[RESOLVED] Zeus Virus Alert - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30

Thread: [RESOLVED] Zeus Virus Alert

  1. #16
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    FRST log part 5


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-12-04 11:20

    ==================== End of FRST.txt ============================

  2. #17
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Addition log part 1


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017
    Ran by Dave (09-12-2017 13:48:40)
    Running from C:\Users\Dave\Desktop
    Windows 10 Pro Version 1709 16299.64 (X64) (2017-11-14 03:17:47)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3039573215-2171798340-3334401019-500 - Administrator - Disabled)
    Dave (S-1-5-21-3039573215-2171798340-3334401019-1001 - Administrator - Enabled) => C:\Users\Dave
    DefaultAccount (S-1-5-21-3039573215-2171798340-3334401019-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-3039573215-2171798340-3334401019-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-3039573215-2171798340-3334401019-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3039573215-2171798340-3334401019-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
    Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
    BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Canon L190/L410 Series (HKLM\...\{17A79A83-B95B-4ecf-99CE-BE1C0139D3A4}) (Version: 4.1.0.1 - CANON INC.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
    Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
    Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
    Dell SupportAssist Remediation (HKLM\...\{0E90A990-44A8-4C9C-9CA3-C68CA577419B}) (Version: 2.0.2.1835 - Dell Inc.) Hidden
    Dell SupportAssist Remediation (HKLM-x32\...\{cc46e7bd-06f4-45e0-8b67-3ccaca1e4755}) (Version: 2.0.2.1835 - Dell Inc.)
    Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
    Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
    Destinations (HKLM-x32\...\{D0DFDFA8-1C04-407B-9CB2-A25AB20DD54D}) (Version: 140.0.0.0 - Hewlett-Packard) Hidden
    Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
    DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
    Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
    f.lux (HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Flux) (Version: - f.lux Software LLC)
    FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
    H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
    HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
    HP Scanjet G4010 (HKLM\...\{7723DE29-7966-4C5E-B909-A469CAF94DE4}) (Version: 14.5 - HP)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    hpg4010 (HKLM-x32\...\{198AC578-D06A-4426-8768-68ABA3713C8E}) (Version: 140.000.000.000 - Hewlett-Packard) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation)
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Killer Bandwidth Control Filter Driver (HKLM\...\{A35733B2-A7FD-4FA9-BCB7-3DC27DC9D23D}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    Killer Network Manager (HKLM\...\{45076194-FF5E-4ACF-B499-39CA7A7EDCD8}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    Killer Wireless Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.64.1312 - Rivet Networks)
    Killer Wireless-AC Drivers (HKLM\...\{B9888CC1-5613-4DFD-A413-1AC193D7FEB8}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    LibreOffice 5.3.0.3 (HKLM-x32\...\{BB258465-D7F3-474E-8754-3436A75956D8}) (Version: 5.3.0.3 - The Document Foundation)
    Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.5 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
    OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
    P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd)
    PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.4353 - Kakao Corp.)
    PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax)
    Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
    QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
    Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.16.321.2017 - Realtek)
    Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
    RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Scan (HKLM-x32\...\{A9CC8D58-397F-4241-86C7-5463274E9B08}) (Version: 14.0.1.0 - Hewlett-Packard) Hidden
    Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
    Thunderbolt(TM) Software (HKLM-x32\...\{10877131-EC3F-4F2F-97CD-2B8341D461D7}) (Version: 16.2.55.275 - Intel Corporation)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)

  3. #18
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Addition log part 2


    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxDTCM.dll [2017-05-31] (Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {11ECC96D-AAA0-45B0-8048-17F2214CD328} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-13] (Adobe Systems Incorporated)
    Task: {19E68DC4-D7D7-43E8-83BF-21638E2B78C2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
    Task: {1FC74C1D-780E-421B-986D-B2D0153EE94B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
    Task: {224EBE27-E06F-43B2-BEFB-5F3B606A8FEB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {32FFFE10-1362-4D3F-B3FA-B845DB183FCC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {3971CEF9-AF00-4718-832B-F2C4B3FFF607} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {3A28C865-C729-4C3A-8302-4F8512CAEF0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
    Task: {493CBE5A-F479-4078-B908-6B812027EDF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
    Task: {4C4DA8C4-D326-4E91-A335-376C5035FFDB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-14] (AVAST Software)
    Task: {5562B38C-C7F4-485F-A4AA-B375D621D00F} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2017-08-10] (Tracker Software Products (Canada) Ltd.)
    Task: {62205446-4BA8-4681-A983-B14F2875CE79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
    Task: {630B19F8-1E7D-456C-91C6-58A8953C424A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
    Task: {6312A992-D502-4EA6-A22C-5317A3B0453D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {63561092-AFF4-43FD-A957-91899D263798} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {77A13AA0-E80A-4169-B2E9-A456E8BCBFFF} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-10-05] (McAfee, Inc.)
    Task: {796BBF41-E9DE-4323-981E-656602D52BA8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
    Task: {7F7AF50C-C544-40E9-94C5-A943A6B2BDF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
    Task: {8A243D42-7AE0-4DA1-B1E2-DFA486C01320} - System32\Tasks\SafeZone scheduled Autoupdate 1487834999 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {8E9DB208-4CD0-4CB2-9F1A-7842B54C1DDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-31] ()
    Task: {8EFF5429-15AB-44F6-BD98-2BF877EE6947} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
    Task: {9D37D0DA-DFE9-4AE7-937B-10C4A141DDAA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A374742D-EC83-4A14-BA99-53798A288202} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
    Task: {A4C9480F-6BD0-4957-A52B-0086ECCD92F7} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {A537F8FA-1E88-4AE8-87BB-29B873688818} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
    Task: {BB5E4F03-F92F-4E3E-B81F-3E716797BB5A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {C06A874E-115C-4888-83A9-330CE74917AE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {C4C62BFB-326D-4033-AA9A-BF681A6F5B76} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {C6ED068D-E970-43D0-92FB-1AA1D77F454B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-31] ()
    Task: {C74C2309-6C8F-4CF0-AC1E-BCD5B7F64D0B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-07] (AVAST Software)
    Task: {D3934809-4007-4EFD-AF84-092B780BB178} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-23] (Realtek Semiconductor)
    Task: {D814D8D3-646D-4ED9-99B3-329137840086} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
    Task: {DC2CB4FB-BB27-42EF-9BBE-A6B3949A1C0E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {DC65CBAD-6284-4BCD-8028-775FB202D710} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
    Task: {E239EE8A-CCEF-4925-9CBC-A1117EF9A3DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {F021D4E8-EFA6-4C82-9190-D94AAF52E347} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
    Task: {F9CEB8AC-5733-4FEC-8F99-D79D22B0723A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
    Task: {FD443151-DD26-46E7-9994-64C4DE17271B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-15 05:15 - 2017-11-02 15:00 - 001173968 _____ () C:\Program Files\McAfee\MSC\CSPEnrollmentHandler.dll
    2017-11-15 05:15 - 2017-11-02 15:00 - 001191040 _____ () C:\Program Files\McAfee\MSC\CultureChangeHandler.dll
    2017-11-15 05:15 - 2017-11-02 15:00 - 002277760 _____ () C:\Program Files\McAfee\MSC\CultureLookUpHandler.dll
    2017-07-11 13:05 - 2017-11-15 09:44 - 000587256 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
    2017-07-11 13:05 - 2017-11-15 09:44 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
    2017-12-08 00:43 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-09-29 08:42 - 2017-09-29 09:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-09-29 08:42 - 2017-09-29 09:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-06 06:09 - 2017-12-06 06:09 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2017-11-13 22:52 - 2017-11-13 22:53 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2017-11-01 18:09 - 2017-11-01 18:10 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2017-11-13 22:52 - 2017-11-13 22:53 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
    2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
    2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
    2016-08-30 03:19 - 2016-08-30 03:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
    2017-07-03 12:26 - 2017-07-03 12:26 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

  4. #19
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Addition log part 3


    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\Control Panel\Desktop\\Wallpaper -> C:\A Copied Files From WD My Book External Drive\Desktop Pics\Nice house at night with palm trees and blue sky (pro football player house).jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "RtHDVBg_WAVES_SKYLAKE"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "f.lux"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D6A527BA-2DCE-4E1D-A2EB-67319E66E27B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B063EAF2-D785-4213-A91F-1D07896539E8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{E813BEBC-AE0A-4DB4-A1D4-E053404EF8D3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [{104EFE3C-7197-4C03-A8E6-16FBCECF8020}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
    FirewallRules: [{99C6FFB0-5BC0-4DB7-86C2-42860C2ADE6A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{C5B98B18-511F-449F-8E9A-DB7278E57715}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{18359C96-DFE0-4070-B4FB-0546DC14835E}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{3BED4902-6719-4505-B1E3-AD7FEEDE11BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D1ACD028-6508-4860-BF3E-257E94402C45}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{E048585C-92DC-4DD6-94CB-6E0CABF77639}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{019D1D77-DA2B-41E8-92C6-0CCC58AD2D60}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{55BC13B1-5DC7-48E2-922A-37D4E4E9CECE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6A49D0F4-FD52-436E-8D99-A3832F740EEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{510EC67F-9789-4B39-AE03-81520775360D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{1621782E-8426-4396-A787-702A0DB62ECD}] => (Allow) LPort=15600
    FirewallRules: [{3A1480DB-BBFA-4A72-9186-CE05C4C48506}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    01-12-2017 10:09:14 Scheduled Checkpoint
    07-12-2017 05:23:16 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/09/2017 01:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000005
    Fault offset: 0x0007d990
    Faulting process id: 0x58c
    Faulting application start time: 0x01d3711948e6680c
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: 393d351b-65d5-43f3-89fd-812ebbb2e41f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00001a5
    Fault offset: 0x9f54fb79
    Faulting process id: 0x58c
    Faulting application start time: 0x01d3711948e6680c
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: unknown
    Report Id: 501d86b7-b596-43f5-9e8d-7bf60a2e525e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:13:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000409
    Fault offset: 0x0007d990
    Faulting process id: 0x58c
    Faulting application start time: 0x01d3711948e6680c
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: a86f6584-78da-428f-9933-0556c6ab0324
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000005
    Fault offset: 0x0007d990
    Faulting process id: 0x1384
    Faulting application start time: 0x01d371190853e1d5
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: 0b8dab7d-2873-4df5-88c3-653d5b4de173
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:11:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00001a5
    Fault offset: 0xad4e1460
    Faulting process id: 0x1384
    Faulting application start time: 0x01d371190853e1d5
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: unknown
    Report Id: ac69afc6-d454-47f2-b618-bad4cb15b1a5
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:11:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000409
    Fault offset: 0x0007d990
    Faulting process id: 0x1384
    Faulting application start time: 0x01d371190853e1d5
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: fe0bbc08-c34e-4c23-9f81-098046d63e9f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:09:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000005
    Fault offset: 0x0007d990
    Faulting process id: 0x17ac
    Faulting application start time: 0x01d371189de4f18b
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: c88d6081-5860-4322-98dc-e80b2da3b02c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:08:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00001a5
    Fault offset: 0xe5b56fd3
    Faulting process id: 0x17ac
    Faulting application start time: 0x01d371189de4f18b
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: unknown
    Report Id: 349877f8-2cc0-4c90-978a-391f4ff894a9
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/09/2017 01:08:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Faulting module name: AdwCleaner.exe, version: 7.0.5.0, time stamp: 0x5a204f90
    Exception code: 0xc0000409
    Fault offset: 0x0007d990
    Faulting process id: 0x17ac
    Faulting application start time: 0x01d371189de4f18b
    Faulting application path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Faulting module path: C:\Users\Dave\Desktop\AdwCleaner.exe
    Report Id: edf5d272-b2bf-428f-9b45-a6afeffb331b
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/08/2017 01:53:50 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [16] ERROR- Will skip not supported update! DLL:2.0.2.1835, Manifest:3.1.1.3832 #StackInfo#


    System errors:
    =============
    Error: (12/09/2017 01:46:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3MAKK5S)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-3MAKK5S\Dave SID (S-1-5-21-3039573215-2171798340-3334401019-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 01:14:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3MAKK5S)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-3MAKK5S\Dave SID (S-1-5-21-3039573215-2171798340-3334401019-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 01:05:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3MAKK5S)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-3MAKK5S\Dave SID (S-1-5-21-3039573215-2171798340-3334401019-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 01:03:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/09/2017 12:37:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 11:08:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 10:56:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 10:53:58 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3MAKK5S)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-3MAKK5S\Dave SID (S-1-5-21-3039573215-2171798340-3334401019-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 10:53:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/09/2017 10:53:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 37%
    Total physical RAM: 8079.94 MB
    Available physical RAM: 5010.5 MB
    Total Virtual: 11791.94 MB
    Available Virtual: 8388.47 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:226.93 GB) (Free:151.98 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 2DA2EF21)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,253
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  6. #21
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Broni, below is a copy of the fixlog file


    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017
    Ran by Dave (09-12-2017 20:36:11) Run:1
    Running from C:\Users\Dave\Desktop
    Loaded Profiles: Dave (Available Profiles: defaultuser0 & Dave)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001 -> DefaultScope {AA46FD43-3E7C-46E4-BE54-10D29E1670CF} URL =
    SearchScopes: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001 -> {AA46FD43-3E7C-46E4-BE54-10D29E1670CF} URL =
    S2 0180571511421072mcinstcleanup; C:\WINDOWS\TEMP\018057~1.EXE -cleanup -nolog [X]
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {BB5E4F03-F92F-4E3E-B81F-3E716797BB5A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA46FD43-3E7C-46E4-BE54-10D29E1670CF}" => removed successfully
    HKLM\Software\Classes\CLSID\{AA46FD43-3E7C-46E4-BE54-10D29E1670CF} => key not found
    "HKLM\System\CurrentControlSet\Services\0180571511421072mcinstcleanup" => removed successfully
    0180571511421072mcinstcleanup => service removed successfully
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB5E4F03-F92F-4E3E-B81F-3E716797BB5A}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5E4F03-F92F-4E3E-B81F-3E716797BB5A}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found

    ==== End of Fixlog 20:36:15 ====

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,253
    Last scans....

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  8. #23
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Checkup log below

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avast Antivirus
    Windows Defender
    McAfee VirusScan
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 27.0.0.183
    Google Chrome (62.0.3202.94)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    Windows Defender MSASCuiL.exe
    Intel iCLS Client AvastSvc.exe -?-
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

  9. #24
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    FSS log

    Farbar Service Scanner Version: 27-01-2016
    Ran by Dave (administrator) on 10-12-2017 at 22:25:04
    Running from "C:\Users\Dave\Desktop"
    Microsoft Windows 10 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

  10. #25
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Broni, I ran Sophos tool. I did not have any threats and it said that my computer is clean.

  11. #26
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,253
    Your computer is clean

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:

    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings


    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    10. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

    11. Please, let me know, how your computer is doing.

  12. #27
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Broni, first I want to thank you for the time you took to help address and fix my issue. I really appreciate it fully. Everything seems to be great. I just have a few questions.

    First, I just want to confirm that my computer didn't have any trojans, rootkits or bootkits from any of the log files that I submitted, correct?

    Second, is Junkware removal tool (JRT) that you are referring the program from the link below or is this removal tool already in Malwarebytes program? I accidentally re-installed Sophos virus removal tool by accident on my computer, cause I tried to run it and it gave me an error 1606 message stating "could not access network location data." Can I just uninstalled Sophos virus removal tool using Revo uninstaller like I would any other program on my computer?

    https://www.bleepingcomputer.com/dow...-removal-tool/


    Also, the link you provided to check for plugin updates for firefox just takes you to the download page to download firefox browser. I don't see on that page where to check for plugin updates, unless I a missing something.

  13. #28
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,253
    There were no trojans, rootkits or bootkits.
    JRT is no more.
    As for Sophos regular Windows uninstaller should be sufficient. If you prefer Revo that's fine with me.
    Good luck and stay safe

  14. #29
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,457
    Broni, ok. Thanks again.

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,253
    You're very welcome

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •