Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

PUP Optional NewTabTV

This is a discussion on PUP Optional NewTabTV within the Resolved HJT Threads forums, part of the Tech Support Forum category. What is that? Colored orange for severity on my MBAM scan. File: 2 PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, No Action By


 
 
Thread Tools Search this Thread
Old 04-24-2017, 11:05 PM   #1
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



What is that? Colored orange for severity on my MBAM scan.

File: 2
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, No Action By User, [2544], [359410],1.0.1802
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, No Action By User, [2544], [359410],1.0.1802
wii_zil is offline  
Sponsored Links
Advertisement
 
Old 05-07-2017, 02:40 AM   #2
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Still showing it.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/7/17
Scan Time: 7:31 PM
Logfile: PUP.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1885
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-JJI1404\Home

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362096
Time Elapsed: 5 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, No Action By User, [2547], [359410],1.0.1885
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, No Action By User, [2547], [359410],1.0.1885
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_www.newtabtv.com_0.localstorage, No Action By User, [2547], [359416],1.0.1885
PUP.Optional.NewTabTV, C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_www.newtabtv.com_0.localstorage-journal, No Action By User, [2547], [359416],1.0.1885

Physical Sector: 0
(No malicious items detected)


(end)
wii_zil is offline  
Old 05-07-2017, 02:41 AM   #3
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Is it severe?
wii_zil is offline  
Sponsored Links
Advertisement
 
Old 05-07-2017, 12:35 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Why aren't you letting MBAM remove it?

https://www.bleepingcomputer.com/vir....com-extension
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-09-2017, 02:51 AM   #5
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Very unresponsive. Did a scan again just now tried quarantining both, asked to restarted which i did, but it just stopped literalling while restarting.

You see how when it restarts 2 dots goes circling around *restart*, it froze and even the cursor click wasn't moving when i tried to move my mouse.
wii_zil is offline  
Old 05-09-2017, 03:07 AM   #6
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



I did it by turning it off and turning it back on.
wii_zil is offline  
Old 05-09-2017, 07:32 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-12-2017, 04:58 AM   #8
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Ok will do.
wii_zil is offline  
Old 05-16-2017, 05:33 AM   #9
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Been busy will post up soon...
wii_zil is offline  
Old 05-19-2017, 04:49 AM   #10
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



# AdwCleaner v6.046 - Logfile created 19/05/2017 at 21:40:19
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Home - DESKTOP-JJI1404
# Running from : C:\Users\Home\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [748 Bytes] - [19/05/2017 21:40:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [1139 Bytes] - [19/05/2017 21:39:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [893 Bytes] ##########
wii_zil is offline  
Old 05-19-2017, 04:50 AM   #11
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Home (administrator) on DESKTOP-JJI1404 (19-05-2017 21:46:33)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\igfxEM.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\IntelCpHeciSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-04-12] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-12] (HP Inc.)
HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\MountPoints2: {028eaf2f-1803-11e7-b91b-94e9796bdbb2} - "F:\LaunchU3.exe" -a
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.128.0.78 202.128.0.2
Tcpip\..\Interfaces\{1b05a53c-45f7-4309-bd25-2e02f18f73b8}: [DhcpNameServer] 202.128.0.78 202.128.0.2
Tcpip\..\Interfaces\{7f6a5254-c4f9-43bc-82d8-9e894c59805d}: [DhcpNameServer] 202.128.0.78 202.128.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-14] ()

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2017-05-19]
CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-21]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-21]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-05-16]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27]
CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-10-01] (Intel Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\IntelCpHeciSvc.exe [302552 2017-01-10] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\IntelCpHDCPSvc.exe [480216 2017-01-10] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-14] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-12] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\igfxCUIService.exe [341976 2017-01-10] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-04-12] (Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [207360 2017-01-22] (Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2016-10-12] (Realtek Semiconductor Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-13] ()
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120228.inf_amd64_c772f4f0caf23c5b\igdkmd64.sys [11058136 2017-01-10] (Intel Corporation)
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-19] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-10-11] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [713216 2017-01-22] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-03-29] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-19] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-10-01] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 21:46 - 2017-05-19 21:47 - 00015316 _____ C:\Users\Home\Desktop\FRST.txt
2017-05-19 21:46 - 2017-05-19 21:46 - 00000000 ____D C:\FRST
2017-05-19 21:45 - 2017-05-19 21:45 - 02429952 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2017-05-19 21:35 - 2017-05-19 21:43 - 00000000 ____D C:\AdwCleaner
2017-05-19 21:35 - 2017-05-19 21:35 - 04102600 _____ C:\Users\Home\Desktop\AdwCleaner.exe
2017-05-17 09:51 - 2017-05-17 09:51 - 00000000 ____H C:\Users\Home\BIT5631.tmp
2017-05-17 09:49 - 2017-05-17 09:49 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk
2017-05-10 08:18 - 2017-04-28 11:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 08:18 - 2017-04-28 11:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 08:18 - 2017-04-28 11:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 08:18 - 2017-04-28 11:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 08:18 - 2017-04-28 11:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 08:18 - 2017-04-28 11:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 08:18 - 2017-04-28 11:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 08:18 - 2017-04-28 11:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 08:18 - 2017-04-28 11:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 08:18 - 2017-04-28 11:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 08:18 - 2017-04-28 11:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 08:18 - 2017-04-28 11:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:18 - 2017-04-28 11:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 08:18 - 2017-04-28 11:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 08:18 - 2017-04-28 11:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 08:18 - 2017-04-28 10:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 08:18 - 2017-04-28 10:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 08:18 - 2017-04-28 10:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 08:18 - 2017-04-28 10:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 08:18 - 2017-04-28 10:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 08:18 - 2017-04-28 10:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 08:18 - 2017-04-28 10:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 08:18 - 2017-04-28 10:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:18 - 2017-04-28 10:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 08:18 - 2017-04-28 10:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 08:18 - 2017-04-28 10:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 08:18 - 2017-04-28 10:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 08:18 - 2017-04-28 10:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 08:18 - 2017-04-28 10:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 08:18 - 2017-04-28 10:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 08:18 - 2017-04-28 10:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 08:18 - 2017-04-28 10:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 08:18 - 2017-04-28 10:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 08:18 - 2017-04-28 10:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 08:18 - 2017-04-28 10:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 08:18 - 2017-04-28 10:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 08:18 - 2017-04-28 10:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 08:18 - 2017-04-28 10:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 08:18 - 2017-04-28 10:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 08:18 - 2017-04-28 10:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 08:18 - 2017-04-28 10:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 08:18 - 2017-04-28 10:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 08:18 - 2017-04-28 10:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 08:18 - 2017-04-28 10:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 08:18 - 2017-04-28 10:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 08:18 - 2017-04-28 10:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 08:18 - 2017-04-28 10:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 08:18 - 2017-04-28 10:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 08:18 - 2017-04-28 10:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 08:18 - 2017-04-28 10:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 08:18 - 2017-04-28 10:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 08:18 - 2017-04-28 10:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 08:18 - 2017-04-28 10:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 08:18 - 2017-04-28 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 08:18 - 2017-04-28 10:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 08:18 - 2017-04-28 10:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 08:18 - 2017-04-28 10:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 08:18 - 2017-04-28 10:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 08:18 - 2017-04-28 10:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 08:18 - 2017-04-28 10:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 08:18 - 2017-04-28 10:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 08:18 - 2017-04-28 10:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 08:18 - 2017-04-28 10:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 08:18 - 2017-04-28 10:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 08:18 - 2017-04-28 10:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 08:18 - 2017-04-28 10:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 08:18 - 2017-04-28 10:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 08:18 - 2017-04-28 10:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 08:18 - 2017-04-28 10:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 08:18 - 2017-04-28 10:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 08:18 - 2017-04-28 10:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 08:18 - 2017-04-28 10:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 08:18 - 2017-04-28 09:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 08:18 - 2017-04-28 09:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 08:18 - 2017-04-28 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 08:18 - 2017-04-28 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 08:18 - 2017-04-28 09:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 08:18 - 2017-04-28 09:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 08:18 - 2017-04-28 09:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 08:18 - 2017-04-28 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 08:18 - 2017-04-28 09:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 08:18 - 2017-04-28 09:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 08:18 - 2017-04-28 09:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 08:17 - 2017-04-28 11:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 08:17 - 2017-04-28 11:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 08:17 - 2017-04-28 11:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 08:17 - 2017-04-28 11:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 08:17 - 2017-04-28 11:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 08:17 - 2017-04-28 11:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 08:17 - 2017-04-28 10:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 08:17 - 2017-04-28 10:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 08:17 - 2017-04-28 10:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 08:17 - 2017-04-28 10:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 08:17 - 2017-04-28 10:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 08:17 - 2017-04-28 10:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 08:17 - 2017-04-28 10:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 08:17 - 2017-04-28 10:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 08:17 - 2017-04-28 10:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 08:17 - 2017-04-28 10:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 08:17 - 2017-04-28 10:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 08:17 - 2017-04-28 10:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 08:17 - 2017-04-28 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 08:17 - 2017-04-28 10:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 08:17 - 2017-04-28 10:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 08:17 - 2017-04-28 10:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 08:17 - 2017-04-28 10:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 08:17 - 2017-04-28 10:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 08:17 - 2017-04-28 10:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 08:17 - 2017-04-28 09:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 08:17 - 2017-04-28 09:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 08:17 - 2017-04-28 09:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 08:17 - 2017-04-28 09:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 08:17 - 2017-04-28 09:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-08 23:10 - 2017-05-08 23:14 - 00000039 _____ C:\Users\Home\Desktop\food.txt
2017-04-29 20:28 - 2017-04-29 20:28 - 00000086 _____ C:\Users\Home\Desktop\www.txt
2017-04-26 22:42 - 2017-04-19 17:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-04-26 22:42 - 2017-04-19 17:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-26 22:42 - 2017-04-19 17:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-04-26 22:42 - 2017-04-19 17:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-04-26 22:42 - 2017-04-19 16:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-26 22:42 - 2017-04-19 16:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-04-26 22:42 - 2017-04-19 16:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-04-26 22:42 - 2017-04-19 16:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-04-26 22:42 - 2017-04-19 16:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-04-26 22:42 - 2017-04-19 16:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-04-26 22:42 - 2017-04-19 16:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-26 22:42 - 2017-04-19 16:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-26 22:42 - 2017-04-19 16:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-26 22:42 - 2017-04-19 16:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-26 22:42 - 2017-04-19 16:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-04-26 22:42 - 2017-04-19 16:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-26 22:42 - 2017-04-19 16:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-04-26 22:42 - 2017-04-19 16:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-04-26 22:42 - 2017-04-19 16:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-04-26 22:42 - 2017-04-19 16:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-04-26 22:42 - 2017-04-19 16:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-26 22:42 - 2017-04-19 16:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-26 22:42 - 2017-04-19 16:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-26 22:42 - 2017-04-19 16:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-04-26 22:42 - 2017-04-19 16:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-04-26 22:42 - 2017-04-19 16:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-26 22:42 - 2017-04-19 16:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-26 22:42 - 2017-04-19 16:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-26 22:42 - 2017-04-19 16:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-04-26 22:42 - 2017-04-19 15:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-04-26 22:42 - 2017-04-19 15:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-26 22:42 - 2017-04-19 15:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-26 22:42 - 2017-04-19 15:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-04-26 22:42 - 2017-04-19 15:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-04-26 22:42 - 2017-04-19 15:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-26 22:42 - 2017-04-19 15:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-26 22:42 - 2017-04-19 15:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-26 22:42 - 2017-04-19 15:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-04-26 22:42 - 2017-04-19 15:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-04-26 22:42 - 2017-04-19 15:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-26 22:42 - 2017-04-19 15:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-04-26 22:42 - 2017-04-14 10:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-04-26 22:42 - 2017-04-14 10:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-04-26 22:42 - 2017-04-14 10:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-04-26 22:42 - 2017-04-14 10:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-26 22:42 - 2017-04-14 10:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-04-26 22:42 - 2017-04-14 10:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-04-26 22:42 - 2017-04-14 09:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-04-26 22:42 - 2017-04-14 09:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-04-26 22:42 - 2017-04-14 09:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-04-26 22:42 - 2017-04-14 09:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-26 22:42 - 2017-04-14 09:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-04-26 22:42 - 2017-04-14 09:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-26 22:42 - 2017-04-14 09:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-04-26 22:42 - 2017-04-14 09:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-04-26 22:42 - 2017-04-14 09:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-04-26 22:42 - 2017-04-14 09:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-04-26 22:42 - 2017-04-14 09:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-04-26 22:42 - 2017-04-14 09:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-04-26 22:42 - 2017-04-14 09:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-04-26 22:42 - 2017-04-14 09:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-04-26 22:42 - 2017-04-14 09:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-04-26 22:42 - 2017-04-14 09:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-04-26 22:42 - 2017-04-14 09:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-04-26 22:42 - 2017-04-14 09:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-04-26 22:42 - 2017-04-14 09:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-04-26 22:42 - 2017-04-14 09:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-04-26 22:42 - 2017-04-14 09:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-26 22:42 - 2017-04-14 09:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-26 22:42 - 2017-04-14 09:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-04-26 22:42 - 2017-04-14 09:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-26 22:42 - 2017-04-14 09:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-04-26 22:42 - 2017-04-14 09:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-04-26 22:42 - 2017-04-14 09:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-04-26 22:42 - 2017-04-14 09:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-04-26 22:42 - 2017-04-14 09:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-26 22:42 - 2017-04-14 09:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-26 22:42 - 2017-04-14 09:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-04-26 22:42 - 2017-04-14 09:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-26 22:42 - 2017-04-14 09:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-26 22:42 - 2017-04-14 09:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-26 22:42 - 2017-04-14 09:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-04-26 22:42 - 2017-04-14 09:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-04-26 22:42 - 2017-04-14 09:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-04-26 22:42 - 2017-04-14 09:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-04-26 22:42 - 2017-04-14 09:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-04-26 22:42 - 2017-04-14 09:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-04-26 22:42 - 2017-04-14 09:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-04-26 22:42 - 2017-04-14 09:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-04-26 22:42 - 2017-04-14 09:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-04-26 22:42 - 2017-04-14 09:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-26 22:42 - 2017-04-14 09:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-26 22:42 - 2017-04-14 09:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-26 22:42 - 2017-04-14 09:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-26 22:42 - 2017-04-14 09:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-21 17:43 - 2017-04-21 17:43 - 00000000 ____D C:\Users\Public\CyberLink
2017-04-19 22:12 - 2017-04-19 22:12 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 21:46 - 2017-04-13 12:32 - 01415026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-19 21:41 - 2017-04-13 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-19 21:41 - 2017-03-27 22:29 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 21:41 - 2017-03-27 22:29 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 21:41 - 2017-03-27 22:29 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 21:41 - 2017-03-27 22:29 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 21:41 - 2017-03-21 19:42 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
2017-05-19 21:40 - 2017-03-18 21:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-05-19 21:21 - 2017-04-12 22:13 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-19 21:21 - 2017-04-12 22:11 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-05-19 21:21 - 2016-06-15 05:10 - 00000000 ____D C:\ProgramData\Temp
2017-05-19 19:45 - 2017-04-13 12:29 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-19 12:18 - 2017-03-22 17:07 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHome.job
2017-05-19 04:22 - 2017-03-19 07:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-19 04:22 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 09:51 - 2017-04-13 12:45 - 00003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHome
2017-05-17 09:51 - 2017-04-13 12:32 - 00000000 ____D C:\Users\Home
2017-05-17 09:50 - 2016-06-15 05:10 - 00000000 ____D C:\WINDOWS\HP
2017-05-17 09:50 - 2010-02-08 03:19 - 00000000 ____D C:\swsetup
2017-05-17 09:49 - 2017-03-28 21:24 - 00000000 ____D C:\ProgramData\install_backup
2017-05-17 09:49 - 2016-06-15 05:12 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-05-17 09:49 - 2016-06-15 04:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-17 09:45 - 2016-06-15 05:12 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2017-05-17 09:44 - 2016-06-15 05:12 - 00000000 ____D C:\ProgramData\CyberLink
2017-05-12 09:22 - 2017-03-19 07:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 09:20 - 2016-06-15 03:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 11:54 - 2017-03-19 07:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-11 08:10 - 2017-03-21 21:39 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 08:10 - 2017-03-21 21:39 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 15:57 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 08:30 - 2017-04-13 12:29 - 00395072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 08:30 - 2016-11-21 04:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 08:28 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 08:27 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 08:27 - 2017-03-19 07:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 08:27 - 2017-03-19 07:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 08:22 - 2017-03-19 06:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 08:21 - 2017-03-21 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-10 08:20 - 2017-03-21 20:37 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-10 08:15 - 2017-03-21 19:42 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
2017-05-09 19:48 - 2017-04-16 20:17 - 00000000 ____D C:\Users\Home\Desktop\Folder
2017-05-06 13:39 - 2017-03-30 12:52 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2017-05-04 20:15 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-29 12:38 - 2017-04-13 12:45 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 12:38 - 2017-04-13 12:45 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 11:05 - 2017-03-19 07:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 11:05 - 2017-03-19 07:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 22:49 - 2017-03-19 07:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-26 22:49 - 2017-03-19 07:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-26 22:49 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-26 22:49 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-26 22:49 - 2017-03-18 21:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-26 22:48 - 2017-03-19 07:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-26 22:48 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-20 07:25 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-19 23:28 - 2017-04-09 19:31 - 00038070 _____ C:\WINDOWS\system32\0
2017-04-19 22:26 - 2017-03-27 22:29 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-19 22:12 - 2017-03-18 21:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-19 22:08 - 2016-06-15 05:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-04-19 22:06 - 2017-04-13 12:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee

==================== Files in the root of some directories =======

2017-03-21 19:42 - 2017-05-19 21:42 - 0276513 _____ () C:\Users\Home\AppData\Local\BTServer.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-18 16:41

==================== End of FRST.txt ============================
wii_zil is offline  
Old 05-19-2017, 04:51 AM   #12
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Home (19-05-2017 21:47:38)
Running from C:\Users\Home\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-13 02:53:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1862728311-1422997548-1171205473-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1862728311-1422997548-1171205473-503 - Limited - Disabled)
Guest (S-1-5-21-1862728311-1422997548-1171205473-501 - Limited - Disabled)
Home (S-1-5-21-1862728311-1422997548-1171205473-1001 - Administrator - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.5109 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.6.5109 - CyberLink Corp.) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8334.5401 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.14.41 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.6.14.19 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.35 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{B9C23BC3-1C33-43EB-8FE9-17137D8AF644}) (Version: 1.1.30214.80 - Intel Corporation)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8029 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A73F136-AC1B-426D-818A-8798F1814622} - System32\Tasks\HP Metrics => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-16] (HP Inc)
Task: {1CBE60E2-0CA8-4907-8F04-A6530190A17F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {227FDE66-4BE9-4278-9DCB-197BA12C7D6D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.)
Task: {2CEB5322-7004-4E6C-B181-7C7155E025D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {46818123-5E82-483A-9EC1-F1949E3BF279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-21] (Google Inc.)
Task: {49773F57-4F13-4EC4-8B17-2922BA9ECF4B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {550EB81F-1009-4B97-B17C-93AC2DFF82D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {70347272-BA93-4CE0-80FA-2A166A30AB0C} - System32\Tasks\RegistrationModuleReminder_Welcome-S-1-5-21-1862728311-1422997548-1171205473-1001 => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-16] (HP Inc)
Task: {767C2EEC-BC7A-4161-9D01-D0464400CAE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B3B8E7EA-525E-45C8-9A37-FCBE3512E692} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {B4C1AD3B-A8D3-4020-9E93-7FC0C711CD5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B6EA6FE8-4798-470C-B62A-8D4EF846E431} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.)
Task: {BA915F2C-194E-4743-AEF3-6871C71319F5} - System32\Tasks\HPCeeScheduleForHome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-23] (Hewlett-Packard)
Task: {BC897096-A459-40AB-A790-99F6C7DC1981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C10DB630-9A42-4367-8D2A-300E8D30D4A4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D24132A4-3B23-4009-8844-50208ADFB647} - System32\Tasks\HPDAS => C:\Program
Task: {D52218C3-DF9F-470B-8A3B-B1DCD3D5705A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {EC9FEA88-50FE-4E62-9B6D-A368E29778BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-21] (Google Inc.)
Task: {ECB98B75-ADDB-48DE-990D-496ABB5824F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2017-03-19 06:58 - 2017-03-19 06:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-06-15 03:10 - 2017-05-12 09:19 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-15 05:12 - 2014-04-15 11:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-27 22:29 - 2017-04-13 02:12 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-27 22:29 - 2017-04-13 02:12 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-19 06:59 - 2017-03-19 12:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-10 08:15 - 2017-05-10 08:15 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-10 08:15 - 2017-05-10 08:15 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-10 08:15 - 2017-05-10 08:15 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-10 08:15 - 2017-05-10 08:15 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-11 08:10 - 2017-05-09 19:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 08:10 - 2017-05-09 19:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-19 21:35 - 2017-05-19 21:35 - 04102600 _____ () C:\Users\Home\Desktop\AdwCleaner.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 17:24 - 2015-10-30 17:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{8a67c870-67e3-43ec-a3b9-9e7dd37c95dc}.jpg
DNS Servers: 202.128.0.78 - 202.128.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{26858A28-2C57-4FB4-8905-D1A1252A68FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{86464F74-27D8-4D65-A519-9A5C81623692}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98489BAF-2E94-48D5-8F8B-7A2647563D98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{74D6B660-9080-43D9-B36B-63D27D735983}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CD149ED-FB7E-494E-B00D-0E6E678BCE98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{564C0B9C-2CDF-491B-8E99-4599CB048B70}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A28677E8-91AA-48A7-A5A5-D2A19DF97819}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3850BAD7-AA7A-4365-AF61-DA1A36A45A42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1A22721-6296-4347-9659-67B009C6649C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{614B86E4-B218-43FB-B2CC-2D57BC9AF878}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{8ED7A86D-3537-42FC-BEF2-D7E56820EA8D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{9EC4DF8C-7BB6-4A8C-BDB8-F71CC8680C51}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

==================== Restore Points =========================

06-05-2017 13:40:51 Scheduled Checkpoint
10-05-2017 08:18:29 Windows Update
10-05-2017 08:19:21 Windows Update
18-05-2017 17:41:48 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2017 09:43:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garage.Container.exe, version: 1.0.502.733, time stamp: 0x566fb4ab
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1eb8
Faulting application start time: 0x01d2d0952a03f5f5
Faulting application path: C:\Program Files\HP\HP Welcome\Garage.Container.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 00bf67e4-20a0-4f46-adef-ed62f1e304d6
Faulting package full name:
Faulting package-relative application ID:

Error: (05/19/2017 09:43:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garage.Container.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Serialization.SerializationException
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream, System.Runtime.Remoting.Messaging.HeaderHandler, Boolean, Boolean, System.Runtime.Remoting.Messaging.IMethodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream)
at HP.Metrics.TitoPico.getDictionaryForRetro()
at HP.Metrics.TitoPico+<>c__DisplayClass22+<<setTitoEnvironment>b__21>d__24.MoveNext()

Exception Info: System.AggregateException
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
at Garage.Container.App.App_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at Garage.Container.App.Main()

Error: (05/19/2017 09:42:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garage.Container.exe, version: 1.0.502.733, time stamp: 0x566fb4ab
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1ea8
Faulting application start time: 0x01d2d094ea9823c8
Faulting application path: C:\Program Files\HP\HP Welcome\Garage.Container.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: def4be49-0a00-4df7-afa9-46ea7fb30933
Faulting package full name:
Faulting package-relative application ID:

Error: (05/19/2017 09:42:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garage.Container.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Serialization.SerializationException
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream, System.Runtime.Remoting.Messaging.HeaderHandler, Boolean, Boolean, System.Runtime.Remoting.Messaging.IMethodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream)
at HP.Metrics.TitoPico.getDictionaryForRetro()
at HP.Metrics.TitoPico+<>c__DisplayClass22+<<setTitoEnvironment>b__21>d__24.MoveNext()

Exception Info: System.AggregateException
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
at Garage.Container.App.App_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at Garage.Container.App.Main()

Error: (05/19/2017 09:41:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JJI1404)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/19/2017 09:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.912, time stamp: 0x58811d74
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177
Exception code: 0xc0000005
Fault offset: 0x00171473
Faulting process id: 0x1568
Faulting application start time: 0x01d2d094d82b7f3a
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 2099c071-741e-4202-91a7-4c2ef52c6ae0
Faulting package full name:
Faulting package-relative application ID:

Error: (05/19/2017 09:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garage.Container.exe, version: 1.0.502.733, time stamp: 0x566fb4ab
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x5b4
Faulting application start time: 0x01d2d093c48d0200
Faulting application path: C:\Program Files\HP\HP Welcome\Garage.Container.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: cf3d2a07-cdfe-49f9-b934-a1fae4a22132
Faulting package full name:
Faulting package-relative application ID:

Error: (05/19/2017 09:33:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garage.Container.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Serialization.SerializationException
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream, System.Runtime.Remoting.Messaging.HeaderHandler, Boolean, Boolean, System.Runtime.Remoting.Messaging.IMethodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream)
at HP.Metrics.TitoPico.getDictionaryForRetro()
at HP.Metrics.TitoPico+<>c__DisplayClass22+<<setTitoEnvironment>b__21>d__24.MoveNext()

Exception Info: System.AggregateException
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
at Garage.Container.App.App_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at Garage.Container.App.Main()

Error: (05/19/2017 09:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garage.Container.exe, version: 1.0.502.733, time stamp: 0x566fb4ab
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x5dc
Faulting application start time: 0x01d2d093696f7ae0
Faulting application path: C:\Program Files\HP\HP Welcome\Garage.Container.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 27ee0805-b747-4220-817f-a7f859e9d3ef
Faulting package full name:
Faulting package-relative application ID:

Error: (05/19/2017 09:31:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garage.Container.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Serialization.SerializationException
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream, System.Runtime.Remoting.Messaging.HeaderHandler, Boolean, Boolean, System.Runtime.Remoting.Messaging.IMethodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(System.IO.Stream)
at HP.Metrics.TitoPico.getDictionaryForRetro()
at HP.Metrics.TitoPico+<>c__DisplayClass22+<<setTitoEnvironment>b__21>d__24.MoveNext()

Exception Info: System.AggregateException
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
at Garage.Container.App.App_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at Garage.Container.App.Main()


System errors:
=============
Error: (05/19/2017 09:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/19/2017 09:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/19/2017 09:41:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (05/19/2017 09:40:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/19/2017 09:40:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2017 09:40:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2017 09:40:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® SGX AESM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/19/2017 09:40:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2017 09:40:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/19/2017 09:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BTDevManager service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-05-19 21:45:35.100
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:45:35.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:45:34.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:45:34.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:41:48.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:41:48.548
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:35:14.422
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 21:35:14.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 15:58:26.318
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-19 15:58:26.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8085.58 MB
Available physical RAM: 5369.54 MB
Total Virtual: 9365.58 MB
Available Virtual: 6584.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.39 GB) (Free:859.58 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.89 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 30A6B23A)

Partition: GPT.

==================== End of Addition.txt ============================
wii_zil is offline  
Old 05-19-2017, 04:56 AM   #13
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



There are the 3 logs you wanted.

My computer was acting very strange before the scans happened. Malwarebytes keep telling me that my Real-Time protection is turned off especially the Web protection so I tried to do a whole scan but it canceled in just the 1st second.

After scanning with AdwCleaner and restarting, 2-3 of the protection was turned off. I clicked on but it just says STARTING.

Feeling helpless now trying to turn it on.
wii_zil is offline  
Old 05-20-2017, 08:48 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello wii_zil.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
    HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\MountPoints2: {028eaf2f-1803-11e7-b91b-94e9796bdbb2} - "F:\LaunchU3.exe" -a
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Is MBAM still acting up?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2017, 02:58 AM   #15
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017
Ran by Home (21-05-2017 19:52:18) Run:1
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\...\MountPoints2: {028eaf2f-1803-11e7-b91b-94e9796bdbb2} - "F:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
HKU\S-1-5-21-1862728311-1422997548-1171205473-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{028eaf2f-1803-11e7-b91b-94e9796bdbb2} => key removed successfully
HKCR\CLSID\{028eaf2f-1803-11e7-b91b-94e9796bdbb2} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
HKLM\System\CurrentControlSet\Services\ClientAnalyticsService => key removed successfully
ClientAnalyticsService => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29710536 B
Java, Flash, Steam htmlcache => 1029 B
Windows/system/drivers => 200695679 B
Edge => 1584085 B
Chrome => 870976267 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 259 B
systemprofile32 => 128 B
LocalService => 3334 B
NetworkService => 122060 B
Home => 223577259 B

RecycleBin => 81605532 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:53:49 ====
wii_zil is offline  
Old 05-21-2017, 03:05 AM   #16
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



MBAM is working good now since yesterday.

So this procedure erased everything from browsing history to Chrome not being protected anymore at SpywareBlaster. Did it maybe change my security and Windows 10 settings?
wii_zil is offline  
Old 05-21-2017, 06:33 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, wii_zil. No security or Win10 settings are changed.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-26-2017, 07:59 AM   #18
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10





I do not see any logs. This is what it said.
wii_zil is offline  
Old 05-26-2017, 10:50 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, wii_zil. That's what happens when it doesn't find anything.

How's the machine behaving?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2017, 01:46 AM   #20
Registered Member
 
Join Date: Jul 2007
Posts: 357
OS: Windows 10



Finally off from work.

My computer is doing excellent. I've been using it all day. No problems at all.

I just did another Malwarebytes threat scan and it didn't find anything!

Thank You!
wii_zil is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD and other graphical issues (Graphics card often not detected / dxgkrnl.sys)
Hello all, Recently my computer under gaming conditions started exhibiting graphical issues in which black / white squares would appear on the display area before crashing. This progressed to more serious graphical issues frequently resulting in BSOD. I took the video card to a friends card...
Gazguy BSOD, App Crashes And Hangs 6 01-27-2015 12:01 AM
Finally got a picture of my wierd error screen! (Signal and restart problems)
Hi, I am not very knowledgable in relation to computers, but someone suggested I might be having a "PSU" issue. So here I am. Over the past couple of years, sometimes when I turn on my computer it will unexpectedly do something strange: it will "seem" to start up, but nothing at all will be...
jbry031 RAM and Power Supply Support 11 05-25-2014 06:38 AM
[SOLVED] BSOD - Video Driver related?
Windows 7 service pack 1 64 bit this is the original os, original install, full retail version I built this system in late december, os install is of the same age cpu - Intel Core i5 3570 graphics card - NVIDIA GeForce GTX 660 Ti motherboard - MSI B75MA-E33 (MS-7808) power supply -...
Hishu BSOD, App Crashes And Hangs 5 02-05-2013 06:46 AM
BSOD and crashes
Hello my dear potential saviors, I am a newbie as far as real software talk goes but I have been having a problem and due to my lack of cash you are my last resort before I turn my otherwise beautiful PC to a professional for days unend. So, here it goes... I bought this PC (all the parts were...
Ukitake BSOD, App Crashes And Hangs 1 01-29-2013 08:59 AM
BSOD: nvlddmkm.sys
Getting the lovely BSOD on every bootup. Right after the Win loading screen, it goes black, no mouse appears, and the BSODs with a memory dump stating nvlddmkm.sys as the cause. It seems that a ton of people have had this issue by the large number of topics and even devoted websites to it. ...
BTomlin BSOD, App Crashes And Hangs 4 12-09-2012 08:12 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts