOWS\SysWow64\AcSpecfc.dll
2018-03-01 06:01:55 6575616 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-03-01 06:01:21 19456 ----a-w- C:\WINDOWS\SysWow64\credssp.dll
2018-03-01 06:00:29 98304 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2018-03-01 05:59:03 220672 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
2018-03-01 05:58:50 368128 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2018-03-01 05:58:48 459776 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2018-03-01 05:58:43 4839424 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2018-03-01 05:58:28 405504 ----a-w- C:\WINDOWS\SysWow64\Windows.Payments.dll
2018-03-01 05:57:55 369152 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2018-03-01 05:56:13 559104 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2018-03-01 05:56:08 18922496 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-03-01 05:55:40 346112 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-03-01 05:54:52 1296896 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-03-01 05:54:44 3181568 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2018-03-01 05:54:28 463360 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2018-03-01 05:54:23 496128 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-03-01 05:54:22 3664384 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-03-01 05:53:46 863232 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-03-01 05:53:45 536576 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2018-03-01 05:53:41 246272 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-03-01 05:53:40 206848 ----a-w- C:\WINDOWS\System32\IndexedDbLegacy.dll
2018-03-01 05:53:37 56320 ----a-w- C:\WINDOWS\System32\AcSpecfc.dll
2018-03-01 05:53:37 399872 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2018-03-01 05:53:37 107520 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2018-03-01 05:53:31 97792 ----a-w- C:\WINDOWS\System32\updatecsp.dll
2018-03-01 05:53:31 92160 ----a-w- C:\WINDOWS\System32\usoapi.dll
2018-03-01 05:53:30 39424 ----a-w- C:\WINDOWS\System32\UsoClient.exe
.
============= FINISH: 12:23:37.12 ===============
Attached Files
File Type: zip attach.zip (3.0 KB, 21 views)
Jack Willday is offline  
Sponsored Links
Advertisement
 
Old 04-07-2018, 11:56 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Exactly what problem are you experiencing?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-13-2018, 12:26 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, ? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 04-14-2018, 02:34 AM   #4
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 14/04/2018
This is my third response to your emails; I have a feeling that something on my computer is stopping my responses reaching you!
chemist 11/04/2018
I responded to your posting 3 days ago but as I have not received a returned response I am sending my response again.
You requested: Exactly what problem are you experiencing?
Malwarebytes keeps finding two Pups that it cannot quarantine!
I have downloaded AdwCleaner and instructed it to run, but ¾ of the way through the run it stops, saying a problem has accrued.
I then ran as requested Farbar Recovery Scan Tool please see below logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Jack (administrator) on SAMSUNG (08-04-2018 11:16:02)
Running from C:\Users\Jack\Desktop
Loaded Profiles: Jack & (Available Profiles: Jack)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: https://www.geekstogo.com/forum/topi...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Users\Jack\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.1000_x86__wgeqdkkx372wm\Twitter.Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240352 2015-07-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922628\...\RunOnce: [Application Restart #1] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922628\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103042917\...\RunOnce: [Application Restart #1] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103042917\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [ycAutoLaunch_822802423B0C1A64BCAACA67C9B682DB] => "C:\Users\Jack\AppData\Local\yc\Application\yc.exe" /prefetch:5 <==== ATTENTION
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\Run: [ycAutoLaunch_822802423B0C1A64BCAACA67C9B682DB] => "C:\Users\Jack\AppData\Local\yc\Application\yc.exe" /prefetch:5 <==== ATTENTION
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\Run: [ycAutoLaunch_822802423B0C1A64BCAACA67C9B682DB] => "C:\Users\Jack\AppData\Local\yc\Application\yc.exe" /prefetch:5 <==== ATTENTION
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [620032 2017-09-29] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2a0411c8-4b11-46d8-987b-41b116d52d13}: [NameServer] ,,
Tcpip\..\Interfaces\{41542e40-c020-4170-a980-ebf2a10f9a82}: [NameServer] ,,
Tcpip\..\Interfaces\{a9f55109-d9de-4ba7-b3b8-f2285cbf2a9d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e6ca81cb-20bb-4bfd-8eba-6f3216d65ad7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> {823198BF-10B5-4DB6-B880-B1CBD4D08665} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726 -> {823198BF-10B5-4DB6-B880-B1CBD4D08665} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023 -> {823198BF-10B5-4DB6-B880-B1CBD4D08665} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> about:start

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\t422z5os.default [2018-01-10]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-04] (Google Inc.)
FF Plugin-x32: @Videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/","hxxps://www.google.com/"
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default [2018-04-08]
CHR Extension: (Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (IBM Security Rapport) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-14]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Open in Tor Browser) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijcjcnibopfdgbmpkgnjfdihfdeghcc [2017-08-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Full Page Screen Capture) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Tor™ Browser Button) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\goimpaiignmlnmdnpnkbbjoophmbebhp [2017-10-11]
CHR Extension: (Skype) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Deep Web) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddpfllkbkhpmijocfdlhfkpfnolccfc [2017-08-07]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-10]
CHR HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-10-04] (Samsung)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129952 2015-07-03] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Oasis2Service (Smart Advisor); C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe [72000 2015-06-21] (Digital Delivery Networks, Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [25017064 2016-10-04] (Samsung Electronics CO., LTD.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-07-15] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
S2 icacl; C:\WINDOWS\system32\icacl.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [31832 2015-07-03] (ELAN Microelectronic Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-02] (Malwarebytes)
R1 MpKsl42e28174; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D2FAF3A-4D4A-441A-A194-D38F25332E15}\MpKsl42e28174.sys [58120 2018-04-08] (Microsoft Corporation)
R1 MpKsl537549bc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F031E7-AB80-4D23-951C-041CA749921D}\MpKsl537549bc.sys [58120 2018-03-27] (Microsoft Corporation)
R1 MpKslaade24fe; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8109FE7-A0FD-4C06-A048-6181337652B6}\MpKslaade24fe.sys [58120 2018-03-23] (Microsoft Corporation)
R1 MpKslad0077f9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A87F319D-70CC-4012-B5BF-6E8EF373C7C1}\MpKslad0077f9.sys [58120 2018-03-28] (Microsoft Corporation)
R1 MpKslb0231e50; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93B69CBE-C2A5-49D6-B436-C66FBAAA5C32}\MpKslb0231e50.sys [58120 2018-03-26] (Microsoft Corporation)
R1 MpKslc45df63f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{079C9383-74FC-4564-A60D-2D1F3C51D46C}\MpKslc45df63f.sys [58120 2018-03-24] (Microsoft Corporation)
R1 MpKsldff02c52; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF4C1803-CC14-4FAF-BE15-569D4005B6AE}\MpKsldff02c52.sys [58120 2018-03-25] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-03-11] (Windows (R) 2003 DDK 3790 provider)
R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-10-04] (Samsung Inc.)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 11:16 - 2018-04-08 11:17 - 000028639 _____ C:\Users\Jack\Desktop\FRST.txt
2018-04-08 11:14 - 2018-04-08 11:14 - 002403328 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe
2018-04-08 11:07 - 2018-04-08 11:11 - 000000000 ____D C:\AdwCleaner
2018-04-08 11:01 - 2018-04-08 11:01 - 008222496 _____ (Malwarebytes) C:\Users\Jack\Desktop\AdwCleaner.exe
2018-04-06 12:23 - 2018-04-06 12:23 - 000052113 _____ C:\Users\Jack\Desktop\dds.txt
2018-04-06 12:23 - 2018-04-06 12:23 - 000010607 _____ C:\Users\Jack\Desktop\attach.txt
2018-04-06 12:22 - 2018-04-06 12:22 - 000688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.scr
2018-04-04 11:45 - 2018-04-04 11:50 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-04 11:45 - 2018-04-04 11:50 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-04 11:45 - 2018-04-04 11:45 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-04 11:45 - 2018-04-04 11:45 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-04 11:44 - 2017-01-18 10:28 - 001065376 _____ (Google Inc.) C:\Users\Jack\Desktop\ChromeSetup.exe
2018-04-04 11:41 - 2018-04-04 11:41 - 001129816 _____ (Google Inc.) C:\Users\Jack\Downloads\ChromeSetupbvh.exe
2018-04-03 07:56 - 2018-04-03 07:56 - 001129816 _____ (Google Inc.) C:\Users\Jack\Downloads\ChromeSetup (1).exe
2018-04-03 07:48 - 2018-04-03 07:48 - 001129816 _____ (Google Inc.) C:\Users\Jack\Downloads\ChromeSetup.exe
2018-04-02 21:31 - 2018-04-02 21:31 - 000000000 ___HD C:\$SysReset
2018-04-02 20:37 - 2018-04-02 20:37 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-02 20:35 - 2018-04-02 20:35 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-02 20:35 - 2018-04-02 20:35 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-02 20:35 - 2018-04-02 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-02 20:35 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-01 21:12 - 2018-04-01 21:13 - 072097648 _____ (Malwarebytes ) C:\Users\Jack\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4566.exe
2018-03-25 14:57 - 2018-03-25 14:58 - 041185407 _____ (KLCP ) C:\Users\Jack\Desktop\K-Lite_Codec_Pack_1405_Full.exe
2018-03-21 15:33 - 2018-03-21 15:33 - 000000000 ____D C:\Users\Jack\AppData\Local\PlaceholderTileLogoFolder
2018-03-17 16:03 - 2018-04-03 17:52 - 000000000 ____D C:\Users\Jack\AppData\LocalLow\Mozilla
2018-03-14 10:45 - 2018-03-01 10:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 10:45 - 2018-03-01 09:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 10:45 - 2018-03-01 09:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 10:45 - 2018-03-01 09:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 10:45 - 2018-03-01 09:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 10:44 - 2018-03-02 06:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 10:44 - 2018-03-02 06:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 10:44 - 2018-03-02 06:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 10:44 - 2018-03-02 06:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 10:44 - 2018-03-02 06:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 10:44 - 2018-03-02 06:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 10:44 - 2018-03-02 05:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 10:44 - 2018-03-01 23:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 10:44 - 2018-03-01 10:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 10:44 - 2018-03-01 10:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 10:44 - 2018-03-01 10:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 10:44 - 2018-03-01 10:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 10:44 - 2018-03-01 10:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 10:44 - 2018-03-01 10:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 10:44 - 2018-03-01 10:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 10:44 - 2018-03-01 10:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 10:44 - 2018-03-01 10:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 10:44 - 2018-03-01 10:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 10:44 - 2018-03-01 10:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 10:44 - 2018-03-01 10:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 10:44 - 2018-03-01 10:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 10:44 - 2018-03-01 10:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 10:44 - 2018-03-01 10:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 10:44 - 2018-03-01 10:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 10:44 - 2018-03-01 10:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 10:44 - 2018-03-01 10:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 10:44 - 2018-03-01 10:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 10:44 - 2018-03-01 10:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 10:44 - 2018-03-01 10:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 10:44 - 2018-03-01 10:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 10:44 - 2018-03-01 10:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 10:44 - 2018-03-01 10:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 10:44 - 2018-03-01 10:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 10:44 - 2018-03-01 10:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 10:44 - 2018-03-01 10:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 10:44 - 2018-03-01 10:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 10:44 - 2018-03-01 10:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:44 - 2018-03-01 10:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 10:44 - 2018-03-01 10:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 10:44 - 2018-03-01 10:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 10:44 - 2018-03-01 10:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 10:44 - 2018-03-01 10:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 10:44 - 2018-03-01 10:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 10:44 - 2018-03-01 10:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 10:44 - 2018-03-01 10:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 10:44 - 2018-03-01 10:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 10:44 - 2018-03-01 10:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 10:44 - 2018-03-01 10:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 10:44 - 2018-03-01 10:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 10:44 - 2018-03-01 09:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 10:44 - 2018-03-01 09:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 10:44 - 2018-03-01 09:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 10:44 - 2018-03-01 09:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 10:44 - 2018-03-01 09:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 10:44 - 2018-03-01 09:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 10:44 - 2018-03-01 09:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:44 - 2018-03-01 09:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 10:44 - 2018-03-01 09:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 10:44 - 2018-03-01 09:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 10:44 - 2018-03-01 09:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 10:44 - 2018-03-01 09:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 10:44 - 2018-03-01 09:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 10:44 - 2018-03-01 09:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 10:44 - 2018-03-01 09:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 10:44 - 2018-03-01 09:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 10:44 - 2018-03-01 09:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 10:44 - 2018-03-01 09:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 10:44 - 2018-03-01 09:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 10:44 - 2018-03-01 09:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 10:44 - 2018-03-01 09:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 10:44 - 2018-03-01 09:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 10:44 - 2018-03-01 08:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 10:44 - 2018-03-01 08:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 10:44 - 2018-03-01 08:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 10:44 - 2018-03-01 08:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 10:44 - 2018-03-01 08:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 10:44 - 2018-03-01 08:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 10:44 - 2018-03-01 08:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 10:44 - 2018-03-01 08:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 10:44 - 2018-03-01 08:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 10:44 - 2018-03-01 08:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 10:44 - 2018-03-01 08:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 10:44 - 2018-03-01 08:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 10:44 - 2018-03-01 08:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 10:44 - 2018-03-01 08:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 10:44 - 2018-03-01 08:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 10:44 - 2018-03-01 08:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 10:44 - 2018-03-01 08:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 10:44 - 2018-03-01 08:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 10:44 - 2018-03-01 08:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 10:44 - 2018-03-01 08:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 10:44 - 2018-03-01 08:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 10:44 - 2018-03-01 08:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 10:44 - 2018-03-01 08:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 10:44 - 2018-03-01 08:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 10:44 - 2018-03-01 08:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 10:44 - 2018-03-01 08:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 10:44 - 2018-03-01 08:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 10:44 - 2018-03-01 08:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 10:44 - 2018-03-01 08:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 10:44 - 2018-03-01 08:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 10:44 - 2018-03-01 08:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 10:44 - 2018-03-01 08:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 10:44 - 2018-03-01 08:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 10:44 - 2018-03-01 08:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 10:44 - 2018-03-01 08:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 10:44 - 2018-03-01 08:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 10:44 - 2018-03-01 08:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 10:44 - 2018-03-01 08:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 10:44 - 2018-03-01 08:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 10:44 - 2018-03-01 08:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 10:44 - 2018-03-01 08:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 10:44 - 2018-03-01 08:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 10:44 - 2018-03-01 08:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 10:44 - 2018-03-01 08:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 10:44 - 2018-03-01 08:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 10:44 - 2018-03-01 08:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 10:44 - 2018-03-01 08:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 10:44 - 2018-03-01 08:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 10:44 - 2018-03-01 08:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 10:44 - 2018-03-01 08:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 10:44 - 2018-03-01 08:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 10:44 - 2018-03-01 08:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 10:44 - 2018-03-01 08:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 10:44 - 2018-03-01 08:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 10:44 - 2018-03-01 08:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 10:44 - 2018-03-01 08:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 10:44 - 2018-03-01 08:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 10:44 - 2018-03-01 08:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 10:44 - 2018-03-01 08:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 10:44 - 2018-03-01 08:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 10:44 - 2018-03-01 08:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 10:44 - 2018-03-01 08:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 10:44 - 2018-03-01 08:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 10:44 - 2018-03-01 08:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 10:44 - 2018-03-01 08:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 10:44 - 2018-03-01 08:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 10:44 - 2018-02-22 05:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 10:44 - 2018-02-22 05:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 10:44 - 2018-02-22 05:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 10:44 - 2018-02-22 05:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 10:44 - 2018-02-22 05:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 10:44 - 2018-02-22 05:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 10:44 - 2018-02-22 05:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 10:44 - 2018-02-22 05:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 10:44 - 2018-02-22 05:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 10:44 - 2018-02-22 05:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 10:44 - 2018-02-22 05:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 10:44 - 2018-02-22 05:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 10:44 - 2018-02-22 05:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 10:44 - 2018-02-22 05:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 10:44 - 2018-02-22 05:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 10:44 - 2018-02-22 05:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 10:44 - 2018-02-22 04:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 10:44 - 2018-02-22 04:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 10:44 - 2018-02-22 04:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 10:44 - 2018-02-22 04:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 10:44 - 2018-02-22 04:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 10:44 - 2018-02-22 04:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 10:44 - 2018-02-22 04:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 10:44 - 2018-02-22 04:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 10:44 - 2018-02-22 03:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 10:44 - 2018-02-22 03:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 10:44 - 2018-02-22 03:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 10:44 - 2018-02-22 03:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 10:44 - 2018-02-22 03:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 10:44 - 2018-02-22 03:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 10:44 - 2018-02-22 03:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 10:44 - 2018-02-22 03:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 10:44 - 2018-02-22 03:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 10:44 - 2018-02-22 03:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-09 22:12 - 2018-03-11 09:54 - 000010913 _____ C:\Users\Jack\Documents\Brian Stamps.xlsx
2018-03-09 16:07 - 2018-03-09 16:07 - 000000069 _____ C:\Users\Jack\AppData\default.pls
2018-03-09 15:13 - 2018-03-09 15:13 - 000000515 _____ C:\Users\Jack\Desktop\Media_Player_Setup.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 11:16 - 2015-10-01 20:42 - 000000000 ____D C:\FRST
2018-04-08 11:16 - 2015-08-20 08:36 - 000000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2018-04-08 11:02 - 2013-04-22 12:56 - 000000000 ____D C:\Users\Jack\Documents\Stamps
2018-04-08 10:35 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-08 10:34 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-08 10:34 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-08 10:29 - 2017-12-01 13:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-06 12:23 - 2017-09-29 16:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-04 11:45 - 2013-04-20 09:01 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-03 07:58 - 2013-01-07 12:30 - 000000000 ____D C:\ProgramData\WinClon
2018-04-03 07:55 - 2016-07-30 02:57 - 000000000 __SHD C:\Users\Jack\IntelGraphicsProfiles
2018-04-03 07:28 - 2017-12-01 13:22 - 000000000 ____D C:\Users\Jack\AppData\Local\Packages
2018-04-03 07:27 - 2013-01-07 12:36 - 000000000 ____D C:\ProgramData\PopCap Games
2018-04-02 20:35 - 2017-12-27 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 13:46 - 2017-12-01 13:27 - 002253598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-02 13:45 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-02 11:10 - 2017-12-01 13:22 - 000000000 ____D C:\Users\Jack
2018-03-29 07:49 - 2017-12-01 13:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-25 15:00 - 2017-12-01 13:28 - 000003214 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-03-25 15:00 - 2017-08-12 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-03-25 15:00 - 2017-08-12 09:26 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-03-23 15:41 - 2013-04-20 09:21 - 000000000 ____D C:\Users\Jack\AppData\Roaming\vlc
2018-03-21 15:20 - 2017-09-29 11:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-18 11:47 - 2017-04-10 12:13 - 000000000 ____D C:\Users\Jack\Desktop\New folder for img's
2018-03-16 11:55 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-14 18:45 - 2017-12-01 13:32 - 000000000 ___RD C:\Users\Jack\3D Objects
2018-03-14 18:45 - 2016-04-27 09:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 18:44 - 2017-12-01 13:21 - 003405960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 18:44 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 18:44 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-03-14 18:44 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 18:44 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 11:03 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 11:02 - 2013-07-22 12:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 11:00 - 2017-10-11 12:42 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 11:00 - 2013-04-20 08:50 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 10:46 - 2017-09-29 16:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 10:46 - 2017-09-29 16:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 10:04 - 2017-12-01 13:28 - 000004582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-14 10:04 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-14 10:04 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2015-02-03 14:46 - 2015-02-03 14:46 - 000000288 _____ () C:\Users\Jack\AppData\Roaming\A88DA3BB.reg
2013-04-19 18:54 - 2014-05-02 09:32 - 000093751 _____ () C:\Users\Jack\AppData\Roaming\AbsoluteReminder.xml
2015-02-03 14:46 - 2015-02-03 14:46 - 000009728 _____ () C:\Users\Jack\AppData\Roaming\mcp.ico
2015-01-28 17:12 - 2015-01-28 17:12 - 000000017 _____ () C:\Users\Jack\AppData\Local\resmon.resmoncfg
2013-04-19 19:04 - 2013-04-19 19:05 - 000021680 _____ () C:\Users\Jack\AppData\Local\WiDiSetupLog.20130419.090436.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-04 20:00

==================== End of FRST.txt ============================
Jack Willday is offline  
Old 04-14-2018, 02:54 AM   #5
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 14/04/2018
When I tried to send both attachments I one reply it was too large for your system, so I am now copy & pasting the second report.
Additional information for you!
Malwarebytes ran a scan this morning found two PUP’s and quarantine both!
When I tried to run AdwCleaner it said that my version was out of date, so I downloaded the new version and tried to run it! It would not run!
chemist 14/04/2018
This is my third response to your emails; I have a feeling that something on my computer is stopping my responses reaching you!
chemist 11/04/2018
I responded to your posting 3 days ago but as I have not received a returned response I am sending my response again.
You requested: Exactly what problem are you experiencing?
Malwarebytes keeps finding two Pups that it cannot quarantine!
I have downloaded AdwCleaner and instructed it to run, but ¾ of the way through the run it stops, saying a problem has accrued.
I then ran as requested Farbar Recovery Scan Tool please see below logs.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Jack (08-04-2018 11:18:32)
Running from C:\Users\Jack\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-01 10:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1207694035-1696072749-1821295723-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1207694035-1696072749-1821295723-503 - Limited - Disabled)
Guest (S-1-5-21-1207694035-1696072749-1821295723-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1207694035-1696072749-1821295723-1005 - Limited - Enabled)
Jack (S-1-5-21-1207694035-1696072749-1821295723-1001 - Administrator - Enabled) => C:\Users\Jack
WDAGUtilityAccount (S-1-5-21-1207694035-1696072749-1821295723-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AVG (HKLM\...\{7A96D540-38DD-4D02-88E0-139B8074653A}) (Version: 16.141.7998 - AVG Technologies) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitcasa version 0.9.20.4133 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4133 - Bitcasa Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-7515 Series Printer Uninstall (HKLM\...\EPSON WF-7515 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare X64 11.7.33.1_WHQL (HKLM\...\Elantech) (Version: 11.7.33.1 - ELAN Microelectronic Corp.)
Galerie foto (HKLM-x32\...\{A4A06F18-206F-476C-9D57-E272B446B09C}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Host Service (HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Host Service) (Version: - ) <==== ATTENTION
Host Service (HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\Host Service) (Version: - ) <==== ATTENTION
Host Service (HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\Host Service) (Version: - ) <==== ATTENTION
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
K-Lite Codec Pack 14.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{02082E30-6019-4F5B-B55C-025F4CE5D335}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{74D68BE3-3804-4066-A244-B4C7A9D9F156}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{78136417-2ABA-47D0-A462-FBF55155EF8B}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431033}) (Version: 7.02.9755 - Nero AG)
Oasis2Service (Smart Advisor) (HKLM-x32\...\Oasis2Service (Smart Advisor)) (Version: 2.0.675.7 - DDNi)
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.)
S Agent (HKLM\...\{061881E0-653B-41CA-839E-2BA6569B5FEE}) (Version: 1.1.69 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link (HKLM\...\{5A1F24BA-845E-4C89-BFF0-826FD9A6D4EB}) (Version: 2.0.2 - Samsung Electronics Co., Ltd.)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{05068BA6-4AAB-4A47-8BAD-2141F4E9C15D}) (Version: 2.2.52 - Samsung Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.2.002.0 - Seagate)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Smart Advisor (HKLM-x32\...\Smart Advisor) (Version: 2.0.675.700 - DDNi)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Stockmarket Investor 3 (HKLM-x32\...\Investor_3) (Version: - )
Stockmarket Investor 4 (HKLM-x32\...\Stockmarket Investor 4_is1) (Version: - Meridian Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{B1C9F5CF-2EE4-414A-906B-37896B032E8F}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Συλλογή φωτογραφιών (HKLM-x32\...\{6C4BAF40-14F7-44F2-9B9A-C697DA797EF4}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Фотогалерия (HKLM-x32\...\{7AFB4A8D-F1CE-41E5-A18A-00A095447632}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconCreated] -> {D130049C-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-10-04] (Samsung Electronics CO., LTD.)
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconRenamed] -> {D130049D-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-10-04] (Samsung Electronics CO., LTD.)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {F133724C-9672-4202-9C2C-956661CBCB1E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {F133724C-9672-4202-9C2C-956661CBCB1E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-03-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-11-27] (Bitcasa, Inc)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-11-27] (Bitcasa, Inc)
ContextMenuHandlers2: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-11-27] (Bitcasa, Inc)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-03-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-11-27] (Bitcasa, Inc)
ContextMenuHandlers6: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-11-27] (Bitcasa, Inc)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {036ECABC-1F3D-44A7-8B89-9CDFEAA42E1F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {04A962CB-A536-497B-808D-A0F42E587D62} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {05868A10-74F6-4D2A-99DA-5027B34424F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {23263B28-6ABD-4707-987A-ED7C8B6537F5} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-07-15] (Seagate Technology LLC)
Task: {284E77CE-A488-4351-B0BB-120351E4D8E7} - System32\Tasks\Jack => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {2CED0959-55AF-43A5-871E-F5F587F33B95} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-03-19] ()
Task: {31B018AD-2555-4F3A-A0A5-691C56E43B37} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3A6A7B82-D3A5-4CEF-ABDB-4DAAC43A86E9} - System32\Tasks\DDNi Startup (Smart Advisor) => C:\Program Files (x86)\DDNi\Smart Advisor\DDNiStartup.exe [2015-06-21] (Digital Delivery Networks, Inc.)
Task: {3EF2F685-F0DC-4420-9294-68ECC4A0AE98} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor)
Task: {420AE6FE-588B-4857-BAE6-FAC2CFD90C23} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {43244336-E24B-4C03-B4EA-D16946550829} - System32\Tasks\0316avzUpdateInfo => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe
Task: {486C6487-8126-4975-9C7A-B7958C53F434} - System32\Tasks\{9C0F99CD-B46F-466B-91F7-5136B5BC453F} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120.259&LastError=404
Task: {4941C8DF-8272-4909-8A0D-624E08B6C3DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4EA4E2C2-4A72-4C1D-BDC1-996364D34A50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-04] (Google Inc.)
Task: {4EF46444-2020-4928-B4D0-F6BA0834A8BE} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {5146FC73-281E-4141-9D50-B4C6F2932AF4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5A22B93C-0B3A-4B09-9487-8C4C53FF503B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5A92244F-0D93-4DFC-AF9D-97893A60AD89} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-23] (Samsung Electronics CO., LTD.)
Task: {5D75E6DC-217C-4A00-9E9E-47E84477B9EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5F5683AC-C3F7-4993-8783-731BB557449C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {689EF17E-7A20-42F7-B1A7-9FA23B7EB7FD} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-28] (Realtek Semiconductor)
Task: {6DB61030-0A4E-481C-8934-E52FE9D712F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7262221F-913D-443E-B103-1BF0BEAE54B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72859FEC-1077-4E31-9F70-D5701B50EC21} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {774AE583-0D2E-4ED4-98CD-4056F948B879} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CC54FAB-AE22-4B74-90C1-AAC35BEB9B70} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {8736182F-0CC1-49A9-ADAB-167BBC803128} - System32\Tasks\SamsungLinkTray => C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe [2016-10-04] (Samsung Electronics CO., LTD.)
Task: {8872A22B-2C31-423F-BFAF-6873F0DEA468} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2017-04-26] (Samsung Electronics Co., Ltd.)
Task: {982DDDA3-89DF-4FB3-BF1E-62937985CD8C} - System32\Tasks\Jack Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {9D95A1FD-ACA9-4401-921D-5C09833C95E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A1A3E95E-0F9A-4C97-82C4-A8FC461B6850} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {A23CE934-B16E-4884-9A08-0DFFC32A468D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A321D1AA-7E8B-476F-895D-B6DDF72A256E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AA43999C-B620-404F-9DB7-B1D5EF9027B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B0E2DCBE-44B7-49AB-BB73-DC243FE455FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-04] (Google Inc.)
Task: {B5A3D0B3-BF45-4573-82FD-0B3CEDEAF8EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {BE6B8FC3-9E37-46D3-91EE-6E47DA8DBB24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C6325D68-1977-4992-881C-FD2D850A88E8} - System32\Tasks\Smart Advisor (defaultuser1) => C:\Program Files (x86)\DDNi\Smart Advisor\CenterStage.exe [2015-06-21] (Digital Delivery Networks, Inc.)
Task: {C9B59459-E942-4DFD-A301-6B027A5996BF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {DD87F137-B11B-4C64-827D-FB18FDD22932} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC)
Task: {E1F18E2C-E26F-4C8F-810C-4E5AFB9FACE6} - System32\Tasks\{0CBECC68-672D-4D4E-BBE0-77105BC5F3D1} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120.259&LastError=404
Task: {E8112408-336A-4FA2-AE07-A2D69D204A06} - System32\Tasks\Smart Advisor (Jack) => C:\Program Files (x86)\DDNi\Smart Advisor\CenterStage.exe [2015-06-21] (Digital Delivery Networks, Inc.)
Task: {EE9B9E0A-2E8C-4514-8EF6-2D3E01BCB28D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {F3684B79-864B-4BF0-85A0-00E1F67FE793} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F7A37E41-04C8-4F2C-93BD-AED068486FDB} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {FBEEF0DC-81AA-4579-9F52-F83AAE5EBD21} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0316avzUpdateInfo.job => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-04 17:09 - 2016-10-04 17:09 - 000143080 _____ () C:\Program Files\Samsung\SamsungLink\Logger.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 002817768 _____ () C:\Program Files\Samsung\SamsungLink\scs_masi.dll
2018-04-02 20:35 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 16:41 - 2017-09-29 16:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-10-04 17:09 - 2016-10-04 17:09 - 002041064 _____ () C:\Program Files\Samsung\SamsungLink\SLCtxMenuExtension.dll
2013-04-20 09:22 - 2011-03-02 12:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2018-03-14 10:44 - 2018-02-22 03:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 10:44 - 2018-02-22 03:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 08:56 - 2018-03-24 08:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 08:56 - 2018-03-24 08:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 08:56 - 2018-03-24 08:57 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 08:56 - 2018-03-24 08:57 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-24 08:56 - 2018-03-24 08:57 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-17 15:27 - 2018-03-17 16:03 - 003630080 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2018-04-04 11:45 - 2018-03-20 09:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-04 11:45 - 2018-03-20 09:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-06 08:57 - 2018-04-06 08:57 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 08:37 - 2018-03-09 08:37 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-03 07:12 - 2018-04-03 07:13 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-04-03 07:12 - 2018-04-03 07:13 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-28 10:55 - 2017-09-28 11:26 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-16 17:47 - 2018-02-16 20:20 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-04-03 07:12 - 2018-04-03 07:13 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-04-03 07:12 - 2018-04-03 07:13 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 09:25 - 2018-03-01 09:28 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-02 10:46 - 2018-02-02 10:47 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-30 08:37 - 2018-03-30 08:38 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-04-03 07:12 - 2018-04-03 07:13 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\SKU.dll
2018-03-23 09:00 - 2018-03-23 09:00 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe
2018-03-13 09:30 - 2018-03-13 09:31 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-02-21 22:52 - 2018-02-21 22:52 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-21 22:52 - 2018-02-21 22:52 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-21 22:52 - 2018-02-21 22:52 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 10:36 - 2017-09-26 10:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 22:52 - 2018-02-21 22:52 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2018-04-07 07:39 - 2018-04-07 07:40 - 000016384 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.1000_x86__wgeqdkkx372wm\Twitter.Windows.exe
2017-12-11 16:30 - 2015-06-21 00:45 - 000045888 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\OasisCloudModel.dll
2017-12-11 16:30 - 2015-06-21 00:45 - 000017216 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\OasisCloudClient.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 001138176 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DMSManager.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000227840 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_serialization-vc90-mt-1_47.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000107008 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMCDP.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000032768 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\Autobackup.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000055808 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RosettaAllShare.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000038912 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_date_time-vc90-mt-1_47.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000046592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_thread-vc90-mt-1_47.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000012800 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_system-vc90-mt-1_47.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000707072 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ContentDirectoryPresenter.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000102400 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\FolderCDP.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000041472 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DirectoryScanner.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000078336 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MetadataFramework.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000520234 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\sqlite3.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000450560 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MoodExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 005717504 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMImgExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000028672 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AutoChaptering.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000028160 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AudioExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000017920 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000013824 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\TextExtractor.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoThumb.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000064000 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ID3Driver.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000022528 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RichInfoDriver.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000125952 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ThumbnailMaker.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000137216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoMetadataDriver.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\SECMetaDriver.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 004671488 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avcodec-52.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000686080 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avformat-52.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000152064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\swscale-0.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000366592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\tag.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000289792 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libThumbnail.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 001033216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageMagickWrapper.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000290816 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libKeyFrame.dll
2016-10-04 17:08 - 2016-10-04 17:08 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\photoDriver.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000147456 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexpat.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000070656 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avutil-50.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000399826 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexif-12.dll.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 000044032 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\us.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 001272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 15:55 - 2015-06-19 15:55 - 000102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2017-09-26 22:22 - 2017-09-26 22:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2000-01-01 03:00 - 2018-03-17 16:03 - 000093095 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\libssp-0.dll
2018-03-17 15:27 - 2018-03-17 16:03 - 000107520 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
2018-03-17 15:27 - 2018-03-17 16:03 - 000717225 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
2018-03-17 15:27 - 2018-03-17 16:03 - 000093095 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2018-03-17 15:27 - 2018-03-17 16:03 - 000523022 _____ () C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2018-04-07 07:39 - 2018-04-07 07:40 - 017818112 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.1000_x86__wgeqdkkx372wm\Twitter.Windows.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2016-05-22 14:27 - 000001188 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 czzsyzgm.com
127.0.0.1 czzsyzxl.com*-&nbspThis website is for sale!*-&nbspczzsyzxl Resources and Information.
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 czzsyzgm.com
127.0.0.1 czzsyzxl.com*-&nbspThis website is for sale!*-&nbspczzsyzxl Resources and Information.
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922660\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103042961\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922701\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103042994\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\StartupApproved\Run: => "Torrentex"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726\...\StartupApproved\Run: => "Torrentex"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023\...\StartupApproved\Run: => "Torrentex"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1F50DB66-8B37-4191-9B68-FDCE973CAD4C}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{6DFE6F8D-A585-410E-89A9-A46EA515734B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{1F2F62A2-97BD-4CD6-AFE4-1B84854F092C}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{E9BFD355-3DB8-4758-A798-3754FC345763}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{859259DF-CF5A-43B3-B262-F68BAC1407C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AA754469-2B12-42F8-B081-A6ED5DEF24CB}] => (Allow) LPort=1900
FirewallRules: [{B1250E3C-E045-4C70-B444-554D15DD99C3}] => (Allow) LPort=2869
FirewallRules: [{3F4BD563-863A-4FA0-820A-10B00D937024}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{F03AE240-4F60-4955-A29E-0DED376D3B7A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BF5A93B-582E-4BC9-A626-6ABDBCF3BF48}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6689C901-C370-42ED-9FCE-187AF703912F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2158775F-89CD-4873-B9FE-A191B831E6DC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{596E74D8-AAC7-40A8-9DD8-932A13FC8CE0}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{C1970865-DFA7-4631-9E04-04027DF521BE}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{58E30DFE-BF76-44C4-B351-0365721BD1CA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{C0B71D5D-2468-4914-91DF-A8B540FFB564}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{0ED8253A-F7EE-454C-8EAB-6071D3E7A18B}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{29419A50-3E1B-4C53-B7A3-6F095379D5B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D08C398-698D-4980-BB95-18440BC8C27C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{910A9969-7A39-41B4-932C-B1C1AE7670DD}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{715AF287-F9EF-424D-B4C6-855EA3C5B3FE}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{1BFC19C9-C08F-448F-8D5E-D9E8996B5895}] => (Allow) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
FirewallRules: [{B353A3F7-7579-40B3-AADD-430E1D601BA3}] => (Allow) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
FirewallRules: [{1A8E8208-3E53-4104-9F65-91C686EDA8A8}] => (Allow) LPort=24234
FirewallRules: [{876D0199-713B-4E63-A6D1-F6B28AB7D5F4}] => (Allow) LPort=7900
FirewallRules: [{AA54F7AD-EDC0-4B4C-81A1-6FBF7A7F1BD2}] => (Allow) LPort=7676
FirewallRules: [{1F840A12-DEF9-4A5F-B4D4-F813DE4B4079}] => (Allow) LPort=7679
FirewallRules: [{80F5E172-1697-426F-AB40-B6D7BBBB5360}] => (Allow) LPort=8743
FirewallRules: [{66536F83-A1C5-4C40-8A9B-C25BB2268D62}] => (Allow) LPort=8643
FirewallRules: [{796907C1-D938-4B6F-9B27-366C16A27B94}] => (Allow) LPort=1900
FirewallRules: [{848C2DF9-ABBA-4A63-8770-ACE1E9B7D138}] => (Allow) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
FirewallRules: [{C8ADC60F-3D34-4289-AEDF-232F0FB36E28}] => (Allow) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
FirewallRules: [{261940B0-EBEF-4E64-A2BA-051D831C2B31}] => (Allow) LPort=1900
FirewallRules: [{CF72700D-382A-46A0-972A-F67AD7DC62B4}] => (Allow) LPort=2869
FirewallRules: [{579FB9D7-6644-43F8-8169-10B077E920C9}] => (Allow) LPort=16720
FirewallRules: [{8A1D9861-5BAF-4233-A5B6-5801E9B492B8}] => (Allow) LPort=16720
FirewallRules: [{FAC0C836-5C76-4DD0-89C1-E34B7D2AC0E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A6154B03-5CA0-4EB3-B7A7-3980D64C22BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{AA70AD86-F096-4DF1-8E1B-203F11C14E58}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A90F4983-B3EA-44AF-A052-F9CB37E9BA08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6B2EF488-5E4C-4E73-BFBB-C0988EBD4C05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{90F6071E-EF04-444C-ADCF-ADFBA77F316C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{15F033D9-C793-45D6-BE02-862E8058D46F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5C736974-F850-4523-8FC2-1947853F393D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{403237D6-E466-4E2C-A2D3-9541190D522B}] => (Allow) C:\Users\Jack\AppData\Local\yc\Application\yc.exe
FirewallRules: [{69246269-70FC-4558-BE70-B2F9C0D5402F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-03-2018 13:21:31 Scheduled Checkpoint
23-03-2018 17:38:12 Scheduled Checkpoint
02-04-2018 14:53:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2018 11:13:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0xad28f15f
Faulting process id: 0xc05c
Faulting application start time: 0x01d3cf112a64cd0a
Faulting application path: C:\Users\Jack\Desktop\AdwCleaner.exe
Faulting module path: unknown
Report Id: 9b3900e0-0e6b-4c13-8fdf-4d2e4d434c5f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/08/2018 11:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Faulting module name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Exception code: 0xc0000409
Fault offset: 0x0007d987
Faulting process id: 0xc05c
Faulting application start time: 0x01d3cf112a64cd0a
Faulting application path: C:\Users\Jack\Desktop\AdwCleaner.exe
Faulting module path: C:\Users\Jack\Desktop\AdwCleaner.exe
Report Id: 19aeacba-1433-4060-8599-c82fa1aa59df
Faulting package full name:
Faulting package-relative application ID:

Error: (04/08/2018 11:10:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x0b034590
Faulting process id: 0xa0c8
Faulting application start time: 0x01d3cf10aacb0099
Faulting application path: C:\Users\Jack\Desktop\AdwCleaner.exe
Faulting module path: unknown
Report Id: d42b0f3a-0c48-46f9-9a1a-d98f18194e41
Faulting package full name:
Faulting package-relative application ID:

Error: (04/08/2018 11:09:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Faulting module name: AdwCleaner.exe, version: 7.0.8.0, time stamp: 0x5a7cb095
Exception code: 0xc0000409
Fault offset: 0x0007d980
Faulting process id: 0xa0c8
Faulting application start time: 0x01d3cf10aacb0099
Faulting application path: C:\Users\Jack\Desktop\AdwCleaner.exe
Faulting module path: C:\Users\Jack\Desktop\AdwCleaner.exe
Report Id: f8a59a2f-43fb-4647-9be4-75d5419f7cac
Faulting package full name:
Faulting package-relative application ID:

Error: (04/04/2018 11:43:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.0.0.1429, time stamp: 0x5ab557ae
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x0018e4f3
Faulting process id: 0xbe90
Faulting application start time: 0x01d3cbf107b2b355
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: abd55e49-a070-43dc-852f-cd3542670858
Faulting package full name:
Faulting package-relative application ID:

Error: (04/04/2018 11:38:40 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (04/04/2018 11:38:40 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (04/01/2018 12:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.248, time stamp: 0x18ee648b
Faulting module name: SLCtxMenuExtension.dll, version: 0.0.0.0, time stamp: 0x57f3ff66
Exception code: 0xc0000005
Fault offset: 0x0000000000078753
Faulting process id: 0x1bd4
Faulting application start time: 0x01d3c7199e9a00f7
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Program Files\Samsung\SamsungLink\SLCtxMenuExtension.dll
Report Id: f2fb5f90-603d-47b1-b00a-9979d69c0572
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/08/2018 10:32:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/08/2018 02:29:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2018 07:42:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2018 01:56:44 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 68-1D-EF-07-B7-54. Network operations on this system may
be disrupted as a result.

Error: (04/07/2018 01:03:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2018 12:13:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2018 11:54:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2018 11:52:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-07 10:31:01.246
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EB159B76-5BF3-4501-A29B-9EE74478F759}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-07 1058.010
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DD20422B-9395-4F85-A80D-2FA5806D75B7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-07 08:39:14.747
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1794D9FF-4BCD-49D3-B918-7EF7D290D3ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-28 14:54:27.588
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AC41DAE4-7F81-41CC-8DD6-F52E178A7A85}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-27 09:08:57.196
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8EF3FCB9-8BB5-4303-98E1-FD28646268BF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-29 07:59:05.732
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1607.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-29 07:59:05.731
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-29 07:59:05.726
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1607.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-29 07:59:05.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1607.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-29 07:59:05.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1607.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-04-03 07:58:59.819
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:50.994
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:40.371
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:26.526
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:16.526
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:15.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:07.336
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-03 07:56:07.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 77%
Total physical RAM: 7813.53 MB
Available physical RAM: 1785.36 MB
Total Virtual: 14687.31 MB
Available Virtual: 6060.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:210.5 GB) (Free:135.7 GB) NTFS

\\?\Volume{55e14f03-9a89-4008-8657-59f064ce2065}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS
\\?\Volume{e5ae4881-be75-4a5c-ba79-17daba54d3e7}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
\\?\Volume{a4d0dc7c-43c6-4bb0-9cb3-c9817c3a264b}\ () (Fixed) (Total:0.94 GB) (Free:0.48 GB) NTFS
\\?\Volume{63e4709b-8678-410b-b702-1ed18007085b}\ (SAMSUNG_REC2) (Fixed) (Total:25.12 GB) (Free:0.95 GB) NTFS
\\?\Volume{223b28ef-7040-4167-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.31 GB) FAT32
\\?\Volume{5984f8e2-55ca-11e6-aa2a-c8f733d26184}\ () (Removable) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C95A723A)

Partition: GPT.

==================== End of Addition.txt ============================
Jack Willday is offline  
Old 04-14-2018, 06:49 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Jack Willday. What exactly are the 2 PUPs that MBAM detects?

------------------------------------------------------

Do you see this entry in your Programs and Features?

Host Service

Did you install it? Do you know what it is?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-15-2018, 05:43 AM   #7
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 15/04/2018
Thank for your response:
What exactly are the 2 PUPs that MBAM detects? They were just a list of letters and number sent from .ru
They all the time through up a whole list of unwanted programs!!! I have a gut feeling that they have now embedded themselves into “Google Chrome” as every time I open Chrome a whole list of Russian programs and advertisements, open up on my computer.
Do you see this entry in your Programs and Features? No
chemist 14/04/2018
When I tried to send both attachments I one reply it was too large for your system, so I am now copy & pasting the second report.
Additional information for you!
Malwarebytes ran a scan this morning found two PUP’s and quarantine both!
When I tried to run AdwCleaner it said that my version was out of date, so I downloaded the new version and tried to run it! It would not run!
chemist 14/04/2018
This is my third response to your emails; I have a feeling that something on my computer is stopping my responses reaching you!
chemist 11/04/2018
I responded to your posting 3 days ago but as I have not received a returned response I am sending my response again.
You requested: Exactly what problem are you experiencing?
Malwarebytes keeps finding two Pups that it cannot quarantine!
I have downloaded AdwCleaner and instructed it to run, but ¾ of the way through the run it stops, saying a problem has accrued.
I then ran as requested Farbar Recovery Scan Tool please see below logs.
Jack Willday is offline  
Old 04-15-2018, 03:47 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack Willday. Are you sure you don't see this entry in Programs and Features in your Control Panel?

Host Service

It's listed as installed in all the logs you posted.

------------------------------------------------------

Please download SystemLook from here and save it to your Desktop.
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    Host Service
    {ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-16-2018, 12:18 AM   #9
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 16/04/2018
Thank for your response:
I received your notification this morning and tried to follow your instructions!
Clicked on download from “here”, up popped an unwanted program, closed the unwanted program, and tried again, the SystemLook_x64 desktop icon had a circle going round and round for ¾ of 1 hour, and did not enter the program.
At night I normally only put my computer to sleep, my head said to me maybe this is a problem, I do this because when fully closing down my computer in the past, I have had problems getting it to start in a morning. This morning was the same, it was at the third attempt that my computer booted up and started working.
I clicked again on the SystemLook_x64 icon and the program worked strait away, I ask it to run, which it did and produced a log copied below.
The only program I inadvertently downloaded was what I thought was a Windows update was all other programmes were installed by professionals.
SystemLook 30.07.11 by jpshortstuff
Log created at 09:11 on 16/04/2018 by Jack
Administrator - Elevation successful

========== regfind ==========

Searching for "Host Service"
[HKEY_CURRENT_USER\Software\Host Service]
[HKEY_CURRENT_USER\Software\Host Service]
@="C:\Users\Jack\AppData\Local\Host Service"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"DisplayName"="Host Service"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"UninstallString"="C:\Users\Jack\AppData\Local\Host Service\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\NSSM]
"EventMessageFile"="C:\Users\Jack\AppData\Local\Host Service\nssm.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NSSM]
"EventMessageFile"="C:\Users\Jack\AppData\Local\Host Service\nssm.exe"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\system32\hvhostsvc.dll,-100"="HV Host Service"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-100"="Windows Encryption Provider Host Service"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\System32\smphost.dll,-101"="Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed."
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-101"="Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Host Service]
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Host Service]
@="C:\Users\Jack\AppData\Local\Host Service"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"DisplayName"="Host Service"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"UninstallString"="C:\Users\Jack\AppData\Local\Host Service\uninstall.exe"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\system32\hvhostsvc.dll,-100"="HV Host Service"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-100"="Windows Encryption Provider Host Service"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\System32\smphost.dll,-101"="Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed."
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-101"="Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts"

Searching for "{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}"
No data found.

-= EOF =-
Jack Willday is offline  
Old 04-16-2018, 12:53 AM   #10
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 16/04/2018
Thank for your response:
My edited responce!
I received your notification this morning and tried to follow your instructions!
Clicked on download from “here”, up popped an unwanted program, closed the unwanted program, and tried again, the SystemLook_x64 desktop icon had a circle going round and round for ¾ of 1 hour, and did not enter the program.
At night I normally only put my computer to sleep, my head said to me maybe this is a problem, I do this because when fully closing down my computer in the past, I have had problems getting it to start in a morning. However I switch off my computer this morning and I had the same problem, it was at the third attempt that my computer booted up and started working.
I clicked again on the SystemLook_x64 icon and the program worked strait away, I ask it to run, which it did and produced a log copied below.
The only program I inadvertently downloaded was what I thought was a Windows update was “Media_Player_Setup.torrent” all other programmes were installed by professionals.
SystemLook 30.07.11 by jpshortstuff
Log created at 09:11 on 16/04/2018 by Jack
Administrator - Elevation successful

========== regfind ==========

Searching for "Host Service"
[HKEY_CURRENT_USER\Software\Host Service]
[HKEY_CURRENT_USER\Software\Host Service]
@="C:\Users\Jack\AppData\Local\Host Service"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"DisplayName"="Host Service"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"UninstallString"="C:\Users\Jack\AppData\Local\Host Service\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\NSSM]
"EventMessageFile"="C:\Users\Jack\AppData\Local\Host Service\nssm.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NSSM]
"EventMessageFile"="C:\Users\Jack\AppData\Local\Host Service\nssm.exe"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\system32\hvhostsvc.dll,-100"="HV Host Service"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-100"="Windows Encryption Provider Host Service"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\System32\smphost.dll,-101"="Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed."
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-101"="Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Host Service]
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Host Service]
@="C:\Users\Jack\AppData\Local\Host Service"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"DisplayName"="Host Service"
[HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]
"UninstallString"="C:\Users\Jack\AppData\Local\Host Service\uninstall.exe"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\system32\hvhostsvc.dll,-100"="HV Host Service"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-100"="Windows Encryption Provider Host Service"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%SystemRoot%\System32\smphost.dll,-101"="Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed."
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\40\52C64B7E]
"@%systemroot%\system32\wephostsvc.dll,-101"="Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts"

Searching for "{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}"
No data found.

-= EOF =-
Jack Willday is offline  
Old 04-17-2018, 07:27 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack Willday.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG (HKLM\...\{7A96D540-38DD-4D02-88E0-139B8074653A}) (Version: 16.141.7998 - AVG Technologies) Hidden
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-03-23] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {31B018AD-2555-4F3A-A0A5-691C56E43B37} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {4941C8DF-8272-4909-8A0D-624E08B6C3DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5146FC73-281E-4141-9D50-B4C6F2932AF4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5A22B93C-0B3A-4B09-9487-8C4C53FF503B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5D75E6DC-217C-4A00-9E9E-47E84477B9EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {5F5683AC-C3F7-4993-8783-731BB557449C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6DB61030-0A4E-481C-8934-E52FE9D712F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7262221F-913D-443E-B103-1BF0BEAE54B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {774AE583-0D2E-4ED4-98CD-4056F948B879} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION)
    Task: {9D95A1FD-ACA9-4401-921D-5C09833C95E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {A23CE934-B16E-4884-9A08-0DFFC32A468D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A321D1AA-7E8B-476F-895D-B6DDF72A256E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {AA43999C-B620-404F-9DB7-B1D5EF9027B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIO
    Task: {BE6B8FC3-9E37-46D3-91EE-6E47DA8DBB24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {F3684B79-864B-4BF0-85A0-00E1F67FE793} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {F7A37E41-04C8-4F2C-93BD-AED068486FDB} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
    Task: {FBEEF0DC-81AA-4579-9F52-F83AAE5EBD21} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\0316avzUpdateInfo.job => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe
    FirewallRules: [{29419A50-3E1B-4C53-B7A3-6F095379D5B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{7D08C398-698D-4980-BB95-18440BC8C27C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{FAC0C836-5C76-4DD0-89C1-E34B7D2AC0E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{A6154B03-5CA0-4EB3-B7A7-3980D64C22BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{AA70AD86-F096-4DF1-8E1B-203F11C14E58}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{A90F4983-B3EA-44AF-A052-F9CB37E9BA08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{6B2EF488-5E4C-4E73-BFBB-C0988EBD4C05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{90F6071E-EF04-444C-ADCF-ADFBA77F316C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{15F033D9-C793-45D6-BE02-862E8058D46F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{5C736974-F850-4523-8FC2-1947853F393D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    C:\Program Files (x86)\AVG
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
    SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
    SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A96D540-38DD-4D02-88E0-139B8074653A}" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-18-2018, 08:32 AM   #12
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 18/04/2018
I have a young student working for me currently who understood how to do the work you requested.
Running your program has caused several problems for me. IE it seems to have removed all saved passwords etc!
Log copied below.
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Jack (18-04-2018 12:52:23) Run:1
Running from C:\Users\Jack\Desktop\fyfk
Loaded Profiles: Jack (Available Profiles: Jack)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AVG (HKLM\...\{7A96D540-38DD-4D02-88E0-139B8074653A}) (Version: 16.141.7998 - AVG Technologies) Hidden
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-03-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {31B018AD-2555-4F3A-A0A5-691C56E43B37} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4941C8DF-8272-4909-8A0D-624E08B6C3DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5146FC73-281E-4141-9D50-B4C6F2932AF4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5A22B93C-0B3A-4B09-9487-8C4C53FF503B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D75E6DC-217C-4A00-9E9E-47E84477B9EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5F5683AC-C3F7-4993-8783-731BB557449C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6DB61030-0A4E-481C-8934-E52FE9D712F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7262221F-913D-443E-B103-1BF0BEAE54B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {774AE583-0D2E-4ED4-98CD-4056F948B879} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION)
Task: {9D95A1FD-ACA9-4401-921D-5C09833C95E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A23CE934-B16E-4884-9A08-0DFFC32A468D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A321D1AA-7E8B-476F-895D-B6DDF72A256E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AA43999C-B620-404F-9DB7-B1D5EF9027B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIO
Task: {BE6B8FC3-9E37-46D3-91EE-6E47DA8DBB24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F3684B79-864B-4BF0-85A0-00E1F67FE793} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F7A37E41-04C8-4F2C-93BD-AED068486FDB} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {FBEEF0DC-81AA-4579-9F52-F83AAE5EBD21} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\0316avzUpdateInfo.job => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe
FirewallRules: [{29419A50-3E1B-4C53-B7A3-6F095379D5B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D08C398-698D-4980-BB95-18440BC8C27C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FAC0C836-5C76-4DD0-89C1-E34B7D2AC0E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A6154B03-5CA0-4EB3-B7A7-3980D64C22BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{AA70AD86-F096-4DF1-8E1B-203F11C14E58}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A90F4983-B3EA-44AF-A052-F9CB37E9BA08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6B2EF488-5E4C-4E73-BFBB-C0988EBD4C05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{90F6071E-EF04-444C-ADCF-ADFBA77F316C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{15F033D9-C793-45D6-BE02-862E8058D46F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5C736974-F850-4523-8FC2-1947853F393D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A96D540-38DD-4D02-88E0-139B8074653A}" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A96D540-38DD-4D02-88E0-139B8074653A}\\SystemComponent" => removed successfully
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-1207694035-1696072749-1821295723-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AVG Shell Extension" => removed successfully
"HKLM\Software\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B018AD-2555-4F3A-A0A5-691C56E43B37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B018AD-2555-4F3A-A0A5-691C56E43B37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4941C8DF-8272-4909-8A0D-624E08B6C3DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4941C8DF-8272-4909-8A0D-624E08B6C3DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5146FC73-281E-4141-9D50-B4C6F2932AF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5146FC73-281E-4141-9D50-B4C6F2932AF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A22B93C-0B3A-4B09-9487-8C4C53FF503B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A22B93C-0B3A-4B09-9487-8C4C53FF503B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D75E6DC-217C-4A00-9E9E-47E84477B9EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D75E6DC-217C-4A00-9E9E-47E84477B9EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F5683AC-C3F7-4993-8783-731BB557449C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5683AC-C3F7-4993-8783-731BB557449C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DB61030-0A4E-481C-8934-E52FE9D712F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DB61030-0A4E-481C-8934-E52FE9D712F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7262221F-913D-443E-B103-1BF0BEAE54B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7262221F-913D-443E-B103-1BF0BEAE54B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{774AE583-0D2E-4ED4-98CD-4056F948B879}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{774AE583-0D2E-4ED4-98CD-4056F948B879}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D95A1FD-ACA9-4401-921D-5C09833C95E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D95A1FD-ACA9-4401-921D-5C09833C95E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A23CE934-B16E-4884-9A08-0DFFC32A468D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A23CE934-B16E-4884-9A08-0DFFC32A468D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A321D1AA-7E8B-476F-895D-B6DDF72A256E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A321D1AA-7E8B-476F-895D-B6DDF72A256E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA43999C-B620-404F-9DB7-B1D5EF9027B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA43999C-B620-404F-9DB7-B1D5EF9027B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6B8FC3-9E37-46D3-91EE-6E47DA8DBB24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6B8FC3-9E37-46D3-91EE-6E47DA8DBB24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3684B79-864B-4BF0-85A0-00E1F67FE793}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3684B79-864B-4BF0-85A0-00E1F67FE793}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7A37E41-04C8-4F2C-93BD-AED068486FDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A37E41-04C8-4F2C-93BD-AED068486FDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBEEF0DC-81AA-4579-9F52-F83AAE5EBD21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBEEF0DC-81AA-4579-9F52-F83AAE5EBD21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
C:\WINDOWS\Tasks\0316avzUpdateInfo.job => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29419A50-3E1B-4C53-B7A3-6F095379D5B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D08C398-698D-4980-BB95-18440BC8C27C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAC0C836-5C76-4DD0-89C1-E34B7D2AC0E8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6154B03-5CA0-4EB3-B7A7-3980D64C22BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA70AD86-F096-4DF1-8E1B-203F11C14E58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A90F4983-B3EA-44AF-A052-F9CB37E9BA08}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2EF488-5E4C-4E73-BFBB-C0988EBD4C05}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90F6071E-EF04-444C-ADCF-ADFBA77F316C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15F033D9-C793-45D6-BE02-862E8058D46F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C736974-F850-4523-8FC2-1947853F393D}" => removed successfully
C:\Program Files (x86)\AVG => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04032018070922726 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04082018103043023 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = => Error: No automatic fix found for this entry.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A96D540-38DD-4D02-88E0-139B8074653A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56359932 B
Java, Flash, Steam htmlcache => 728 B
Windows/system/drivers => 553338 B
Edge => 676282 B
Chrome => 400580898 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3310 B
NetworkService => 776754 B
Jack => 23908620 B

RecycleBin => 0 B
EmptyTemp: => 469.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-04-2018 12:56:22)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 12:56:22 ====
Jack Willday is offline  
Old 04-19-2018, 07:45 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



I didn't remove anything related to IE, or your passwords.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-19-2018, 11:31 PM   #14
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 20/04/2018
Thank for your response:
The first thing that I was aware of was that when I tried to enter Gmail, it did not open as normal, and I had to re-enter my password to access my emails.
I do not know if what you did was supposed to remove the problems that I have! If that is the case I am sorry to have to inform you that I am still having problems!
Yesterday Malwarebytes stopped a program running, when I was reading “BBC News”, and the box stayed on my screen long enough for me to copy and write down the details:
Domain: v1hcmqbaw.ru
IP Address: 185.80.53.62
Port: 61894
Type: Outbound
File: C:\Program Files(x86)\Google\Crome\Application\Crome.exe
I do not know if this information will help!
Jack
Jack Willday is offline  
Old 04-21-2018, 07:05 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack Willday.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]

[-HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Host Service]

[-HKEY_USERS\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host Service]

[-HKEY_CURRENT_USER\Software\Host Service]
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\Jack\AppData\Local\Host Service"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Go here and follow the prompts under Step 1 to clean up your Chrome browser:

https://support.google.com/chrome/answer/2765944

Let me know if it found anything.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2018, 11:34 PM   #16
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 24/04/2018
Thank again for your response:
The young student I have working for me currently, has just ran all works that you instructed, and the end result was!
No harmful software found:
Information: before this work was done, I had one friend only of the dozens I deal with whose computer rejected my emails.
Jack Willday is offline  
Old 04-24-2018, 06:50 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack Willday. You're very welcome. Are you saying your problems are gone?

------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-27-2018, 01:03 AM   #18
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 27/04/2018
Thank once again for your response:
Please find below printout requested.
For me and I think this is possibly not your job, but as a 75 year old man I do not like every time I try to read the news, having half the page covered with advertisements, can you remove them please.
Jack Willday

C:\ProgramData\DDNi\Smart Advisor\Bits\HSS-3.13-install-e-542-silent_dnlwd.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\ProgramData\DDNi\Smart Advisor\Bits\SmartAdvisorCareCenter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\ProgramData\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\7E4E2638\36F55B8B\HSS-3.13-install-e-542-silent.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\ProgramData\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\8C3DB186\4678C949\SmartAdvisorCareCenter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\All Users\DDNi\Smart Advisor\Bits\HSS-3.13-install-e-542-silent_dnlwd.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\Users\All Users\DDNi\Smart Advisor\Bits\SmartAdvisorCareCenter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\All Users\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\7E4E2638\36F55B8B\HSS-3.13-install-e-542-silent.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\Users\All Users\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\8C3DB186\4678C949\SmartAdvisorCareCenter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Jack\AppData\Local\yc\Application\62.0.3202.62\Installer\setup.exe a variant of Win32/Adware.Agent.NTA application
C:\Users\Jack\Desktop\drivers\SystemSoftware\Smart Advisor_\Smart Advisor Setup 2.0.675.7.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Jack\Favorites\Links\Интернет.url LNK/TrojanClicker.Agent.A trojan
Jack Willday is offline  
Old 04-28-2018, 12:16 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack Willday. You're very welcome. How is the machine behaving?

Have you ever tried AdBlock for Chrome?

https://chrome.google.com/webstore/d...lidom?hl=en-US

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\ProgramData\DDNi\Smart Advisor\Bits\HSS-3.13-install-e-542-silent_dnlwd.exe"
"C:\ProgramData\DDNi\Smart Advisor\Bits\SmartAdvisorCareCenter.exe"
"C:\ProgramData\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\7E4E2638\36F55B8B\HSS-3.13-install-e-542-silent.exe"
"C:\ProgramData\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\8C3DB186\4678C949\SmartAdvisorCareCenter.exe"
"C:\Users\All Users\DDNi\Smart Advisor\Bits\HSS-3.13-install-e-542-silent_dnlwd.exe"
"C:\Users\All Users\DDNi\Smart Advisor\Bits\SmartAdvisorCareCenter.exe"
"C:\Users\All Users\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\7E4E2638\36F55B8B\HSS-3.13-install-e-542-silent.exe"
"C:\Users\All Users\{012508EE-AD0A-420A-9594-229A0325F020}\OFFLINE\8C3DB186\4678C949\SmartAdvisorCareCenter.exe"
"C:\Users\Jack\AppData\Local\yc\Application\62.0.3202.62\Installer\setup.exe"
"C:\Users\Jack\Desktop\drivers\SystemSoftware\Smart Advisor_\Smart Advisor Setup 2.0.675.7.exe"
"C:\Users\Jack\Favorites\Links\Интернет.url"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
If asked to change 'Encoding:' to 'Unicode:', please agree and save it.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-30-2018, 01:33 AM   #20
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



chemist 30/04/2018
Thank once again for your response:
First let me try to answer your question, my computer is working a lot better than before, I am not now getting all the unwanted Russian advertisements.
Pano the young man who works for me, ran https://chrome.google.com/webstore/d...lidom?hl=en-US
and it has stopped me having to look at Trump’s face every time I open BBC News.
Pano ran your program as he has done before with your other programs, but when you right-click and run it as administrator, it runs, a black box temporary flashes up on the screen, but it does not produce a report for me to send to you.
Jack Willday
Jack Willday is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:10 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts