Jump to content

HooveryBoop

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. HooveryBoop
    StayHi there, Aura. I'm hoovery but please call me Leo. Unfortunately I could get the Attachment option to work. So I had to copy and paste. Sorry for the inconvenience. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017 Ran by julie (administrator) on LAPTOP-IV3TQNOO (30-07-2017 22:11:10) Running from C:\Users\julie\Downloads Loaded Profiles: julie (Available Profiles: julie) Platform: Windows 10 Home (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe () C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11332\weather.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (SweetLabs, Inc) C:\Users\julie\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\MusNotification.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-08-18] (ELAN Microelectronics Corp.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [WebBar Toolbar] => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [190184 2017-07-13] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [5160360 2016-10-08] (RAIDCALL.COM) HKLM-x32\...\RunOnce: [Dadohedese] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\julie\AppData\Roaming\Hemamaso" HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Chromium] => "c:\users\julie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.) HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Discord] => C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{d100cc34-97e3-45e6-8821-cc16be3f2d48}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10c1 HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://homepage-web.com/?s=toshibaupd&m=start SearchScopes: HKLM -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_28_rps115078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtBtBtFtAtFtCtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByCzzzytCyE0A0FtGtAzztB0DtGzyyDzytDtGyE0AyC0FtGyEzz0D0FtBtD0CyEtB0EyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD%26cr%3D1181300827%26a%3Dwbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_28_rps115078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtBtBtFtAtFtCtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByCzzzytCyE0A0FtGtAzztB0DtGzyyDzytDtGyE0AyC0FtGyEzz0D0FtBtD0CyEtB0EyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD%26cr%3D1181300827%26a%3Dwbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072117-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms} SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\julie\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp:www.fidonav.com CHR StartupUrls: Default -> "hxxp:www.fidonav.com" CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default [2017-07-30] CHR Extension: (Google Docs) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20] CHR Extension: (Google Drive) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20] CHR Extension: (Skype Calling) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-09] CHR Extension: (YouTube) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-06-18] CHR Extension: (Gyazo) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-07-30] CHR Extension: (Roblox Skin Plugin) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdffiaienijhlncnddboikalooffgiob [2016-10-27] CHR Extension: (Google Docs Offline) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20] CHR Extension: (Roblox+) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-07-30] CHR Extension: (Grammarly for Chrome) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-30] CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2017-01-17] CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-07-19] CHR Extension: (Office Online) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-05-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Gmail) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20] CHR Extension: (Chrome Media Router) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2551010487-507632001-2136295685-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2551010487-507632001-2136295685-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2016-01-07] (Broadcom Corporation.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-08-18] (ELAN Microelectronics Corp.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382440 2016-08-23] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.) S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.) R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH) R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe [155784 2016-04-26] () R2 ThevSnapshotService; C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] () R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA) R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-07-22] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-07-10] (ASIX Electronics Corp.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2016-01-07] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] () R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31832 2016-08-18] (ELAN Microelectronic Corp.) R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [7401968 2016-08-23] (Intel Corporation) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-29] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-30] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-30] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-30] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-30] (Malwarebytes) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.) R1 MpKsl77d267f6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{245527DF-8FC2-4E6A-8426-905726E003C3}\MpKsl77d267f6.sys [44928 2017-07-30] (Microsoft Corporation) S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-02] (Realtek Semiconductor Corp.) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-30 22:11 - 2017-07-30 22:12 - 000024884 _____ C:\Users\julie\Downloads\FRST.txt 2017-07-30 22:10 - 2017-07-30 22:11 - 000000000 ____D C:\FRST 2017-07-30 22:09 - 2017-07-30 22:10 - 002381312 _____ (Farbar) C:\Users\julie\Downloads\FRST64.exe 2017-07-30 22:03 - 2017-07-30 22:03 - 000016148 _____ C:\Windows\system32\LAPTOP-IV3TQNOO_julie_HistoryPrediction.bin 2017-07-30 10:17 - 2017-07-30 10:17 - 000000045 _____ C:\Users\julie\AppData\Roaming\WB.CFG 2017-07-30 10:17 - 2017-07-30 10:17 - 000000000 ___HD C:\$WINDOWS.~BT 2017-07-29 16:42 - 2017-07-29 16:42 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-07-29 16:41 - 2017-07-30 21:52 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-07-29 16:41 - 2017-07-30 12:03 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-29 16:41 - 2017-07-30 12:03 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-07-29 16:41 - 2017-07-30 12:03 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-07-29 16:41 - 2017-07-29 16:41 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-07-29 16:41 - 2017-07-29 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-07-29 16:41 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-07-29 16:40 - 2017-07-29 16:40 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-07-29 16:40 - 2017-07-29 16:40 - 000000000 ____D C:\Program Files\Malwarebytes 2017-07-29 16:39 - 2017-07-29 16:39 - 065033984 _____ (Malwarebytes ) C:\Users\julie\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-07-29 16:34 - 2017-07-29 16:34 - 000001331 _____ C:\Users\julie\Desktop\Continue DLL Injector Latest Version Installation.lnk 2017-07-29 16:25 - 2017-07-29 16:25 - 000003556 _____ C:\Windows\System32\Tasks\PROPCCleaner_Popup 2017-07-29 16:25 - 2017-07-29 16:25 - 000003334 _____ C:\Windows\System32\Tasks\PROPCCleaner_Start 2017-07-29 16:25 - 2017-07-29 16:25 - 000000000 ____D C:\Users\julie\AppData\Local\PRO_PC_Cleaner 2017-07-29 16:18 - 2017-07-30 21:17 - 000000306 _____ C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job 2017-07-29 16:18 - 2017-07-29 16:22 - 000000000 ____D C:\Users\julie\AppData\Local\chromium 2017-07-29 16:18 - 2017-07-29 16:18 - 000002846 _____ C:\Windows\System32\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642} 2017-07-29 16:18 - 2017-07-29 16:18 - 000000000 ____D C:\Users\julie\AppData\Roaming\dll 2.0 2017-07-29 16:17 - 2017-07-30 10:17 - 000000000 ____D C:\Users\julie\AppData\Roaming\34DDA7C1-41C8-4ED3-5D07-0F245CEFE642 2017-07-29 16:17 - 2017-07-29 16:30 - 000000000 ____D C:\Users\julie\Documents\PROPCCleaner 2017-07-29 16:17 - 2017-07-29 16:17 - 000018050 _____ C:\Users\julie\AppData\Roaming\Hemamaso 2017-07-29 16:17 - 2017-07-29 16:17 - 000003554 _____ C:\Windows\System32\Tasks\6d10cc27-4e9f-4ccc-8e4b-69e4cc3613de 2017-07-29 16:16 - 2017-07-30 11:44 - 000000000 ____D C:\Program Files (x86)\PRO PC Cleaner 2017-07-29 16:16 - 2017-07-30 10:06 - 000000000 ____D C:\Users\julie\AppData\Local\WebBar 2017-07-29 16:16 - 2017-07-29 16:29 - 000000000 ____D C:\Users\julie\AppData\Local\{CA15FC49-EEBD-90F1-8325-B519A74D4981} 2017-07-29 16:16 - 2017-07-29 16:16 - 000003814 _____ C:\Windows\System32\Tasks\WBUpdateTask 2017-07-29 16:16 - 2017-07-29 16:16 - 000003288 _____ C:\Windows\System32\Tasks\WBLaunchTask 2017-07-29 16:16 - 2017-07-29 16:16 - 000000000 ____D C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner 2017-07-29 16:16 - 2017-07-29 16:16 - 000000000 ____D C:\Program Files\WebBarMedia 2017-07-29 16:15 - 2017-07-29 16:15 - 001516354 _____ ( ) C:\Users\julie\Downloads\DLLInjector v2.0 Installer_1277516118.exe 2017-07-29 16:13 - 2017-07-29 16:14 - 000319488 _____ C:\Users\julie\Downloads\DLLInjector-LatestVersion.exe 2017-07-29 16:07 - 2017-07-29 16:07 - 001516354 _____ ( ) C:\Users\julie\Downloads\DLLInjector v2.0 Installer_0052953587.exe 2017-07-29 16:03 - 2017-07-29 16:13 - 000659968 _____ C:\Users\julie\Downloads\JJSploit.dll 2017-07-29 16:01 - 2017-07-29 16:01 - 000220672 _____ C:\Users\julie\Downloads\Prison_Life_Client (1).dll 2017-07-29 15:50 - 2017-07-29 15:50 - 000220672 _____ C:\Users\julie\Downloads\Prison_Life_Client.dll 2017-07-29 15:42 - 2017-07-29 15:42 - 000851968 _____ () C:\Users\julie\Downloads\Infinite_Jump.exe 2017-07-29 10:58 - 2017-07-29 10:58 - 049504312 _____ (Grammarly) C:\Users\julie\Downloads\GrammarlySetup.exe 2017-07-28 15:19 - 2017-07-28 15:19 - 001202160 _____ (Adobe Systems Incorporated) C:\Users\julie\Downloads\flashplayer26pp_xa_install.exe 2017-07-23 21:21 - 2017-07-23 21:21 - 005317746 _____ C:\Users\julie\Downloads\robloxapp-20170723-1539096.wmv 2017-07-21 22:17 - 2017-07-21 22:28 - 000000000 ____D C:\Program Files\rempl 2017-07-21 17:53 - 2017-07-21 17:53 - 000000000 ____D C:\Users\julie\AppData\Local\Lavasoft 2017-07-21 17:53 - 2017-07-21 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-07-21 17:52 - 2017-07-21 21:56 - 000002880 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2017-07-21 17:52 - 2017-07-21 21:56 - 000002880 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2017-07-21 17:52 - 2017-07-21 17:52 - 000425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2017-07-21 17:52 - 2017-07-21 17:52 - 000345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2017-07-21 17:52 - 2017-07-21 17:52 - 000000000 ____D C:\Users\julie\AppData\Roaming\Lavasoft 2017-07-21 17:51 - 2017-07-21 17:51 - 000000000 ____D C:\ProgramData\Lavasoft 2017-07-21 17:51 - 2017-07-21 17:51 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-07-21 17:44 - 2017-07-21 17:44 - 000000002 _____ C:\Users\julie\AppData\Roaming\view.txt 2017-07-18 08:10 - 2017-07-18 08:11 - 001981530 _____ C:\Users\julie\Downloads\robloxapp-20170718-1102169.wmv 2017-07-17 17:54 - 2017-07-17 17:54 - 001501144 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer.exe 2017-07-17 17:54 - 2017-07-17 17:54 - 001501144 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer (1).exe 2017-07-17 17:54 - 2017-07-17 17:54 - 001048576 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer (3).exe.hwr9ew5.partial 2017-07-12 17:24 - 2017-07-12 17:24 - 000031325 _____ C:\Users\julie\Downloads\MI5.html 2017-07-12 17:24 - 2017-07-12 17:24 - 000000000 ____D C:\Users\julie\Downloads\MI5_files 2017-07-09 20:03 - 2017-07-28 10:36 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk 2017-07-09 20:03 - 2017-07-28 10:36 - 000000808 _____ C:\Users\julie\Desktop\Windows 10 Update Assistant.lnk 2017-07-09 08:24 - 2017-07-09 08:24 - 000000000 ____D C:\Windows\UpdateAssistant 2017-07-07 17:31 - 2017-06-30 10:45 - 001571520 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 001221824 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 000636096 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 000551104 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 000341184 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 000143040 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-07-07 17:31 - 2017-06-30 10:45 - 000103616 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-07-07 17:31 - 2017-06-30 10:45 - 000041664 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-07-07 17:31 - 2017-06-30 08:34 - 000335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-07-07 17:31 - 2017-06-30 08:34 - 000225632 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-30 21:45 - 2016-08-18 08:36 - 000000302 _____ C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job 2017-07-30 21:41 - 2016-07-25 08:47 - 000000298 _____ C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job 2017-07-30 21:39 - 2016-07-16 01:37 - 000000306 _____ C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job 2017-07-30 20:48 - 2017-02-24 20:44 - 000000544 _____ C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job 2017-07-30 16:34 - 2017-02-24 20:43 - 000000000 ____D C:\Users\julie\AppData\Roaming\vSnapshot 2017-07-30 16:31 - 2016-07-25 15:04 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE21E331-717B-4378-B372-CE0E1B312EC6} 2017-07-30 15:11 - 2016-08-20 13:41 - 000000000 ____D C:\Users\julie\AppData\Roaming\WeatherTool 2017-07-30 10:20 - 2015-08-06 18:55 - 000000000 ____D C:\Windows\Panther 2017-07-30 10:13 - 2016-01-07 09:43 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-30 10:13 - 2015-07-10 12:02 - 000000000 ____D C:\Windows\INF 2017-07-30 10:12 - 2015-07-10 12:04 - 000000000 ___HD C:\Program Files\WindowsApps 2017-07-30 10:12 - 2015-07-10 12:04 - 000000000 ____D C:\Windows\AppReadiness 2017-07-30 10:11 - 2016-04-28 22:15 - 000000000 ____D C:\Users\julie\AppData\Local\Host App Service 2017-07-30 10:07 - 2016-08-20 13:40 - 000000000 __SHD C:\Users\julie\IntelGraphicsProfiles 2017-07-30 10:07 - 2016-04-28 22:00 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-07-30 10:07 - 2016-01-07 10:08 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-07-30 10:07 - 2015-07-10 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-30 10:06 - 2016-07-16 01:35 - 000000000 ____D C:\Program Files\ByteFence 2017-07-30 10:06 - 2015-07-10 10:05 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-07-29 17:03 - 2016-11-26 15:44 - 000000000 ____D C:\Users\julie\AppData\Roaming\discord 2017-07-29 16:17 - 2016-07-16 01:36 - 000004476 _____ C:\Windows\System32\Tasks\Yahoo! Powered recon 2017-07-29 16:16 - 2016-01-07 10:08 - 000000000 ____D C:\ProgramData\McAfee 2017-07-29 15:05 - 2016-08-20 13:32 - 000000000 ____D C:\Users\julie\AppData\Local\Roblox 2017-07-28 12:23 - 2016-08-20 13:32 - 000000000 ____D C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-07-28 10:38 - 2016-06-30 15:37 - 000000000 ____D C:\Windows10Upgrade 2017-07-28 10:26 - 2017-04-21 21:50 - 000003166 _____ C:\Windows\System32\Tasks\Advanced-PC-Care_Logon 2017-07-21 21:57 - 2017-01-02 20:07 - 000041174 _____ C:\appverifier.txt 2017-07-21 21:56 - 2016-04-28 22:15 - 000000000 ____D C:\Users\julie 2017-07-19 07:23 - 2016-04-30 00:44 - 000000000 ____D C:\Windows\system32\MRT 2017-07-19 07:17 - 2016-04-30 00:44 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-07-18 22:15 - 2015-07-10 12:04 - 000000000 ____D C:\Windows\system32\appraiser 2017-07-09 08:24 - 2015-07-10 11:55 - 000000000 ____D C:\Windows\CbsTemp ==================== Files in the root of some directories ======= 2017-07-29 16:17 - 2017-07-29 16:17 - 000018050 _____ () C:\Users\julie\AppData\Roaming\Hemamaso 2017-07-21 17:44 - 2017-07-21 17:44 - 000000002 _____ () C:\Users\julie\AppData\Roaming\view.txt 2017-07-30 10:17 - 2017-07-30 10:17 - 000000045 _____ () C:\Users\julie\AppData\Roaming\WB.CFG 2016-01-07 09:56 - 2016-01-07 09:56 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job Some files in TEMP: ==================== 2017-07-29 16:19 - 2017-07-29 16:16 - 000883024 _____ (McAfee, Inc.) C:\Users\julie\AppData\Local\Temp\0017231501341572mcinst.exe 2017-07-29 16:34 - 2017-07-29 16:34 - 001516354 _____ ( ) C:\Users\julie\AppData\Local\Temp\ICReinstall_DLLInjector v2.0 Installer_1277516118.exe 2017-07-28 10:36 - 2017-07-28 10:36 - 006457520 _____ (Microsoft Corporation) C:\Users\julie\AppData\Local\Temp\Windows10Upgrade.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-17 13:30 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017 Ran by julie (30-07-2017 22:14:04) Running from C:\Users\julie\Downloads Windows 10 Home (X64) (2016-04-28 21:00:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2551010487-507632001-2136295685-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2551010487-507632001-2136295685-503 - Limited - Disabled) Guest (S-1-5-21-2551010487-507632001-2136295685-501 - Limited - Disabled) julie (S-1-5-21-2551010487-507632001-2136295685-1001 - Administrator - Enabled) => C:\Users\julie ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) App Explorer (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Host App Service) (Version: 0.273.2.204 - SweetLabs) Bluetooth(R) Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.9.0.3 - Byte Technologies LLC) <==== ATTENTION Discord (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.) Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation) KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) McAfee Internet Security (HKLM-x32\...\MSC) (Version: - ) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project) PriceFountain (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\FaithfulsUplanders) (Version: - ) <==== ATTENTION PRO PC Cleaner (HKLM-x32\...\PRO PC Cleaner) (Version: 3.1.8 - PRO PC Cleaner) <==== ATTENTION RaidCall (HKLM-x32\...\RaidCall) (Version: 8.2.0-1.0.3231.155 - raidcall.com.ru) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.) ROBLOX Player for julie (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for julie (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic) Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.1.0 - Symbaloo Launcher by Toshiba Europe GmbH) The Desktop Weather 2.0.1.11332 (HKLM\...\WeatherTool) (Version: 2.0.1.11332 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.26 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.01.6401 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{EDC626BA-3E59-44C4-96B4-9066E29BF600}) (Version: 3.1.0.2 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation) TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH) Update for PriceFountain (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}) (Version: - Update for PriceFountain) <==== ATTENTION UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.54.2 - Compal) Hidden Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.54.2 - Compal) Hidden vSnapshot 1.0.0.0 (HKLM\...\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}) (Version: 1.0.0.0 - ShenZhen Zhihuimen Techology co,.Ltd) <==== ATTENTION Web Companion (HKLM-x32\...\{1d697d07-6a9c-4146-afb0-5c30b394f80e}) (Version: 3.1.1602.3093 - Lavasoft) WebBar Toolbar 5.5.6403.17695 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 5.5.6403.17695 - WebBar) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) Yahoo! Powered (HKLM-x32\...\{3FFFD73F-6F7F-06BF-DEFF-763F0E7FA5BF}) (Version: - ) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-08-23] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {061A9E36-6AE6-4424-81E0-8BC539FF89B8} - System32\Tasks\WBLaunchTask => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [2017-07-13] () Task: {068BCC7E-627C-45BB-AB42-D34A16C1CE90} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {170587FA-2EC6-4E0C-BD2E-005FCFC00338} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation) Task: {1DD17FC0-5340-4994-A6FD-11ECD4C635DF} - System32\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3} => C:\users\julie\appdata\local\{382C0~1\UNINST~1.EXE <==== ATTENTION Task: {2089C66B-4A78-4B84-AD75-31D04F054EB9} - System32\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642} => C:\Users\julie\AppData\Roaming\34DDA7C1-41C8-4ED3-5D07-0F245CEFE642\syncversion.exe [2013-04-16] () Task: {241E70F1-1521-47B3-8FDC-1D4DE0ADD9FC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2015-07-15] (TOSHIBA Corporation) Task: {3ACF944F-42E6-46BB-9F30-B3CA2E309A9E} - System32\Tasks\Yahoo! Powered recon => "wscript.exe" "C:\ProgramData\{516E940D-DB2C-1ECB-5DEA-8089C7A80B47}\sese.txt" "68747470733a2f2f74646670612e636f6d" "433a5c50726f6772616d446174615c7b35313645393430442d444232432d314543422d354445412d3830383943374138304234377d5c6e61646f7269" "433a5c50726f6772616d446174615c7b35313645393430442d444232432d314543422d3544 (the data entry has 80 more characters). <==== ATTENTION Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW Task: {51BB9194-EFAF-4B2A-9C70-40B1A6352BE2} - System32\Tasks\App Explorer => C:\Users\julie\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-07-01] (SweetLabs, Inc) Task: {55308A66-295A-4BB2-8561-C68D190AD992} - System32\Tasks\PROPCCleaner_Start => C:\Program Files (x86)\PRO PC Cleaner\PROPCCleaner.exe <==== ATTENTION Task: {68907485-7696-4A13-8CDB-2201516FFEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.) Task: {6A96C0ED-6DC4-4ACB-8552-DE937224F0B9} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {71C8F0E2-479A-47FB-B3F5-8EC2A419502E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.) Task: {789B5B0F-579E-46E2-A566-EAC368F92BD6} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH) Task: {7A65F6B1-6176-4D34-A3FF-6E9ECE87775A} - System32\Tasks\WBUpdateTask => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [2017-07-13] () Task: {7E972757-3916-48F8-BBFD-A9F7E1F4AA97} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] () Task: {8A592C56-D0A6-4012-BFCB-86260AA14694} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {A6B4FFDD-3FAE-4DB7-821A-0BAAACF820FE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation) Task: {B33BA791-D88F-4E4E-992E-A0B5F196106D} - System32\Tasks\PROPCCleaner_Popup => C:\Program Files (x86)\PRO PC Cleaner\Splash.exe [2017-07-21] () <==== ATTENTION Task: {B5251E57-8A75-46C6-8BC0-92F5A084CC01} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {B627544D-E1E0-4EAA-A925-DD600AB3C1B0} - System32\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA} => C:\Users\julie\AppData\Roaming\{444BD~1\SyncTask.exe <==== ATTENTION Task: {B652FF5D-C05A-4357-875C-1FA21E7FD282} - System32\Tasks\6d10cc27-4e9f-4ccc-8e4b-69e4cc3613de => explorer "hxxps://my-safe-registration.com/n-welcome1?rwp_src1source=no" Task: {B9C0DE45-DFD3-4C34-856A-0D98B0D2C15D} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation) Task: {CAD7A48D-F33B-44CA-8D35-7D61AF3A99EC} - System32\Tasks\Advanced-PC-Care_Logon => C:\Program Files\Advanced-PC-Care\apc.exe <==== ATTENTION Task: {CD45E70E-9052-4598-A7A1-0A6F2D597815} - System32\Tasks\julieFaithfulsUplandersV2 => rundll32.exe ChunksTungstens.dll,main 7 1 <==== ATTENTION Task: {CFF2A3B7-E18E-42AE-AA43-99F02BEA2449} - System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873} => C:\Program Files (x86)\tools\update\tools_update.exe [2016-07-04] () Task: {D2C700EB-B7E4-418C-9E01-7FF01495EA2C} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation) Task: {EA3F3BEE-7490-4247-85AF-67BBC922800D} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION Task: {EABC576A-5C3E-44DE-9B89-5026F4131FF4} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe Task: {EB77AFE2-1CE3-4A9C-B45F-8D006E9AA232} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-27] (Realtek Semiconductor) Task: {ECC36DE0-6E2A-4E2F-AF69-5E0A75DD3C76} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation) Task: {F42A61A6-56E0-440B-B1FC-5147BC263744} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION Task: {FAC1DE6B-3205-489F-8F5C-7D45D3F15D4B} - System32\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D} => C:\Users\julie\AppData\Roaming\{46B27~1\sync.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job => C:\Program Files (x86)\tools\update\tools_update.exe Task: C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job => C:\Users\julie\AppData\Roaming\34DDA7~1\SYNCVE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job => C:\Users\julie\AppData\Roaming\{444BD~1\SyncTask.exe <==== ATTENTION Task: C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job => C:\Users\julie\AppData\Roaming\{46B27~1\sync.exe <==== ATTENTION Task: C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job => C:\users\julie\appdata\local\{382C0~1\UNINST~1.EXE <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-30 01:58 - 2015-07-30 01:58 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2016-12-24 04:30 - 2016-12-24 04:30 - 000152264 _____ () C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe 2016-04-26 11:47 - 2016-04-26 11:47 - 000155784 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe 2017-07-21 17:52 - 2017-07-22 22:26 - 000025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe 2017-07-21 17:52 - 2017-07-22 22:26 - 000017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll 2017-07-21 17:52 - 2017-07-22 22:26 - 000036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll 2017-06-16 07:34 - 2017-06-03 14:39 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-04-26 11:47 - 2016-04-26 11:47 - 001049736 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherEntryDll.dll 2015-06-18 12:58 - 2016-08-23 13:51 - 000410600 _____ () C:\Windows\system32\igfxTray.exe 2017-05-10 17:05 - 2017-04-28 00:44 - 006569472 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-12-18 00:33 - 2016-11-19 07:06 - 000471040 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-05-10 17:05 - 2017-04-28 00:42 - 001808384 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-30 00:20 - 2015-09-17 06:43 - 002274816 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-07-29 16:16 - 2017-07-13 10:49 - 000190184 _____ () C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe 2016-11-17 20:42 - 2016-10-25 08:15 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-02-26 10:12 - 2015-02-26 10:12 - 000330240 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe 2017-07-29 16:41 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-04-30 00:13 - 2015-09-17 06:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2017-05-10 17:06 - 2017-04-28 02:58 - 000642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-12-24 04:30 - 2016-12-24 04:30 - 000574152 _____ () C:\Program Files (x86)\vSnapshot\1.0.0.0\Updata.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 000543368 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPTask.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 000406664 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPNet.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 000428680 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPDR.dll 2017-06-29 16:14 - 2017-06-23 03:21 - 002877272 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll 2017-06-29 16:14 - 2017-06-23 03:21 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll 2017-01-12 00:55 - 2017-01-04 15:28 - 001958912 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 09:38 - 2017-01-12 09:38 - 001082880 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 09:38 - 2017-01-12 09:38 - 003750400 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 09:38 - 2017-01-12 09:38 - 000914432 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-12 09:38 - 2017-01-12 09:38 - 001127424 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-01-12 00:55 - 2017-01-04 15:28 - 002278912 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-12 00:55 - 2017-01-04 15:28 - 000096768 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-07-30 20:51 - 2017-07-30 20:51 - 000148992 _____ () \\?\C:\Users\julie\AppData\Local\Temp\9BBD.tmp.node 2017-01-12 09:38 - 2017-04-29 10:04 - 002658296 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 09:39 - 2017-03-22 19:00 - 002665976 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2017-07-21 21:56 - 000002024 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run32: => "isa" HKLM\...\StartupApproved\Run32: => "RaidCall" HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Gyazo" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D95DEA41-3B0E-4B34-B797-8FD7181E699B}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe FirewallRules: [{B66D737B-8411-4BCE-9730-95BF6720023C}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe FirewallRules: [{EA5392A7-3EBD-4D44-B09A-3CC34F694813}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe FirewallRules: [{1A76E133-C588-4C5F-8F62-B157A01423A8}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe FirewallRules: [{D1218A83-1FB8-4B61-A8AD-95E484732AB9}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe FirewallRules: [{E7C98A21-7ADB-4877-830F-27230ED8E18E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe FirewallRules: [{A701DB51-DE0A-4B72-AAD1-505EBEB1CDFD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{FF7FD586-4AE2-4D6F-AF8A-B4311ED93027}] => (Allow) C:\Users\julie\Steam.exe FirewallRules: [{02601B73-67E2-4391-9552-9505BD068AC3}] => (Allow) C:\Users\julie\Steam.exe FirewallRules: [{10871108-288A-45A0-A4B4-BF59B733FAF1}] => (Allow) C:\Users\julie\bin\steamwebhelper.exe FirewallRules: [{9F6FE9B3-0B80-4448-AB69-5B6AA23512A1}] => (Allow) C:\Users\julie\bin\steamwebhelper.exe FirewallRules: [{75D9594E-C0E4-4EC1-964D-DE8EFD8F843C}] => (Allow) C:\Program Files (x86)\RaidCall.RU\rcplugin.exe FirewallRules: [{43B1AD62-B3C7-40E9-B154-AD73D41BAC4A}] => (Allow) C:\Program Files (x86)\RaidCall.RU\rcplugin.exe FirewallRules: [TCP Query User{B3EC33A3-32F9-4AB4-A6B0-A949B4181337}C:\users\julie\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\julie\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{42C51A1E-8A19-444A-834A-6173D7BA8535}C:\users\julie\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\julie\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{55659157-8D23-49B7-BE17-6D30BB07F5CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2017 03:18:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Discord.exe, version: 0.0.41.0, time stamp: 0x586d73db Faulting module name: Discord.exe, version: 0.0.41.0, time stamp: 0x586d73db Exception code: 0xc0000005 Fault offset: 0x0008f874 Faulting process ID: 0x1724 Faulting application start time: 0x01d309136dbc42a5 Faulting application path: C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe Faulting module path: C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe Report ID: c179f25e-430f-4169-9ac1-f69d08189c0a Faulting package full name: Faulting package-relative application ID: Error: (07/30/2017 01:34:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.10240.16766 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 820 Start Time: 01d3092d9caf4b75 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 74915c20-7523-11e7-9d46-bf27a282b8b9 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (07/30/2017 01:34:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-IV3TQNOO) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (07/30/2017 12:02:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02 Faulting module name: CleanControllerImpl.dll, version: 3.1.0.317, time stamp: 0x594401af Exception code: 0xc0000005 Fault offset: 0x00000000000b6c0a Faulting process ID: 0x698 Faulting application start time: 0x01d309133611d155 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll Report ID: 84490d85-27e1-4d67-beb6-f109fe98cdf0 Faulting package full name: Faulting package-relative application ID: Error: (07/30/2017 11:57:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO) Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/30/2017 11:54:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO) Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/30/2017 11:49:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_Wcmsvc, version: 10.0.10240.16384, time stamp: 0x559f38cb Faulting module name: SubscriptionMgr.dll, version: 10.0.10240.16515, time stamp: 0x55fa5509 Exception code: 0xe0464645 Fault offset: 0x000000000000a7a6 Faulting process ID: 0x420 Faulting application start time: 0x01d3091333f5923c Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\SubscriptionMgr.dll Report ID: 384fd967-e378-4f83-85f3-554dd1779c01 Faulting package full name: Faulting package-relative application ID: Error: (07/30/2017 11:47:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO) Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/30/2017 10:22:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO) Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/30/2017 10:22:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HubTaskHost.exe, version: 16.0.7608.2350, time stamp: 0x58222a62 Faulting module name: Mso20Imm.dll, version: 16.0.7518.1000, time stamp: 0x5807b6ea Exception code: 0x0071d20d Fault offset: 0x000000000011a882 Faulting process ID: 0x1578 Faulting application start time: 0x01d309154d9b55df Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe Faulting module path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\Mso20Imm.dll Report ID: b57c402c-bb80-413f-879e-627ef7c65985 Faulting package full name: Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub System errors: ============= Error: (07/30/2017 12:03:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (07/30/2017 11:57:16 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-IV3TQNOO) Description: The server CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca did not register with DCOM within the required timeout. Error: (07/30/2017 11:54:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-IV3TQNOO) Description: The server CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca did not register with DCOM within the required timeout. Error: (07/30/2017 10:23:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/30/2017 10:23:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-07-21 22:31:41.855 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:41.742 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:41.231 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:41.140 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:26.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:26.297 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:25.264 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:25.154 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:24.179 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-21 22:31:23.689 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz Percentage of memory in use: 91% Total physical RAM: 1894 MB Available physical RAM: 160.17 MB Total Virtual: 5095.52 MB Available Virtual: 1135.04 MB ==================== Drives ================================ Drive c: (TIH0035500A) (Fixed) (Total:28.36 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 29.1 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Ill get back with you tommorow night GMT After work. Thanks for your help. Stay Happy
  2. HooveryBoop
    HOW DOES ONE SIMPLY GET OFF NEW MEMBER ROLE (2009 text inbound)
  3. HooveryBoop
    I do not believe windows operates with DLL Files. It may be a bug or RAT trying to shut down your sytem. Your welcome Stay Happy
  4. HooveryBoop
    I learned in the 'We Are Devs' discord server that the DLL Injector involves a lot of crapware and threats. I decided to run a threat scan and quarantine over 113 Threats. But this (the main reason I got Malwarebytes) still won't go away after a reboot. https://gyazo.com/513a2b845a5c1b3fa01f07d0f9c98c13 Please help me. Thanks Stay Happy
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.