Tech Support banner

Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
259 Posts
Discussion Starter #1
Hi

My wife's old HP Mini computer has become so slow as to be useless. Things that took a few seconds, now take long minutes or not at all.

I cannot say if it is a virus or just the computer giving up (memory?).

I am using another computer to send you the requested files

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by Katerina at 19:02:01 on 2017-07-10
Microsoft Windows 10 Home 10.0.14393.0.1252.44.2070.18.2011.409 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\ProgramData\Connect Manager\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\consent.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\DllHost.exe
C:\Users\Katerina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = Google
mDefault_Page_URL = Google
mDefault_Search_URL = Google
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = Google
mCustomizeSearch = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: ?????????? ????????: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [Akamai NetSession Interface] "c:\users\katerina\appdata\local\akamai\netsession_win.exe"
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [OneDrive] "c:\users\katerina\appdata\local\microsoft\onedrive\OneDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [Uninstall 17.3.6390.0509] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\katerina\appdata\local\microsoft\onedrive\17.3.6390.0509"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [NCUpdateHelper] c:\program files\ncwest\nclauncher\NCUpdateHelper.exe
mRun: [FAHConsole] c:\program files\file association helper\FAHConsole.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WindowsDefender] "c:\program files\windows defender\MSASCuiL.exe"
mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
StartupFolder: c:\users\katerina\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Virtual%20Families/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0a5d503a-d8c4-4484-b5b5-f1f19a879051} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0a5d503a-d8c4-4484-b5b5-f1f19a879051}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0e9a1ce3-ec17-41a0-b4d1-8eb168b70720} : NameServer = 172.16.0.73 172.16.0.74
TCP: Interfaces\{63066fc7-6a9e-4531-982b-68a4e896c533} : NameServer = 217.171.135.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\59.0.3071.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\katerina\appdata\roaming\mozilla\firefox\profiles\hno59f6g.default\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=229&clid=1998804
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\katerina\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2016-10-30 188928]
S3 AcpiDev;Controlador de dispositivos ACPI;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-07-10 10:26:15 39168 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff426b03-e347-4bc2-ad8f-fa67f2bae109}\MpKsl76eca19a.sys
2017-07-10 10:22:16 10685920 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff426b03-e347-4bc2-ad8f-fa67f2bae109}\mpengine.dll
2017-07-10 05:40:15 162240 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-10 05:36:42 85400 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-10 05:36:42 74656 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-10 05:35:44 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-10 05:35:36 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-10 05:35:05 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-10 05:34:20 -------- d-----w- c:\program files\Malwarebytes
2017-07-10 01:38:10 10685920 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2017-07-10 01:24:50 -------- d-s---w- c:\windows\UpdateAssistantV2
2017-07-09 07:48:59 941568 ----a-w- c:\windows\system32\localspl.dll
2017-07-09 07:47:59 2560 ----a-w- c:\windows\system32\tzres.dll
2017-07-09 07:47:59 232448 ----a-w- c:\windows\system32\edputil.dll
2017-07-09 07:47:52 996192 ----a-w- c:\windows\system32\aeinv.dll
2017-07-09 07:47:51 503808 ----a-w- c:\program files\common files\microsoft shared\ink\Microsoft.Ink.dll
2017-07-09 07:47:41 1336160 ----a-w- c:\windows\system32\appraiser.dll
2017-07-09 07:47:38 455000 ----a-w- c:\windows\system32\devinv.dll
2017-07-09 07:47:30 284000 ----a-w- c:\windows\system32\invagent.dll
2017-07-09 07:46:59 113504 ----a-w- c:\windows\system32\acmigration.dll
2017-07-09 07:45:03 27136 ----a-w- c:\windows\system32\fdProxy.dll
2017-07-09 06:34:33 916160 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b3a9fc8-96c7-47ae-af8a-42867681833e}\gapaengine.dll
.
==================== Find3M ====================
.
2017-06-03 10:50:15 83296 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-03 10:50:15 514400 ----a-w- c:\windows\system32\generaltel.dll
2017-06-03 10:50:15 192856 ----a-w- c:\windows\system32\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- c:\windows\system32\atmfd.dll
2017-06-03 10:50:03 30560 ----a-w- c:\windows\system32\DeviceCensus.exe
2017-06-03 10:50:03 254816 ----a-w- c:\windows\system32\dcntel.dll
2017-06-03 10:50:03 101216 ----a-w- c:\windows\system32\ImplatSetup.dll
2017-06-03 10:22:25 231776 ----a-w- c:\windows\system32\drivers\sdbus.sys
2017-06-03 10:15:19 99672 ----a-w- c:\windows\system32\drivers\tm.sys
2017-06-03 10:13:40 1725136 ----a-w- c:\windows\system32\KernelBase.dll
2017-06-03 10:13:11 5996384 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-06-03 10:03:33 950112 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-06-03 10:03:23 94560 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-06-03 09:58:29 154976 ----a-w- c:\windows\system32\drivers\dumpsd.sys
2017-06-03 09:58:13 340832 ----a-w- c:\windows\system32\msv1_0.dll
2017-06-03 09:55:59 1896288 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-06-03 09:55:57 342368 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-06-03 09:55:19 780640 ----a-w- c:\windows\system32\WWAHost.exe
2017-06-03 09:54:53 290656 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2017-06-03 09:53:51 454496 ----a-w- c:\windows\system32\drivers\storport.sys
2017-06-03 09:52:57 1021784 ----a-w- c:\windows\system32\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- c:\windows\system32\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- c:\windows\system32\NetSetupEngine.dll
2017-06-03 09:48:24 1384704 ----a-w- c:\windows\system32\sppobjs.dll
2017-06-03 09:44:50 545944 ----a-w- c:\windows\system32\fontdrvhost.exe
2017-06-03 09:44:50 1409536 ----a-w- c:\windows\system32\gdi32full.dll
2017-06-03 09:43:16 1964384 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-06-03 09:39:04 5686272 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
2017-06-03 09:32:39 31232 ----a-w- c:\windows\system32\drivers\BasicRender.sys
2017-06-03 09:31:50 37376 ----a-w- c:\windows\system32\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- c:\windows\system32\ExSMime.dll
2017-06-03 09:31:11 42496 ----a-w- c:\windows\system32\musdialoghandlers.dll
2017-06-03 09:30:20 203264 ----a-w- c:\windows\system32\MusNotification.exe
2017-06-03 09:29:03 82944 ----a-w- c:\windows\system32\MusNotificationUx.exe
2017-06-03 09:26:44 187904 ----a-w- c:\windows\system32\wbem\ndisimplatcim.dll
2017-06-03 09:26:14 129536 ----a-w- c:\windows\system32\wbem\netswitchteamcim.dll
2017-06-03 09:26:00 100352 ----a-w- c:\windows\system32\AuthBrokerUI.dll
2017-06-03 09:25:56 165376 ----a-w- c:\windows\system32\dpapisrv.dll
2017-06-03 09:25:37 268288 ----a-w- c:\windows\system32\cloudAP.dll
2017-06-03 09:25:26 222720 ----a-w- c:\windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:25:13 417792 ----a-w- c:\windows\system32\MusUpdateHandlers.dll
2017-06-03 09:23:57 306688 ----a-w- c:\windows\system32\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- c:\windows\system32\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- c:\windows\system32\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- c:\windows\system32\netcorehc.dll
2017-06-03 09:22:10 215552 ----a-w- c:\windows\system32\HNetCfgClient.dll
2017-06-03 09:20:25 668672 ----a-w- c:\windows\system32\efscore.dll
2017-06-03 09:20:21 755712 ----a-w- c:\windows\system32\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- c:\windows\system32\certutil.exe
2017-06-03 09:19:37 500736 ----a-w- c:\windows\system32\wbem\NetAdapterCim.dll
2017-06-03 09:16:46 608768 ----a-w- c:\windows\system32\win32spl.dll
2017-06-03 09:16:32 884224 ----a-w- c:\windows\HelpPane.exe
2017-06-03 09:15:41 18364928 ----a-w- c:\windows\system32\edgehtml.dll
2017-06-03 09:08:23 2643968 ----a-w- c:\windows\system32\tquery.dll
2017-06-03 09:06:53 296960 ----a-w- c:\windows\system32\wuuhext.dll
2017-06-03 09:06:06 3664384 ----a-w- c:\windows\system32\jscript9.dll
2017-06-03 09:05:49 1236480 ----a-w- c:\windows\system32\win32kbase.sys
2017-06-03 09:05:29 183296 ----a-w- c:\windows\system32\NetSetupSvc.dll
2017-06-03 09:05:25 295424 ----a-w- c:\windows\system32\hnetcfg.dll
2017-06-03 09:05:12 1120768 ----a-w- c:\windows\system32\lsasrv.dll
2017-06-03 09:04:48 773120 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-06-03 09:04:45 1526272 ----a-w- c:\windows\system32\FntCache.dll
2017-06-03 09:04:36 6042624 ----a-w- c:\windows\system32\Chakra.dll
2017-06-03 09:04:06 2006528 ----a-w- c:\windows\system32\DWrite.dll
2017-06-03 09:03:09 1988096 ----a-w- c:\windows\system32\mssrch.dll
2017-06-03 09:02:30 2997760 ----a-w- c:\windows\system32\win32kfull.sys
2017-06-03 06:36:03 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-31 21:21:34 456360 ------w- c:\windows\system32\MpSigStub.exe
2017-05-25 06:56:38 34144 ----a-w- c:\windows\system32\OOBEUpdater.exe
2017-05-20 00:05:50 74072 ----a-w- c:\windows\system32\UNPUXWorker.exe
2017-04-28 01:33:50 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
2017-04-28 01:32:09 685440 ----a-w- c:\windows\system32\Windows.Internal.Shell.Broker.dll
2017-04-28 01:28:15 965472 ----a-w- c:\windows\system32\ReAgent.dll
2017-04-28 01:01:53 784064 ----a-w- c:\windows\system32\winresume.exe
2017-04-28 00:59:55 601712 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-28 00:58:41 1956704 ----a-w- c:\windows\system32\drivers\ntfs.sys
2017-04-28 00:56:56 2048488 ----a-w- c:\windows\system32\CoreUIComponents.dll
2017-04-28 00:55:11 583128 ----a-w- c:\windows\system32\CoreMessaging.dll
2017-04-28 00:51:41 277856 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-04-28 00:49:54 53080 ----a-w- c:\windows\system32\drivers\fsdepends.sys
2017-04-28 00:48:25 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
2017-04-28 00:46:09 1504056 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- c:\windows\system32\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- c:\windows\system32\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- c:\windows\system32\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- c:\windows\system32\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
2017-04-28 00:45:29 25440 ----a-w- c:\windows\system32\browser_broker.exe
2017-04-28 00:45:00 545120 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2017-04-28 00:43:59 1980768 ----a-w- c:\windows\system32\msxml6.dll
2017-04-28 00:43:55 458592 ----a-w- c:\windows\system32\drivers\spaceport.sys
2017-04-28 00:43:48 1557224 ----a-w- c:\windows\system32\crypt32.dll
2017-04-28 00:43:27 355168 ----a-w- c:\windows\system32\drivers\rdbss.sys
2017-04-28 00:43:10 846560 ----a-w- c:\windows\system32\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- c:\windows\system32\combase.dll
2017-04-28 00:41:08 361104 ----a-w- c:\windows\system32\tsmf.dll
2017-04-28 00:41:07 80224 ----a-w- c:\windows\system32\rdpudd.dll
.
============= FINISH: 19:08:58.71 ===============
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please, don«t forget me!
The last time I helped you, you abandoned the thread before we were finished:

http://www.techsupportforum.com/forums/f50/computer-slow-unable-to-run-gmer-835082.html

------------------------------------------------------
 

·
Registered
Joined
·
259 Posts
Discussion Starter #4 (Edited)
Hi

That was two years ago. I live in a different country from the rest of my family, and maybe I had to leave before you responded. Was it the same computer?

Looking at the link you sent, the thread ended with a couple of posts from me, to which the forum never responded.

I am in the UK at the moment, but will leave towards the end of next week. I will not be back until mid-September and then only for a couple of days. If I don't get anywhere now, I doubt if I will have enough time near the computer before June of next year.

So, I can't quite understand if you are unwilling to help, as a result.

Anyway, thank you
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello qimqim.

Looking at the link you sent, the thread ended with a couple of posts from me, to which the forum never responded
Your last thread had more than one page. Did you look at the last page of the thread?

------------------------------------------------------

I see no sign of infection in your logs. Your slowness issue is likely beyond malware. We'll see if anything turns up.

The last log indicates there are no system restore points on your machine. Did you disable System Restore?

If not, are you able to create a system restore point?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 

·
Registered
Joined
·
259 Posts
Discussion Starter #6
Here are the logs

The system "seems" to be a little better, but maybe it is just wishful thinking: it still takes about 2 minutes to load this page...

# AdwCleaner v6.047 - Logfile created 16/07/2017 at 10:04:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-13.1 [Local]
# Operating System : Windows 10 Home (X86)
# Username : Katerina - KATERINA-PC
# Running from : C:\Users\Katerina\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
[-] Folder deleted: C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iMeshV10.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iMesh_SETUP.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iMesh_V10_en_Setup.exe
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\webcakeupdaterservice
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dramanice.tv
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.dramanice.tv
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dramanice.tv
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.dramanice.tv


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "browser.search.searchengine.iconURL" - "hxxp://www.sweet-page.com/favicon.ico"
[-] Firefox preferences cleaned: "browser.search.searchengine.url" - "hxxp://www.sweet-page.com/web/?type=ds&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS&q={searchTerms}"
[-] Firefox preferences cleaned: "extensions.quick_start.enable_search1" - false
[-] Firefox preferences cleaned: "extensions.quick_start.sd.closeWindowWithLastTab_prev_state" - false
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: sweet-page
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ambjmeohlajelahhhniggkkceagdlcgj
[-] [C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iblenkmcolcdonmlfknbpbgjebabcoae
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.babylon.com_
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-search.com
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.babylon.com
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: sweet-page
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_______________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com___________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com______
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com__________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_____________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com_________________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com____________________________________
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS
[-] [C:\Users\ovk_cl9amcs\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iblenkmcolcdonmlfknbpbgjebabcoae


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [14693 Bytes] - [16/07/2017 10:04:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [14766 Bytes] - [16/07/2017 09:59:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [14841 Bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Katerina (administrator) on KATERINA-PC (16-07-2017 10:21:00)
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina & ovk_cl9amcs)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\Connect Manager\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
Failed to access process -> sttray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Esumsoft) C:\Program Files\POP Peeper\POPPeeper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\ProgramData\Connect Manager\OnlineUpdate\LiveUpd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-12] (IDT, Inc.)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM\...\Run: [NCUpdateHelper] => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3536064 2016-03-30] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Katerina\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [2648272 2016-06-20] (Esumsoft)
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -> No File
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-07-17] ()
Startup: C:\Users\Katerina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1510 series.lnk [2016-01-01]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 1510 series.lnk -> C:\Program Files\Hp\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a5d503a-d8c4-4484-b5b5-f1f19a879051}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0e9a1ce3-ec17-41a0-b4d1-8eb168b70720}: [NameServer] 172.16.0.73 172.16.0.74
Tcpip\..\Interfaces\{63066fc7-6a9e-4531-982b-68a4e896c533}: [NameServer] 217.171.135.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {717A7501-62C4-457E-A3C4-420C052B28AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2363029007-1819767463-4179413500-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=229&clid=1998805&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2363029007-1819767463-4179413500-1000 -> {23982DF5-BF3A-4D94-A8C6-75D18C23978F} URL = hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C010PT0D20150218&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-02] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-20] (Oracle Corporation)
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-20] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
IE Session Restore: HKU\S-1-5-21-2363029007-1819767463-4179413500-1000 -> is enabled.
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Virtual%20Families/Images/armhelper.ocx
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: hno59f6g.default
FF ProfilePath: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\hno59f6g.default [2017-06-01]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hno59f6g.default -> Yandex
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\hno59f6g.default -> Pesquisa Segura
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hno59f6g.default -> Yandex
FF Homepage: Mozilla\Firefox\Profiles\hno59f6g.default -> hxxp://www.yandex.ru/?win=229&clid=1998804
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\hno59f6g.default\searchplugins\McSiteAdvisor.xml [2016-03-29]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\hno59f6g.default\searchplugins\yandex.ru-054058.xml [2016-05-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-04-02] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2363029007-1819767463-4179413500-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Katerina\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-17] (Citrix Online)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-05-29]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/","hxxps://forum.avast.com/index.php?topic=166428.0","hxxps://www.google.com/analytics/web/#realtime/rt-location/a40629899w69875956p96793740/%3Fmetric.type%3DO/","hxxps://www.google.co.uk/","hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210PT0D20151204&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default [2017-07-16]
CHR Extension: (Google Drive) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-23]
CHR Extension: (Lanes | Todo app and Timer in your New Tab) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekgibgendkekeljccphbgcgnfmlcakcf [2017-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (Cut the Rope) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-05-31]
CHR Extension: (Angel Alliance) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhndggkkbanohpfnphfjccgblpgibjcg [2015-12-19]
CHR Extension: (We Heart It) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae [2017-07-16]
CHR Extension: (Office Online Copy and Paste) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2015-08-09]
CHR Extension: (Pixlr Touch Up) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-05-31]
CHR Extension: (Conceptboard) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio [2016-01-09]
CHR Extension: (Planner 5D - Interior Design) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-07]
CHR Extension: (LINE) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2017-07-10]
CHR Extension: (Pocket) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Senet Online) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcegikaljcfolenjkadbbaicbgjcpb [2015-12-19]
CHR Extension: (Yahoo Web) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgndpkiaggmiplpjmeibahedioaikcck [2015-05-31]
CHR Extension: (Chrome Media Router) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-16]
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-21]
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-21]

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.ru/?win=229&clid=1998804"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 Connect Manager. RunOuc; C:\Program Files\Connect Manager\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2014-01-15] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S3 npggsvc; C:\Windows\system32\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-03-30] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271488 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-29] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [162240 2017-07-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [85400 2017-07-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-07-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [74656 2017-07-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 10:21 - 2017-07-16 10:28 - 00019533 _____ C:\Users\Katerina\Desktop\FRST.txt
2017-07-16 10:20 - 2017-07-16 10:21 - 00000000 ____D C:\FRST
2017-07-16 10:18 - 2017-07-16 10:19 - 01780736 _____ (Farbar) C:\Users\Katerina\Desktop\FRST.exe
2017-07-16 10:17 - 2017-07-16 10:17 - 01780736 _____ (Farbar) C:\Users\Katerina\Downloads\FRST.exe
2017-07-16 10:11 - 2017-07-16 10:11 - 00014921 _____ C:\Users\Katerina\Desktop\AdwCleaner[C0].txt
2017-07-16 09:42 - 2017-07-16 10:04 - 00000000 ____D C:\AdwCleaner
2017-07-16 09:40 - 2017-07-16 09:42 - 04110280 _____ C:\Users\Katerina\Desktop\AdwCleaner.exe
2017-07-16 09:35 - 2017-07-16 09:38 - 04110280 _____ C:\Users\Katerina\Downloads\AdwCleaner.exe
2017-07-10 22:02 - 2017-07-16 10:06 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKaterina.job
2017-07-10 19:09 - 2017-07-10 19:09 - 00020048 _____ C:\Users\Katerina\Desktop\dds.txt
2017-07-10 19:09 - 2017-07-10 19:09 - 00004127 _____ C:\Users\Katerina\Desktop\attach.txt
2017-07-10 18:58 - 2017-07-10 18:58 - 00688992 ____R (Swearware) C:\Users\Katerina\Desktop\dds.scr
2017-07-10 18:50 - 2017-07-10 18:10 - 00000010 _____ C:\Users\Katerina\Desktop\TECHH.txt
2017-07-10 08:06 - 2017-07-10 08:06 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2017-07-10 06:40 - 2017-07-10 06:40 - 00162240 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-10 06:36 - 2017-07-16 10:06 - 00085400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-10 06:36 - 2017-07-16 10:06 - 00074656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-10 06:35 - 2017-07-16 10:06 - 00221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-10 06:35 - 2017-07-16 10:06 - 00040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-10 06:35 - 2017-07-10 06:35 - 00002097 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-10 06:35 - 2017-07-10 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-10 06:35 - 2017-06-27 12:06 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-07-10 06:34 - 2017-07-10 06:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-10 06:26 - 2017-07-10 06:28 - 65033984 _____ (Malwarebytes ) C:\Users\Katerina\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 02:24 - 2017-07-10 02:24 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-07-09 08:49 - 2017-06-03 11:22 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-09 08:49 - 2017-06-03 11:03 - 00950112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-09 08:49 - 2017-06-03 11:03 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-09 08:49 - 2017-06-03 10:58 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-09 08:49 - 2017-06-03 10:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-09 08:49 - 2017-06-03 10:54 - 00290656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-09 08:49 - 2017-06-03 10:43 - 01964384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-09 08:49 - 2017-06-03 10:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-09 08:49 - 2017-06-03 10:32 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-09 08:49 - 2017-06-03 10:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-07-09 08:49 - 2017-06-03 10:31 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-09 08:49 - 2017-06-03 10:30 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-09 08:49 - 2017-06-03 10:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-09 08:49 - 2017-06-03 10:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-09 08:49 - 2017-06-03 10:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-09 08:49 - 2017-06-03 10:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-09 08:49 - 2017-06-03 10:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-09 08:49 - 2017-06-03 10:06 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-09 08:49 - 2017-06-03 10:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-09 08:49 - 2017-06-03 10:04 - 01889792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-09 08:49 - 2017-06-03 10:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-09 08:49 - 2017-06-03 10:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-09 08:49 - 2016-09-07 05:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00514400 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00254816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-07-09 08:48 - 2017-06-03 11:50 - 00083296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-09 08:48 - 2017-06-03 11:50 - 00030560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-09 08:48 - 2017-06-03 11:15 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-09 08:48 - 2017-06-03 11:13 - 05996384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-09 08:48 - 2017-06-03 11:13 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-09 08:48 - 2017-06-03 10:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-09 08:48 - 2017-06-03 10:55 - 01896288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-09 08:48 - 2017-06-03 10:55 - 00342368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-09 08:48 - 2017-06-03 10:53 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-09 08:48 - 2017-06-03 10:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-07-09 08:48 - 2017-06-03 10:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-07-09 08:48 - 2017-06-03 10:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-07-09 08:48 - 2017-06-03 10:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-09 08:48 - 2017-06-03 10:48 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-07-09 08:48 - 2017-06-03 10:44 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-09 08:48 - 2017-06-03 10:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-09 08:48 - 2017-06-03 10:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-09 08:48 - 2017-06-03 10:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-09 08:48 - 2017-06-03 10:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-07-09 08:48 - 2017-06-03 10:25 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-07-09 08:48 - 2017-06-03 10:25 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-07-09 08:48 - 2017-06-03 10:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-07-09 08:48 - 2017-06-03 10:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-07-09 08:48 - 2017-06-03 10:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-07-09 08:48 - 2017-06-03 10:22 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-07-09 08:48 - 2017-06-03 10:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2017-07-09 08:48 - 2017-06-03 10:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-09 08:48 - 2017-06-03 10:20 - 00668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-09 08:48 - 2017-06-03 10:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-09 08:48 - 2017-06-03 10:16 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-09 08:48 - 2017-06-03 10:16 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-09 08:48 - 2017-06-03 10:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-09 08:48 - 2017-06-03 10:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-09 08:48 - 2017-06-03 10:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-09 08:48 - 2017-06-03 10:05 - 01236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-09 08:48 - 2017-06-03 10:05 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-07-09 08:48 - 2017-06-03 10:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-07-09 08:48 - 2017-06-03 10:05 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-07-09 08:48 - 2017-06-03 10:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-09 08:48 - 2017-06-03 10:04 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-09 08:48 - 2017-06-03 10:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-09 08:48 - 2017-06-03 10:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-09 08:48 - 2017-06-02 08:35 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-07-09 08:48 - 2017-05-25 07:56 - 00034144 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-07-09 08:47 - 2017-06-03 11:50 - 01336160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-09 08:47 - 2017-06-03 11:50 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-09 08:47 - 2017-06-03 11:50 - 00455000 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-09 08:47 - 2017-06-03 11:50 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-09 08:47 - 2017-06-03 10:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-09 08:47 - 2017-06-03 10:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-09 08:46 - 2017-06-03 11:50 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-09 08:45 - 2017-06-03 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 10:27 - 2010-10-17 18:14 - 00000000 ____D C:\Users\Katerina\AppData\Roaming\Skype
2017-07-16 10:25 - 2016-09-21 17:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-16 10:24 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-16 10:18 - 2016-07-16 18:32 - 01765446 _____ C:\WINDOWS\system32\prfh0816.dat
2017-07-16 10:18 - 2016-07-16 18:32 - 00682176 _____ C:\WINDOWS\system32\prfc0816.dat
2017-07-16 10:18 - 2016-01-01 14:12 - 02741946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-16 10:17 - 2010-02-05 04:50 - 00000342 ____H C:\dvmexp.idx
2017-07-16 10:12 - 2016-09-21 17:43 - 00000000 ____D C:\Users\Katerina
2017-07-16 10:10 - 2011-03-28 11:53 - 00000175 _____ C:\ProgramData\HPWALog.txt
2017-07-16 10:06 - 2016-09-21 18:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-16 10:05 - 2016-07-16 03:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-16 10:03 - 2010-10-17 17:53 - 00000000 ____D C:\temp
2017-07-16 10:00 - 2015-07-30 16:33 - 00000000 ___RD C:\Users\Katerina\OneDrive
2017-07-16 08:46 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-10 18:35 - 2015-07-30 16:33 - 00002417 _____ C:\Users\Katerina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-10 14:32 - 2015-07-22 07:19 - 00000282 __RSH C:\ProgramData\ntuser.pol
2017-07-10 11:56 - 2011-03-20 13:06 - 00000000 ____D C:\ProgramData\McAfee
2017-07-10 11:47 - 2014-08-10 09:53 - 00000000 ____D C:\Program Files\QuickTime
2017-07-10 11:44 - 2009-12-13 09:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-07-10 11:39 - 2010-12-25 10:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-07-10 11:38 - 2010-12-25 10:20 - 00000000 ____D C:\ProgramData\Apple
2017-07-10 11:37 - 2009-12-13 11:17 - 00000000 ____D C:\ProgramData\CyberLink
2017-07-10 11:28 - 2016-03-17 15:39 - 00000000 ____D C:\Users\Katerina\AppData\Local\Citrix
2017-07-10 11:18 - 2016-05-19 05:41 - 00000000 ____D C:\Users\Katerina\AppData\LocalLow\Yandex
2017-07-10 11:17 - 2016-05-19 05:41 - 00000000 ____D C:\Users\Katerina\AppData\Local\Yandex
2017-07-10 11:17 - 2016-05-19 05:40 - 00000000 ____D C:\Users\Katerina\AppData\Roaming\Yandex
2017-07-10 11:13 - 2010-11-20 11:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-10 11:12 - 2013-12-01 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-07-10 11:12 - 2013-12-01 11:08 - 00000000 ____D C:\Program Files\NCWest
2017-07-10 11:08 - 2014-10-18 23:20 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2017-07-10 11:07 - 2013-08-12 15:15 - 00000000 ____D C:\Program Files\iTunes
2017-07-10 11:05 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-10 10:12 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2017-07-10 08:06 - 2015-05-02 14:53 - 00000000 ____D C:\Program Files\Opera
2017-07-10 06:34 - 2011-12-23 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 05:59 - 2015-07-30 16:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-10 02:27 - 2016-09-21 17:35 - 00317872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-10 02:24 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-10 02:24 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-09 23:53 - 2012-10-20 18:00 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-09 10:05 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\rescache
2017-07-09 09:27 - 2013-07-18 08:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-09 09:17 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-09 09:08 - 2010-10-17 18:49 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-09 08:54 - 2009-07-14 03:04 - 00000499 _____ C:\WINDOWS\win.ini
2017-07-09 08:05 - 2017-05-23 09:32 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-09 08:05 - 2017-05-23 09:32 - 00000000 ____D C:\Program Files\UNP
2017-07-09 07:39 - 2015-05-30 09:59 - 00000000 ____D C:\Users\Katerina\AppData\Roaming\POP Peeper
2017-07-09 07:23 - 2016-07-16 09:29 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-09 07:23 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-09 07:23 - 2016-07-16 03:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-09 07:22 - 2016-07-16 09:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-09 07:22 - 2016-07-16 09:29 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-09 07:22 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-07-09 07:22 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-09 07:22 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer

==================== Files in the root of some directories =======

2011-01-31 18:06 - 2011-07-25 17:49 - 0001849 _____ () C:\Users\Katerina\AppData\Roaming\GhostObjGAFix.xml
2011-05-28 11:21 - 2011-05-08 15:58 - 0006940 _____ () C:\Users\Katerina\AppData\Roaming\poppeeper.ini.bak
2011-03-26 21:32 - 2011-11-03 19:11 - 0020865 _____ () C:\Users\Katerina\AppData\Roaming\UserTile.png
2011-05-07 14:46 - 2012-02-05 13:07 - 0000000 _____ () C:\Users\Katerina\AppData\Roaming\wklnhst.dat
2010-10-17 17:52 - 2010-10-17 17:52 - 0000000 _____ () C:\Users\Katerina\AppData\Local\AtStart.txt
2014-04-13 23:12 - 2014-04-13 23:12 - 0003584 _____ () C:\Users\Katerina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-17 17:52 - 2010-10-17 17:52 - 0000000 _____ () C:\Users\Katerina\AppData\Local\DSwitch.txt
2014-02-20 09:28 - 2014-02-20 09:59 - 0563989 _____ () C:\Users\Katerina\AppData\Local\Fiesta.bin
2012-09-14 20:10 - 2013-05-04 11:35 - 0004096 ____H () C:\Users\Katerina\AppData\Local\keyfile3.drm
2010-10-17 17:52 - 2010-10-17 17:52 - 0000000 _____ () C:\Users\Katerina\AppData\Local\QSwitch.txt
2016-05-19 05:34 - 2016-05-19 05:34 - 0000824 _____ () C:\Users\Katerina\AppData\Local\recently-used.xbel
2011-06-16 15:38 - 2011-06-16 15:38 - 0007605 _____ () C:\Users\Katerina\AppData\Local\Resmon.ResmonCfg
2015-12-29 14:03 - 2015-12-29 14:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-28 11:53 - 2017-07-16 10:10 - 0000175 _____ () C:\ProgramData\HPWALog.txt
2010-02-05 04:36 - 2010-02-05 04:36 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-12-13 11:19 - 2009-12-13 11:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-02-05 04:36 - 2010-02-05 04:36 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-12-13 11:17 - 2009-12-13 11:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

Some files in TEMP:
====================
2016-10-24 10:25 - 2016-10-24 10:25 - 0737856 _____ (Oracle Corporation) C:\Users\Katerina\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-11-05 20:59 - 2017-02-14 17:56 - 44050400 _____ (Skype Technologies S.A.) C:\Users\Katerina\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-09 08:43

==================== End of FRST.txt ============================
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, qimqim. Does your wife use Yandex?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Open Chrome and copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions

Click the trash can icon by We Heart It.

When prompted, click 'Remove'. Restart Chrome.

---------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {2D24E5C9-7CDB-423B-8E69-A90339E49C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {3A9F96F0-853F-4CA3-A45F-5DDC5106E59A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3E52E5C6-DE4B-4691-979E-1D5A78692B3F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5F4A8F1B-CB6C-4810-90CB-609B7FA07324} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {7B07359B-F482-43C7-B313-7C366BA0B29C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B280B4AE-4119-45D9-AC4E-A3C7D8DA326B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B319E4A9-A853-4DAA-ADB8-D544D01A38E1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D6E5DBB4-E976-4777-A412-5E184B05E271} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {DDBEE837-06E1-41D8-9FD4-472B7B4381CA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {EDA7C38D-114F-4609-8723-3DD93A66FE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F78B9CBD-FB6D-4770-B3A1-CB0E3707DAA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -> No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2363029007-1819767463-4179413500-1000 -> {23982DF5-BF3A-4D94-A8C6-75D18C23978F} URL = hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C010PT0D20150218&p={searchTerms}
    BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
    FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [not found]
    CHR StartupUrls: Default -> "hxxp://google.com/","hxxps://forum.avast.com/index.php?topic=166428.0","hxxps://www.google.com/analytics/web/#realtime/rt-location/a40629899w69875956p96793740/%3Fmetric.type%3DO/","hxxps://www.google.co.uk/","hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS"
    C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 

·
Registered
Joined
·
259 Posts
Discussion Starter #8
This used to be my daughter's computer. When I bought her a new one, she gave this one to her mother who is Russian. So, yes, she uses Yandex and the Cyrillic keyboard.

Now, your instructions: I went through the Chrome// extensions and created also the fixlist.txt. When I went on to run the FRST.exe, I made a mistake and pressed Scan...Unable to stop it I decided that all it would do was to create new logs; so I let it run.

However, when I ran it again and pressed "Fix" it ran for a while but eventually stopped with a Windows message that the programme had stopped- I tried it once more and now it hung while deleting Temporary Files ... Firefox/Profiles.

I decided to press "Fix" again and it started again but I am not sure if it continue what it was doing or started again from the beginning... Anyway, this time it finished but while shutting down to restart it produced a Windows box with a message about something in memory, which I did not have time to copy.

I have four browsers installed. I am happy to uninstall all but one.

This is the log you requested:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Katerina (17-07-2017 08:27:02) Run:2
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina & ovk_cl9amcs)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2D24E5C9-7CDB-423B-8E69-A90339E49C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3A9F96F0-853F-4CA3-A45F-5DDC5106E59A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E52E5C6-DE4B-4691-979E-1D5A78692B3F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F4A8F1B-CB6C-4810-90CB-609B7FA07324} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7B07359B-F482-43C7-B313-7C366BA0B29C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B280B4AE-4119-45D9-AC4E-A3C7D8DA326B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B319E4A9-A853-4DAA-ADB8-D544D01A38E1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D6E5DBB4-E976-4777-A412-5E184B05E271} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DDBEE837-06E1-41D8-9FD4-472B7B4381CA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EDA7C38D-114F-4609-8723-3DD93A66FE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F78B9CBD-FB6D-4770-B3A1-CB0E3707DAA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -> No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2363029007-1819767463-4179413500-1000 -> {23982DF5-BF3A-4D94-A8C6-75D18C23978F} URL = hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C010PT0D20150218&p={searchTerms}
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [not found]
CHR StartupUrls: Default -> "hxxp://google.com/","hxxps://forum.avast.com/index.php?topic=166428.0","hxxps://www.google.com/analytics/web/#realtime/rt-location/a40629899w69875956p96793740/%3Fmetric.type%3DO/","hxxps://www.google.co.uk/","hxxp://www.sweet-page.com/?type=hp&ts=1430681955&from=cor&uid=TOSHIBAXMK2556GSY_10T1F5OOSXX10T1F5OOS"
C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key not found.
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D24E5C9-7CDB-423B-8E69-A90339E49C6B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D24E5C9-7CDB-423B-8E69-A90339E49C6B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A9F96F0-853F-4CA3-A45F-5DDC5106E59A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A9F96F0-853F-4CA3-A45F-5DDC5106E59A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E52E5C6-DE4B-4691-979E-1D5A78692B3F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E52E5C6-DE4B-4691-979E-1D5A78692B3F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F4A8F1B-CB6C-4810-90CB-609B7FA07324} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F4A8F1B-CB6C-4810-90CB-609B7FA07324} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B07359B-F482-43C7-B313-7C366BA0B29C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B07359B-F482-43C7-B313-7C366BA0B29C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B280B4AE-4119-45D9-AC4E-A3C7D8DA326B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B280B4AE-4119-45D9-AC4E-A3C7D8DA326B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B319E4A9-A853-4DAA-ADB8-D544D01A38E1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B319E4A9-A853-4DAA-ADB8-D544D01A38E1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6E5DBB4-E976-4777-A412-5E184B05E271} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E5DBB4-E976-4777-A412-5E184B05E271} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDBEE837-06E1-41D8-9FD4-472B7B4381CA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDBEE837-06E1-41D8-9FD4-472B7B4381CA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDA7C38D-114F-4609-8723-3DD93A66FE4D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA7C38D-114F-4609-8723-3DD93A66FE4D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F78B9CBD-FB6D-4770-B3A1-CB0E3707DAA9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F78B9CBD-FB6D-4770-B3A1-CB0E3707DAA9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value removed successfully.
HKLM\Software\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-2363029007-1819767463-4179413500-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23982DF5-BF3A-4D94-A8C6-75D18C23978F} => key removed successfully.
HKLM\Software\Classes\CLSID\{23982DF5-BF3A-4D94-A8C6-75D18C23978F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key removed successfully.
HKLM\Software\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key removed successfully.
C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully.
Chrome StartupUrls => removed successfully.
"C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65652403 B
Java, Flash, Steam htmlcache => 7462 B
Windows/system/drivers => 497290916 B
Edge => 3807404 B
Chrome => 164194564 B
Firefox => 381938633 B
Opera => 235358745 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
LocalService => 2038 B
NetworkService => 120619964 B
Katerina => 575217697 B
ovk_cl9amcs => 147461 B
DefaultAppPool => 0 B

RecycleBin => 9003009 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:55:05 ====
 

·
Registered
Joined
·
259 Posts
Discussion Starter #9
One interesting fact:

The fixlist.txt that I placed in the "Desktop" disappeared and I founf it inside a folder in the Desktop. I don't know if that happened only after the FRST ran successfully (last time I tried) or when it stopped or hang)
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, qimqim. No worries, the fix worked. Any improvement in behavior?

And, no need to uninstall any browsers, unless you want to.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware 3.0
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the Reports tab
  • Double-click on the Scan Report which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
----------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 8 Update 31

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > http://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
 

·
Registered
Joined
·
259 Posts
Discussion Starter #11
Hi Chemist

I would like to upgrade the titlem of the thread from "very, very slow" to "very slow"! Thre is certainly a big improvement but still slow. The Este scan took 8 1/2 hours to go through some 300odd thousand files!

The scans did not find any threats and so there is no Eset report.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/18/17
Scan Time: 6:48 AM
Log File: Mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2387
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1480)
CPU: x86
File System: NTFS
User: KATERINA-PC\Katerina

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433831
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 11 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, qimqim. Your logs appear clean.

It appears your problems are beyond malware, and I am only trained in malware removal.

I suggest you seek expert advice in our Windows 10 Support Forum or Hardware Support Forum

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

http://www.bleepingcomputer.com/announcement/frivolous-lawsuits/help-bleepingcomputer-defend-freedom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
You're very welcome. qimqim! Glad to have helped. :wave:

Let them know you were here first and were cleared of malware.
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top