Jump to content

britishp

Members
  • Content Count

    2
  • Joined

  • Last visited

About britishp

  • Rank
    New Member
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01 Ran by dolly (administrator) on DESKTOP-DIQ6QQQ (12-02-2019 18:13:00) Running from C:\Users\dolly\Desktop Loaded Profiles: dolly (Available Profiles: dolly) Platform: Windows 10 Home Single Language Version 1803 17134.523 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Trend Micro Inc.) C:\Users\dolly\Desktop\HijackThis.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe () C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1811.20017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes ) C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe () C:\Users\dolly\AppData\Local\Temp\is-5DEFM.tmp\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.tmp (Malwarebytes ) C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe () C:\Users\dolly\AppData\Local\Temp\is-9DJVE.tmp\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.tmp (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-07] (Google LLC -> Google Inc.) HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk [2016-10-15] ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{f78af62b-39fc-42d2-a1a6-8be3e456ba50}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-1833490991-1867548167-3640246325-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-1833490991-1867548167-3640246325-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM-x32 -> {FCAFB010-4BA3-46DA-88CA-FF32B1C50030} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1833490991-1867548167-3640246325-1001 -> {FCAFB010-4BA3-46DA-88CA-FF32B1C50030} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-11] (Microsoft Corporation -> Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-06] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default [2019-02-12] CHR Extension: (Slides) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31] CHR Extension: (IBM Security Rapport) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-01-02] CHR Extension: (Ledger Manager) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-18] CHR Extension: (YouTube) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-06] CHR Extension: (Sheets) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27] CHR Extension: (Avast Online Security) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26] CHR Extension: (Ledger Wallet Ethereum) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2018-12-13] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-10] CHR Extension: (Scout by Room Key) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgnapdjoikfndblbfpnaigadpcaabpk [2019-02-10] CHR Extension: (MetaMask) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-02-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11] CHR Extension: (Gmail) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30] CHR Extension: (Chrome Media Router) - C:\Users\dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-01] CHR HKU\S-1-5-21-1833490991-1867548167-3640246325-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation) R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-18] (Intel(R) Software -> Intel Corporation) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370784 2018-11-14] (Intel Corporation -> Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> ) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes) S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [465088 2016-03-30] (AVAST Software a.s. -> ) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation) S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X] S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166792 2019-01-19] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation -> B.H.A Corporation) R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-18] (Intel(R) Software -> Intel Corporation) R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-18] (Intel(R) Software -> Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-18] (Intel(R) Software -> Intel Corporation) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-12] (Malwarebytes Corporation -> Malwarebytes) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.) R1 RapportCerberus_1930074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [1651176 2018-10-10] (IBM -> IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.) R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [339920 2018-09-06] (IBM -> IBM Corp.) R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [604752 2018-09-06] (IBM -> IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek Semiconductor Corp -> Realtek ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-12 18:13 - 2019-02-12 18:33 - 000025616 _____ C:\Users\dolly\Desktop\FRST.txt 2019-02-12 18:11 - 2019-02-12 18:11 - 002434048 _____ (Farbar) C:\Users\dolly\Desktop\FRST64.exe 2019-02-12 15:36 - 2019-02-12 15:36 - 001367918 _____ C:\Users\dolly\Desktop\Passport Application Declaration.pdf 2019-02-12 12:36 - 2019-02-12 12:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\dolly\Desktop\HijackThis.exe 2019-02-11 10:16 - 2019-02-11 10:16 - 000016330 _____ C:\Users\dolly\Desktop\Untitled 2019-02-11 10:10 - 2019-02-11 10:10 - 000642962 _____ C:\Users\dolly\Desktop\2019 Year 3 and 4 Trip to Souq Waqif and MIA Park.pdf 2019-02-11 10:08 - 2019-02-11 10:08 - 000498195 _____ C:\Users\dolly\Desktop\2019 Letter from Head of Primary - Reminder.docx.pdf 2019-02-06 10:45 - 2019-02-06 10:45 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-02-06 10:45 - 2019-02-06 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-02-03 12:06 - 2019-02-03 12:06 - 000110288 _____ C:\Users\dolly\Desktop\CERTIFICATE OF ATTENDANCE_DR SHAFQAT MAHMOOD.PDF 2019-02-03 11:43 - 2019-02-03 11:43 - 000000109 ____H C:\Users\dolly\Desktop\.~lock.Self Test Random.odt# 2019-02-02 16:59 - 2019-02-02 16:59 - 000147607 _____ C:\Users\dolly\Desktop\GP SelfTest_GP SelfTest .pdf 2019-02-02 13:32 - 2019-02-12 12:32 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-02-01 17:20 - 2019-02-02 16:57 - 000036406 _____ C:\Users\dolly\Desktop\Self Test Random.odt 2019-02-01 14:57 - 2019-02-01 14:57 - 000976794 _____ C:\Users\dolly\Desktop\Cobe Compliance documents.pdf 2019-01-30 15:17 - 2019-01-30 15:17 - 000193561 _____ C:\Users\dolly\Desktop\NEW Registration Form 2018.pdf 2019-01-30 12:24 - 2019-01-30 12:24 - 000256667 _____ C:\Users\dolly\Desktop\dbs1.pdf 2019-01-30 11:18 - 2019-01-30 11:34 - 000014321 _____ C:\Users\dolly\Desktop\July.ods 2019-01-30 11:12 - 2019-01-30 11:18 - 000015397 _____ C:\Users\dolly\Desktop\August.ods 2019-01-30 10:58 - 2019-01-30 10:58 - 000015492 _____ C:\Users\dolly\Desktop\September.ods 2019-01-29 12:52 - 2019-01-29 12:52 - 000000109 ____H C:\Users\dolly\Desktop\.~lock.December.ods# 2019-01-29 12:37 - 2019-01-29 12:52 - 000014737 _____ C:\Users\dolly\Desktop\October.ods 2019-01-29 12:37 - 2019-01-29 12:52 - 000000109 ____H C:\Users\dolly\Desktop\.~lock.October.ods# 2019-01-29 12:11 - 2019-01-29 12:17 - 000014503 _____ C:\Users\dolly\Desktop\November.ods 2019-01-29 11:38 - 2019-01-29 11:55 - 000013345 _____ C:\Users\dolly\Desktop\December.ods 2019-01-29 11:04 - 2019-01-29 11:04 - 000026112 _____ C:\Users\dolly\Desktop\AccountStatement (1).xls 2019-01-29 11:02 - 2019-01-29 11:02 - 000053248 _____ C:\Users\dolly\Desktop\CardStatement (3).xls 2019-01-29 11:02 - 2019-01-29 11:02 - 000035840 _____ C:\Users\dolly\Desktop\CardStatement (4).xls 2019-01-28 20:54 - 2019-01-28 20:54 - 000011764 _____ C:\Users\dolly\Desktop\Passport application receipt PEX 339 338 1506 2019-01-28.pdf 2019-01-28 20:04 - 2019-01-28 23:34 - 000000000 ____D C:\Users\dolly\Desktop\Duty_rosters 2019-01-27 12:07 - 2019-01-27 12:07 - 000389970 _____ C:\Users\dolly\Desktop\QSL Cup Final School Invitation Letter.pdf 2019-01-27 12:02 - 2019-01-27 12:02 - 000000000 _____ C:\WINDOWS\system32\last.dump 2019-01-26 12:04 - 2019-01-26 12:04 - 000000698 _____ C:\Users\dolly\Desktop\PennyPerfect.lnk 2019-01-26 12:04 - 2019-01-26 12:04 - 000000000 ____D C:\Users\dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PennyPerfect 2019-01-19 14:25 - 2019-01-19 14:25 - 000000000 ____D C:\WINDOWS\LastGood 2019-01-14 21:17 - 2019-01-14 21:17 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-01-14 17:09 - 2019-01-14 17:10 - 000000000 ____D C:\WINDOWS\LastGood.Tmp ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-12 18:26 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-12 18:10 - 2018-11-22 11:47 - 000002802 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordolly 2019-02-12 18:10 - 2018-11-22 11:47 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordolly.job 2019-02-12 18:10 - 2018-06-01 14:49 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2019-02-12 18:10 - 2018-06-01 14:49 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-02-12 18:10 - 2018-06-01 14:49 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{097A26D4-EBF9-4D02-BD09-86D54F6A553C} 2019-02-12 18:10 - 2018-06-01 14:49 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-02-12 18:10 - 2018-06-01 14:49 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1833490991-1867548167-3640246325-1001 2019-02-12 18:10 - 2018-06-01 14:49 - 000002490 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent 2019-02-12 18:10 - 2018-06-01 14:49 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM 2019-02-12 18:10 - 2018-06-01 14:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2019-02-12 18:09 - 2018-06-01 13:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-12 18:07 - 2018-06-01 14:49 - 000004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update 2019-02-12 14:25 - 2017-05-19 13:15 - 000000000 ____D C:\FRST 2019-02-12 12:57 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-12 12:57 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-12 12:55 - 2016-03-30 01:26 - 000000000 ____D C:\Users\dolly\Documents\YouCam 2019-02-12 12:37 - 2016-03-30 01:24 - 000000000 ____D C:\Users\dolly\AppData\Local\VirtualStore 2019-02-12 12:33 - 2017-09-20 18:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-02-12 12:33 - 2016-03-30 01:24 - 000000000 __SHD C:\Users\dolly\IntelGraphicsProfiles 2019-02-12 12:32 - 2018-06-01 13:58 - 000000000 ____D C:\Users\dolly 2019-02-12 12:31 - 2018-06-01 14:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-11 10:33 - 2018-06-01 13:58 - 000002374 _____ C:\Users\dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-02-11 10:33 - 2016-03-30 01:28 - 000000000 ___RD C:\Users\dolly\OneDrive 2019-02-10 23:04 - 2018-07-10 11:39 - 000000000 ____D C:\ProgramData\Packages 2019-02-07 16:34 - 2016-09-05 14:33 - 000000000 ____D C:\Users\dolly\Desktop\Locum Files 2019-02-07 10:22 - 2016-07-04 00:10 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-07 00:19 - 2018-06-01 14:49 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-02-06 10:41 - 2015-12-12 06:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-02 13:31 - 2018-11-05 14:55 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-01 16:39 - 2018-08-26 22:20 - 000000000 ____D C:\Users\dolly\AppData\Local\CrashDumps 2019-01-29 11:39 - 2018-01-17 03:39 - 000000000 ____D C:\Users\dolly\AppData\Local\Packages 2019-01-29 10:00 - 2016-03-30 12:49 - 000000000 ____D C:\ProgramData\CanonIJPLM 2019-01-22 00:05 - 2016-07-04 11:10 - 000000000 ____D C:\PennyPerfect 2019-01-19 14:28 - 2016-07-02 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2019-01-19 14:25 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF 2019-01-19 09:18 - 2016-03-30 12:54 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-01-19 08:25 - 2018-01-14 20:42 - 000000000 ____D C:\Program Files\rempl 2019-01-14 17:10 - 2017-09-20 18:17 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2019-01-14 17:10 - 2017-09-20 18:17 - 000000000 ____D C:\Program Files\Intel ==================== Files in the root of some directories ======= 2016-03-30 01:25 - 2017-12-12 20:09 - 000639588 _____ () C:\Users\dolly\AppData\Local\BTServer.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-01 13:51 ==================== End of FRST.txt ============================ Addition.txt
  2. Hi comrades, My laptop is running real slow, occasionally shuts down like the power supply turned off, I tried running some virus/malware tools but a pop up came saying failed to update, or could not load! I used to try stream free sports on websites that probably infected my laptop. i'm a novice - please instruct what do i need to do to get help analyse my computer for virus, malware and processes slowing me down Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.