katiemoran1 Posted September 14, 2018 ID:1269561 Share Posted September 14, 2018 My desktop has been acting strange for a long time. I'm running Windows 8.1. I do not know much about computers at all. I do know that it's crazy slow and process manager shows I'm using 100% disc space and 83% of memory. There are users I don't recognize. I've run malwarebytes and malwarebytes chameleon many times and they both show a scan has never been done before. Sometimes my computer will show that I've never received any necessary updates, and then sometimes they will appear. I had two version of malwarebytes downloaded, so I ran the mb-clean and attached the results. It downloaded Malwarebytes automatically after I ran MB Clean and that was the first time any malware has ever been found after I've done a scan. Please help! Thanks so much mb-clean-results.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 15, 2018 ID:1269658 Share Posted September 15, 2018 Hello katiemoran1 and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted September 19, 2018 ID:1270272 Share Posted September 19, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
CubitoFastidia Posted September 19, 2018 ID:1270327 Share Posted September 19, 2018 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
katiemoran1 Posted September 20, 2018 Author ID:1270615 Share Posted September 20, 2018 Here are the Malwarebytes results. This might be a dumb question, but my computer knowledge is very limited. Does this scan different users? I did a scan looking for duplicate files, and I have many duplicates stored under users I've never heard of. Also, I used to have Avast, and I did a startup scan, and there were a lot of corrupt files, but it never cleaned them. I ran it multiple times and it kept finding the same ones. Last thing, I ran the microsoft malicious software removal many times, and it would find many problems, and then at the end it would show it found nothing. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/20/18 Scan Time: 10:59 AM Log File: 26adfc94-bcee-11e8-a699-8851fb605662.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.6931 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: HpPC\KM2359 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 326808 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 38 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I'm running Adware now. Link to post Share on other sites More sharing options...
katiemoran1 Posted September 20, 2018 Author ID:1270622 Share Posted September 20, 2018 Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-20-2018 # Duration: 00:00:16 # OS: Windows 8.1 # Scanned: 41929 # Detected: 2 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask PUP.Optional.Legacy AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1985 octets] - [09/05/2018 21:47:11] AdwCleaner[C00].txt - [1866 octets] - [09/05/2018 22:23:19] AdwCleaner[S01].txt - [1399 octets] - [01/08/2018 12:37:30] AdwCleaner[C01].txt - [1547 octets] - [01/08/2018 12:39:53] AdwCleaner[S02].txt - [1521 octets] - [18/08/2018 10:45:11] AdwCleaner[C02].txt - [1669 octets] - [18/08/2018 10:55:06] AdwCleaner[S03].txt - [1867 octets] - [11/09/2018 12:09:10] AdwCleaner[C03].txt - [1919 octets] - [11/09/2018 12:09:54] AdwCleaner[S04].txt - [1824 octets] - [11/09/2018 12:22:15] AdwCleaner[C04].txt - [1970 octets] - [11/09/2018 12:23:01] AdwCleaner[S05].txt - [1890 octets] - [19/09/2018 10:14:35] AdwCleaner[C05].txt - [2056 octets] - [19/09/2018 10:17:23] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ########## Link to post Share on other sites More sharing options...
kevinf80 Posted September 21, 2018 ID:1270742 Share Posted September 21, 2018 Can you also post the logs from FRST.. Link to post Share on other sites More sharing options...
katiemoran1 Posted September 21, 2018 Author ID:1270778 Share Posted September 21, 2018 I'm not sure what I'm doing wrong. I copied and pasted the FRST, and attached the addition.txt, but I keep getting this message when trying to send. We’re sorry but our system has detected wording in your post consistent with spam, It may be by accident, please try changing the wording and try to post again. What should I do? Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 21, 2018 ID:1270857 Share Posted September 21, 2018 Can you attach FRST.txt Link to post Share on other sites More sharing options...
katiemoran1 Posted September 21, 2018 Author ID:1270890 Share Posted September 21, 2018 FRST9-21.txt Link to post Share on other sites More sharing options...
katiemoran1 Posted September 21, 2018 Author ID:1270893 Share Posted September 21, 2018 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by KM2359 (21-09-2018 13:58:12) Running from C:\Users\User\Documents\Desktop Windows 8.1 (Update) (X64) (2018-02-08 17:31:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1263827494-3976211636-3239175356-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1263827494-3976211636-3239175356-501 - Limited - Enabled) KM2359 (S-1-5-21-1263827494-3976211636-3239175356-1001 - Administrator - Enabled) => C:\Users\User moran4 (S-1-5-21-1263827494-3976211636-3239175356-1007 - Limited - Enabled) => C:\Users\moran4 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.8.0 - ASUS) Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Duplicate Cleaner Free 4.1.0 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 4.1.0 - DigitalVolcano Software Ltd) <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP DeskJet 1110 series Basic Device Software (HKLM\...\{1FD07F90-C399-4FE8-B6B0-B7AABC2401FC}) (Version: 40.11.1124.17107 - HP Inc.) HP DeskJet 1110 series Help (HKLM-x32\...\{9477806C-4CDB-4878-8B9D-800933878781}) (Version: 35.0.0 - Hewlett Packard) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Minecraft (HKLM-x32\...\{BADCF8B4-E80D-4D8C-99C4-C7FE770D618D}) (Version: 1.0.4.0 - Mojang) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6122 - CyberLink Corp.) Hidden Roblox Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for KM2359 (HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) RogueKiller version 12.12.32.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.32.0 - Adlice Software) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.) TreeSize Free V4.2.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.2.2 - JAM Software) VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-05] (Cyberlink) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-05] (Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-21] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0378B968-D368-4493-B633-AEE1F6B5AECC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {0E121DD2-F804-47A3-8C36-6B1B3D335F41} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd) Task: {1F5BF7BC-7471-47B9-8281-191DC703D2F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2018-02-08] (Microsoft Corporation) Task: {3901D23F-0125-4540-A23F-A1FA8BE00693} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.) Task: {3D93AC36-5B8B-4076-A770-AFE3C9CCCE14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {41B2251F-5465-4794-A825-175C52B5DE76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {68E8043B-DCCA-46BE-9C0C-DA8C86AC9A9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2018-02-08] (Microsoft Corporation) Task: {73C8DD7C-C9A9-4DEC-95C8-3751B81C53B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2018-02-08] (Microsoft Corporation) Task: {808A2854-4E61-406E-8376-236CB993194A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-03-18] (Apple Inc.) Task: {872BE053-BBF1-42E7-BB8A-FCDD21009421} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink) Task: {8A32F0FA-F6AF-4905-B87E-5D2F2FECE9EF} - System32\Tasks\{F4CFAFB5-90A5-444A-BB7B-06B34462E7D4} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe" -c -uninstall Task: {9BB2C485-7883-40AA-BBA9-15EB1216FC9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd) Task: {BA8024FD-EBC8-474A-9B3C-152F074EC64B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION Task: {C75F15CC-DAEF-45BE-9029-E778AD6BE286} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-27] (Google Inc.) Task: {CB346D80-83E0-450F-8FDD-61DE43BAEAE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2018-02-08] (Microsoft Corporation) Task: {CE33D768-0B71-4CDA-8378-57305A3D5156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-27] (Google Inc.) Task: {E5EB5B8A-4398-474F-830E-2C7BCE23AC43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {F7A7ED45-D76B-449B-A34A-44703D1AEC85} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-19] (AVAST Software) Task: {FA41DBB1-DF92-47AD-992E-7C994CA04C17} - System32\Tasks\AdwCleaner_onReboot => C:\Users\User\Downloads\AdwCleaner (1).exe [2018-09-20] (Malwarebytes) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-10-21 12:52 - 2013-10-21 12:52 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2018-09-20 10:55 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-09-20 10:55 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-20 10:15 - 2018-09-15 03:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll 2018-09-20 10:15 - 2018-09-15 03:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll 2013-08-19 09:28 - 2012-06-07 22:34 - 000627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 000016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2018-01-05 00:14 - 2018-01-05 00:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2013-08-19 09:23 - 2012-07-18 03:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2018-09-02 12:11 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "BeatsOSDApp" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "iCloudDrive" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "AppleIEDAV" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9890EDCE-1B28-431A-A4E3-15E4A283AE7C}] => (Allow) LPort=1900 FirewallRules: [{6634FB5B-623E-4F11-B1A5-B19450BD427D}] => (Allow) LPort=2869 FirewallRules: [{7F1E2DDC-0634-4BCE-B474-52CBB01D550F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2165ACDA-4A89-4DF7-9142-F6D2BE12EC0F}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{5AB040A4-584E-457F-A18D-BE00C3304B1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{06C13A62-15CA-405D-AC8C-8731335377E4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{A0420603-EC00-4C6E-8C75-60576B16AE44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3C6B0B10-1011-424A-8AAC-4EFDDDF15D24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3E2B2EAF-13CB-43C7-BE20-D6754212B737}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DBCF97A6-6BE9-40F7-BB4B-B8D46630A9A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4DE60379-D519-4061-B710-3D1075CF6AF6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{C4D99EBE-749C-4FE8-BCBE-D35EE2E190EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DDED75B0-EA3B-41F8-88A6-65C29D7A9425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E0CF2A47-F8F6-4A0B-927D-359DF53EC321}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{62B37FB8-5321-408D-B827-CDFA56FC5C15}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D249AD07-05FC-4A60-A679-7FE865247332}] => (Allow) C:\Program Files\HP\HP DeskJet 1110 series\Bin\USBSetup.exe FirewallRules: [{80DB0DA6-C8A2-4389-9549-1555120B4C4C}] => (Allow) C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{A29C83EF-F02A-42B5-B3F1-349C877F7073}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{6D5DFA1E-29A8-4F0B-8CDA-76F912EE6537}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{E6A29B1B-0062-41E6-912A-ACA07FA2CA07}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{FD8F848B-EE80-4A2B-815A-9C78546A56B0}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{3E75A826-C413-4683-9186-DE1A7BFA21D7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{50CD2A8A-DFAD-4DEB-80AD-58327E49CBA6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe FirewallRules: [UDP Query User{9DF7E2CB-47AD-4C01-8146-6E8AF9781AE0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe FirewallRules: [{EF1A4FD0-E415-43BA-8A97-B0AB6C32889D}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe FirewallRules: [{F3FD54E0-BEAA-4C2F-AD5A-EB6FD998CAF7}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe FirewallRules: [{E734BA71-ECF8-4B4D-BF82-36DAFFABF7D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5F1E9E4F-E834-44F4-B672-483F6DF1063C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{24D19035-D7BF-4F49-8674-53A6550D34EA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe ==================== Restore Points ========================= 14-09-2018 09:02:43 Removed Product Improvement Study for HP DeskJet 1110 series 20-09-2018 12:04:30 Puran Utilities Restore Point ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/20/2018 12:16:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner (1).exe, version: 7.2.2.0, time stamp: 0x5b87dadc Faulting module name: KERNELBASE.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000142 Fault offset: 0x0009d4e2 Faulting process id: 0x5cc Faulting application start time: 0x01d451058589c8a8 Faulting application path: C:\Users\User\Downloads\AdwCleaner (1).exe Faulting module path: KERNELBASE.dll Report Id: ecb9425c-bcf8-11e8-bea9-8851fb605662 Faulting package full name: Faulting package-relative application ID: Error: (09/20/2018 12:04:29 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c6118ac9-ee90-45c0-9993-b077dc407837} Error: (09/19/2018 11:08:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SystemPropertiesComputerName.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1644 Start Time: 01d45031c8290791 Termination Time: 6 Application Path: C:\Windows\System32\SystemPropertiesComputerName.exe Report Id: 3c9cbe8f-bc26-11e8-bea6-8851fb605662 Faulting package full name: Faulting package-relative application ID: Error: (09/16/2018 08:27:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Error: (09/16/2018 08:27:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1078 Error: (09/16/2018 08:27:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/15/2018 11:12:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1203 Error: (09/15/2018 11:12:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1203 System errors: ============= Error: (09/21/2018 11:12:34 AM) (Source: Microsoft-Windows-Diagnostics-Networking) (EventID: 5300) (User: NT AUTHORITY) Description: An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487] Error: (09/21/2018 09:52:47 AM) (Source: LPDSVC) (EventID: 4009) (User: ) Description: The Line Printer Daemon (LPD) service refused a print job from 192.168.1.1 for printer \\192.168.1.220\RT-AC68U because the specified printer does not exist on this computer. Retry printing from the client using the correct printer name. Error: (09/21/2018 09:38:33 AM) (Source: LPDSVC) (EventID: 4009) (User: ) Description: The Line Printer Daemon (LPD) service refused a print job from 192.168.1.1 for printer \\192.168.1.220\RT-AC68U because the specified printer does not exist on this computer. Retry printing from the client using the correct printer name. Error: (09/21/2018 09:22:18 AM) (Source: LPDSVC) (EventID: 4009) (User: ) Description: The Line Printer Daemon (LPD) service refused a print job from 192.168.1.1 for printer \\192.168.1.220\RT-AC68U because the specified printer does not exist on this computer. Retry printing from the client using the correct printer name. Error: (09/21/2018 05:52:45 AM) (Source: DCOM) (EventID: 10010) (User: HpPC) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (09/21/2018 05:52:14 AM) (Source: DCOM) (EventID: 10010) (User: HpPC) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (09/20/2018 12:11:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/20/2018 12:11:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. Windows Defender: =================================== Date: 2018-09-15 09:18:14.177 Description: Windows Defender scan has been stopped before completion. Scan ID: {C39B6D70-B643-4588-9A15-9FBC2A42AAE7} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-09-14 10:50:44.815 Description: Windows Defender scan has been stopped before completion. Scan ID: {BC99697A-7BBC-4C35-B1D6-7D0D9B1C1717} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-09-14 10:42:32.196 Description: Windows Defender scan has been stopped before completion. Scan ID: {4129B0DC-7734-4812-9827-21495B0B62EC} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-02 22:25:12.071 Description: Windows Defender scan has been stopped before completion. Scan ID: {B298413F-8EA5-46F8-9C6D-151C4D08AE37} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-01 10:59:27.646 Description: Windows Defender scan has been stopped before completion. Scan ID: {EF89911A-5153-49FD-8765-7DF1C0B4248D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-14 10:08:42.465 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.1209.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80070670 Error description: No valid sequence could be found for the set of updates. Date: 2018-09-14 10:08:42.465 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.1209.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80070670 Error description: No valid sequence could be found for the set of updates. Date: 2018-09-14 10:02:33.899 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.273.1682.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15100.1 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2018-09-14 10:02:33.899 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.273.1682.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15100.1 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2018-09-14 09:57:44.984 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. CodeIntegrity: =================================== Date: 2018-09-21 13:39:02.639 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-21 13:39:02.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 13:28:23.034 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 13:28:22.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 13:28:21.931 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 13:28:21.620 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 10:30:03.646 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-09-20 10:30:03.419 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 62% Total physical RAM: 3980.82 MB Available physical RAM: 1493.44 MB Total Virtual: 4636.82 MB Available Virtual: 2715.6 MB ==================== Drives ================================ Drive ? (OS) (Fixed) (Total:919.01 GB) (Free:228.09 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:10.59 GB) (Free:1.29 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Removable) (Total:28.82 GB) (Free:28.03 GB) FAT32 \\?\Volume{bd12cb7e-7831-4785-bd75-982461c7eb01}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS \\?\Volume{08ac6ade-2c77-4c4b-998b-fc2517448544}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0EEA209D) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 28.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted September 21, 2018 ID:1270911 Share Posted September 21, 2018 (edited) Thanks for those logs, continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop. Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how Right click on and select "Run as Administrator" In the new Window accept the terms of service In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings" In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan" In the new Window new virus database signatures will download, Do Not Select Stop The Window will progress showing the scan in action.... In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply... If threats are found the following Window will open: Click on "Select All" then "Save to Text file" name and save that file, attach to your reply. Now select "Do not clean" and then close out.... Let me see those logs... Thank you, Kevin.. fixlist.txt Edited September 21, 2018 by kevinf80 missing file Link to post Share on other sites More sharing options...
katiemoran1 Posted September 21, 2018 Author ID:1270919 Share Posted September 21, 2018 I think I'm doing something wrong because FRST isn't working. I verified that they are all saved on the desktop, but I'm still getting the message that they must be saved in the same directory. Link to post Share on other sites More sharing options...
katiemoran1 Posted September 22, 2018 Author ID:1270931 Share Posted September 22, 2018 I figured it out. Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by KM2359 (21-09-2018 19:44:09) Run:1 Running from C:\Users\User\Documents\Desktop Loaded Profiles: KM2359 (Available Profiles: KM2359 & moran4 & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start: CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\...\Run: [3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.) Toolbar: HKU\S-1-5-21-1263827494-3976211636-3239175356-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X] Task: {BA8024FD-EBC8-474A-9B3C-152F074EC64B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION FirewallRules: [{9890EDCE-1B28-431A-A4E3-15E4A283AE7C}] => (Allow) LPort=1900 FirewallRules: [{6634FB5B-623E-4F11-B1A5-B19450BD427D}] => (Allow) LPort=2869 EmptyTemp: Hosts: CMD: ipconfig /flushDNS end: ***************** Start: => Error: No automatic fix found for this entry. Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run" => removed successfully "HKU\S-1-5-21-1263827494-3976211636-3239175356-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found "HKLM\System\CurrentControlSet\Services\EsgScanner" => removed successfully EsgScanner => service removed successfully "HKLM\System\CurrentControlSet\Services\SWDUMon" => removed successfully SWDUMon => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA8024FD-EBC8-474A-9B3C-152F074EC64B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA8024FD-EBC8-474A-9B3C-152F074EC64B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9890EDCE-1B28-431A-A4E3-15E4A283AE7C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6634FB5B-623E-4F11-B1A5-B19450BD427D}" => removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= end: => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13818520 B Java, Flash, Steam htmlcache => 1102 B Windows/system/drivers => 139730 B Edge => 0 B Chrome => 18523598 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 660 B User => 55638640 B moran4 => 0 B Administrator => 6242 B RecycleBin => 2000 B EmptyTemp: => 92 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:46:22 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2018 ID:1270968 Share Posted September 22, 2018 Have you ran ESET...? Link to post Share on other sites More sharing options...
katiemoran1 Posted September 22, 2018 Author ID:1270993 Share Posted September 22, 2018 It’s been running for 12 hours and isn’t finished yet. My computer keeps going to sleep. It’s found 16 infected files so far. Link to post Share on other sites More sharing options...
katiemoran1 Posted September 22, 2018 Author ID:1270999 Share Posted September 22, 2018 esetresults.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2018 ID:1271009 Share Posted September 22, 2018 ESET log entries are not malicious per se, you can delete them all if you want... Is your system still having problems...? Link to post Share on other sites More sharing options...
katiemoran1 Posted September 23, 2018 Author ID:1271059 Share Posted September 23, 2018 I followed your instructions and closed out of eset without repairing. What should I do now? I'm still not able to update my router software. It shows my connection is not private. Also, I'm using almost 99% of disc space. It's running much slower than usual. I still am using almost all of my hard drive, and I was using only 25% off it prior to all of these computer problems. Thanks for helping me with all this. I really appreciate it. Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2018 ID:1271072 Share Posted September 23, 2018 Hello katiemoran1, Continue with the following: Reset your router, instructons available at the following link:http://setuprouter.com/networking/how-to-reset-your-router/ Follow those instructions very carefully. Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run. From the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" When done re-boot your system.... Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Download RogueKiller and save it on your desktop, ensure to download correct version..RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the Remove Selected option until i`ve had a look at the log.. Let me see those logs in your reply.. Thank you, Kevin... Link to post Share on other sites More sharing options...
katiemoran1 Posted September 23, 2018 Author ID:1271106 Share Posted September 23, 2018 I followed your instructions to reset our Asus router. I entered new network names and keys, and then a sign in popped up for router username and password. I used the ones located on the back of the router, and I'm still getting the message that my connection to the site is not private and 401 unauthorized. I wasn't sure if I should go ahead and download DNS jumper or not. Also, under systems and security, it is showing this: (I had this problem awhile ago with not getting updates, then I was able to fix it with troubleshooter. I ran the troubleshooter again last night, but it locked up). You are set to install updates automatically 3 optional updates available updates installed: never Most recent check for updates: Today at 7:18 am Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2018 ID:1271131 Share Posted September 23, 2018 Yes please use DNS jumper... then continue with the requested scans... Regarding changing your network from Public to Private, have a read at the following link: https://www.online-tech-tips.com/windows-10/change-from-public-to-private-network-in-windows-7-8-10/ Link to post Share on other sites More sharing options...
katiemoran1 Posted September 24, 2018 Author ID:1271163 Share Posted September 24, 2018 I used the DNS jumper and restarted RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : KM2359 [Administrator] Started from : C:\Users\User\Documents\Desktop\RogueKiller_portable64 (1).exe Mode : Scan -- Date : 09/23/2018 19:52:01 (Duration : 00:49:13) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 1 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl968a36a9 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCC6C1DE-128A-4576-B211-FE5266AA1816}\MpKsl968a36a9.sys) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] 7dbf54b57562be83399096e767f91fc9 [BSP] 1853785026df78fd03e1bf1f8789ef53 : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1023 MB 1 - [MAN-MOUNT] | Offset (sectors): 2097152 | Size: 360 MB 2 - [MAN-MOUNT] | Offset (sectors): 2834432 | Size: 128 MB 3 - | Offset (sectors): 3096576 | Size: 941062 MB 4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1930391552 | Size: 450 MB 5 - [SYSTEM] | Offset (sectors): 1931313152 | Size: 10840 MB User = LL1 ... OK User = LL2 ... OK Here are the results from Adware from earlier today when it ran on startup. I haven't cleaned anything these programs find. Also, every time I restart my computer the antivirus software turns off. I wasn't able to turn malwarebytes back on. # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-23-2018 # Duration: 00:00:10 # OS: Windows 8.1 # Scanned: 41930 # Detected: 2 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask PUP.Optional.Legacy AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1985 octets] - [09/05/2018 21:47:11] AdwCleaner[C00].txt - [1866 octets] - [09/05/2018 22:23:19] AdwCleaner[S01].txt - [1399 octets] - [01/08/2018 12:37:30] AdwCleaner[C01].txt - [1547 octets] - [01/08/2018 12:39:53] AdwCleaner[S02].txt - [1521 octets] - [18/08/2018 10:45:11] AdwCleaner[C02].txt - [1669 octets] - [18/08/2018 10:55:06] AdwCleaner[S03].txt - [1867 octets] - [11/09/2018 12:09:10] AdwCleaner[C03].txt - [1919 octets] - [11/09/2018 12:09:54] AdwCleaner[S04].txt - [1824 octets] - [11/09/2018 12:22:15] AdwCleaner[C04].txt - [1970 octets] - [11/09/2018 12:23:01] AdwCleaner[S05].txt - [1890 octets] - [19/09/2018 10:14:35] AdwCleaner[C05].txt - [2056 octets] - [19/09/2018 10:17:23] AdwCleaner[S06].txt - [2005 octets] - [20/09/2018 11:56:27] AdwCleaner[C06].txt - [2153 octets] - [20/09/2018 12:10:05] zemana.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 24, 2018 ID:1271192 Share Posted September 24, 2018 The two entries showing in AdwCleaner log should be removed. The found entry in the log from RogueKiller is harmless and can be ignored... Next, Which anti-virus program turns off.. Malwarebytes or Windows Defender...? If you refer to Malwarebytes, when did you install it. You only have the trial version, that reverts to free version after 14 days with no "realtime" protection.. Did you get your network changed to "Private" Do you have any remaining issues or concerns..? Thanks, Kevin Link to post Share on other sites More sharing options...
katiemoran1 Posted September 24, 2018 Author ID:1271237 Share Posted September 24, 2018 Yes, I got it changed to private. I was using Malwarebytes free trial and I signed up for it when you started to help me. I was able to turn on defender and it has stayed on, so hopefully that’s enough. I started getting the Microsoft updates again Everything is much better. The only thing I’ve noticed is that it’s consistently using 100% of the disk. Is that a problem? Do you have any program suggestions to help me clean up the computer? Thanks for all of your help I’ll be sure to donate Link to post Share on other sites More sharing options...
Recommended Posts