November 16th, 2019, 01:03 AM
#16
FRST log 2
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com"
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://udn.com; hxxps://www.chinatimes.com; hxxps://www.worldjournal.com
CHR Profile: C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default [2019-11-15]
CHR DownloadDir: C:\Users\Thinkpad\Desktop
CHR Extension: (Slides) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-18]
CHR Extension: (Floorplanner) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2018-11-18]
CHR Extension: (Sudoku) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2018-11-18]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2018-11-18]
CHR Extension: (Docs) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-18]
CHR Extension: (Google Drive) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-18]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-09-03]
CHR Extension: (Windows Defender Browser Protection) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2019-07-07]
CHR Extension: (YouTube) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-01]
CHR Extension: (Sheets) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-18]
CHR Extension: (Online Security Pro) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjgpapimgnmibnacmeilgjefnoofefp [2019-09-03]
CHR Extension: (iCloud Bookmarks) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-11-18]
CHR Extension: (HTTPS Everywhere) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-24]
CHR Extension: (Click&Clean) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2019-11-11]
CHR Extension: (360 Internet Protection) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-11-18]
CHR Extension: (Pinterest Save Button) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-11-08]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-11-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-11-13]
CHR Extension: (Dropbox) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-11-18]
CHR Extension: (Grammarly for Chrome) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-11]
CHR Extension: (Web Whiteboard) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmonflnoepbijmbbfipoifgkbibofgd [2018-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2018-11-18]
CHR Extension: (Tv Online) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2018-11-18]
CHR Extension: (Click&Clean App) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-11-08]
CHR Extension: (Gmail) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
CHR Extension: (Cool Metronome) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmfiinlikaadclgdojekfaoglellgm [2018-11-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1233272 2019-05-14] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16926864 2019-08-07] (Autodesk, Inc. -> Autodesk)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\77.1.1834.93\elevation_service.exe [984880 2019-09-25] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81392 2019-08-01] (INTERNET PROJECT LLC -> Freemake)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo -> Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-11-13] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: CmSvc -> no filepath.
NETSVCx32: HpSvc -> no filepath.
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-15 17:06 - 2019-11-15 17:07 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2019-11-15 17:06 - 2019-11-15 17:07 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2019-11-13 21:37 - 2019-11-13 21:37 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-11-13 21:37 - 2019-11-13 21:37 - 000248480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-11-13 21:33 - 2019-11-13 21:35 - 000000000 ____D C:\AdwCleaner
2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\mbamtray
2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\mbam
2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-13 21:00 - 2019-11-13 21:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-11-13 21:00 - 2019-11-13 21:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-11-13 21:00 - 2019-11-13 21:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-13 21:00 - 2019-11-13 21:00 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-13 20:58 - 2019-11-15 20:57 - 000000000 ____D C:\Users\Thinkpad\Desktop\Virtualdr scans 11-13-2019
2019-11-13 20:41 - 2019-11-13 20:41 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-11-13 20:40 - 2019-11-13 20:40 - 000003162 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\ProgramData\RogueKiller
2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\Program Files\RogueKiller
2019-11-12 19:42 - 2019-11-15 20:58 - 000000000 ____D C:\FRST
2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Users\Thinkpad\Documents\Apowersoft
2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Apowersoft
2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2019-11-12 19:34 - 2018-12-07 11:36 - 000370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 000282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 000107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 000098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 000053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2019-11-11 14:53 - 2019-11-11 14:53 - 000126784 _____ C:\Users\Thinkpad\AppData\Local\GDIPFONTCACHEV1.DAT
2019-11-11 14:39 - 2019-11-11 14:39 - 012627458 _____ C:\Users\Thinkpad\Desktop\ASCE - Future World Vision Report.pdf
2019-11-11 14:39 - 2019-11-11 14:39 - 008278202 _____ C:\Users\Thinkpad\Desktop\ASCE - CA Roadway Score.pdf
2019-11-10 11:09 - 2019-11-10 11:09 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000001391 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000001391 _____ C:\ProgramData\Desktop\NCH Suite.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000001245 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000001245 _____ C:\ProgramData\Desktop\Express Zip File Compression.lnk
2019-11-10 11:09 - 2019-11-10 11:09 - 000000000 ____D C:\Users\Thinkpad\NCH Software Suite
2019-11-10 11:09 - 2019-11-10 11:09 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\NCH Software
2019-11-10 11:07 - 2019-11-10 11:08 - 011121916 _____ C:\Users\Thinkpad\Desktop\121282v6131209_vegetationblocksoftreesandplants.zip
2019-11-10 08:46 - 2019-11-10 08:46 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Sosometago
2019-11-10 08:45 - 2019-11-10 08:46 - 000000000 ____D C:\ProgramData\{3BEF07D3-13C7-7FAB-4B9F-5783A3778F5B}
2019-11-10 07:47 - 2019-11-10 07:48 - 000000000 ____D C:\Users\Thinkpad\Desktop\Autocad 2020
2019-11-09 17:35 - 2019-11-09 17:35 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\cache
2019-11-09 17:34 - 2019-11-09 17:35 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\AdSSO
2019-11-09 17:29 - 2019-11-09 17:29 - 000000000 ____D C:\Users\Thinkpad\Autodesk
2019-11-09 17:27 - 2019-11-09 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English
2019-11-09 17:26 - 2019-11-09 17:26 - 000000000 ____D C:\Users\Thinkpad\Documents\Inventor Server for AutoCAD
2019-11-09 17:11 - 2019-11-09 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Licensing
2019-11-09 17:04 - 2019-11-09 17:04 - 000000000 ____D C:\Users\Thinkpad\Downloads\{284712BE-7D15-674C-51A3-B81AA2718CA8}
2019-11-09 16:49 - 2019-11-09 16:49 - 000000000 ____D C:\ProgramData\Applications
2019-11-05 21:17 - 2019-11-05 21:26 - 000000000 ____D C:\Users\Thinkpad\Desktop\5114 Raphael St
2019-10-27 19:55 - 2019-10-27 19:55 - 000275642 _____ C:\Users\Thinkpad\Desktop\BOE report.approved_products_report.pdf
2019-10-26 18:49 - 2019-10-26 18:49 - 000209913 _____ C:\Users\Thinkpad\Documents\Scan_0003.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-15 20:47 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-15 19:44 - 2019-08-11 20:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-15 18:01 - 2018-11-24 11:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-15 17:58 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-15 17:58 - 2018-11-24 11:19 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-11-15 17:06 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-15 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-15 16:49 - 2019-08-09 21:31 - 000000000 ___RD C:\Users\Thinkpad\iCloudDrive
2019-11-15 16:43 - 2018-11-18 12:20 - 000000000 __SHD C:\Users\Thinkpad\IntelGraphicsProfiles
2019-11-13 21:42 - 2019-08-11 21:09 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-13 21:42 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2019-11-13 21:36 - 2019-08-11 21:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-13 21:35 - 2019-07-14 13:46 - 000000000 ____D C:\ProgramData\WinZip
2019-11-13 21:35 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-13 21:00 - 2019-03-18 20:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-11-13 20:15 - 2018-11-18 19:32 - 000000000 ____D C:\ProgramData\Autodesk
2019-11-13 20:07 - 2018-11-25 08:49 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-12 19:36 - 2019-07-14 14:51 - 000000000 ____D C:\Users\Thinkpad\Desktop\Bin
2019-11-12 18:35 - 2019-08-18 10:36 - 000000064 _____ C:\Users\Thinkpad\AppData\Roaming\WB.CFG
2019-11-11 12:10 - 2019-08-11 20:53 - 000545352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-11 12:09 - 2018-11-18 18:54 - 000000000 ____D C:\Program Files\CCleaner
2019-11-11 12:00 - 2018-11-18 19:45 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2019-11-11 11:54 - 2018-11-18 19:34 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-11 11:52 - 2018-11-18 19:32 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Autodesk
2019-11-11 11:51 - 2018-11-18 19:45 - 000000000 ____D C:\Program Files\Autodesk
2019-11-11 11:24 - 2018-11-18 20:00 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2019-11-11 11:24 - 2018-11-18 20:00 - 000000000 ____D C:\ProgramData\Documents\Autodesk
2019-11-11 11:15 - 2018-11-18 20:11 - 000000000 ____D C:\Users\Thinkpad\Documents\Autodesk Application Manager
2019-11-10 17:26 - 2018-11-18 20:00 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\Autodesk
2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\ProgramData\NCH Software
2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-11-10 11:09 - 2019-08-11 20:58 - 000000000 ____D C:\Users\Thinkpad
2019-11-09 17:29 - 2018-11-18 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2019-11-09 17:28 - 2018-11-18 20:00 - 000000000 ____D C:\Program Files (x86)\Autodesk
2019-11-09 17:00 - 2018-11-18 19:26 - 000000000 ____D C:\Autodesk
2019-11-09 16:19 - 2018-11-18 20:15 - 000000000 ____D C:\ProgramData\FLEXnet
2019-11-07 17:27 - 2018-11-18 18:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-07 17:22 - 2018-11-18 19:27 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\Akamai
2019-11-04 18:42 - 2019-08-11 21:12 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-04 18:42 - 2019-08-11 21:12 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-04 18:42 - 2018-11-18 18:50 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-31 19:56 - 2018-11-18 12:34 - 000000000 ____D C:\ProgramData\Packages
2019-10-31 19:53 - 2019-08-11 21:12 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1312108708-3844341841-2510355704-1001
2019-10-31 19:53 - 2019-08-11 20:58 - 000002376 _____ C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-31 19:53 - 2018-11-18 12:23 - 000000000 ___RD C:\Users\Thinkpad\OneDrive
2019-10-21 16:10 - 2019-07-14 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
==================== Files in the root of some directories ========
2019-08-18 10:36 - 2019-11-12 18:35 - 000000064 _____ () C:\Users\Thinkpad\AppData\Roaming\WB.CFG
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
November 16th, 2019, 01:04 AM
#17
ADDITION log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Thinkpad (15-11-2019 20:59:21)
Running from C:\Users\Thinkpad\Desktop\Virtualdr scans 11-13-2019
Windows 10 Home Version 1903 18362.418 (X64) (2019-08-12 05:12:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1312108708-3844341841-2510355704-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1312108708-3844341841-2510355704-503 - Limited - Disabled)
Guest (S-1-5-21-1312108708-3844341841-2510355704-501 - Limited - Disabled)
Thinkpad (S-1-5-21-1312108708-3844341841-2510355704-1001 - Administrator - Enabled) => C:\Users\Thinkpad
WDAGUtilityAccount (S-1-5-21-1312108708-3844341841-2510355704-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACA & MEP 2020 Object Enabler (HKLM\...\{28B89EEF-3004-0000-5102-CF3F3A09B77D}) (Version: 8.2.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-3001-0000-3102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
AutoCAD 2020 (HKLM\...\{28B89EEF-3001-0000-0102-CF3F3A09B77D}) (Version: 23.1.70.0 - Autodesk) Hidden
AutoCAD 2020 Language Pack - English (HKLM\...\{28B89EEF-3001-0409-1102-CF3F3A09B77D}) (Version: 23.1.70.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk App Manager 2020 (HKLM-x32\...\{093769E2-0281-4626-88B1-43180365CCDF}) (Version: 3.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD 2016.0.11 (HKLM\...\AutoCAD 2016 Hotfix 7) (Version: 20.1.151.0 - Autodesk)
Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk)
Autodesk AutoCAD 2020.1 Update (HKLM-x32\...\{f4f9ba0b-3001-0000-0102-f66cecb07000}) (Version: 23.1.70.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{3706CB50-BF5C-4494-8252-0258501C14FE}) (Version: 4.37.2870 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{402BEAF1-A9F1-4D40-85B4-4F43D0D0EA27}) (Version: 6.3.181.0 - Autodesk, Inc.)
Autodesk DWG TrueView 2020 - English (HKLM\...\DWG TrueView 2020 - English) (Version: 23.1.48.0 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Featured Apps 2020 (HKLM-x32\...\{D0194D24-57D6-4FC8-9B80-3B60BFEBA23A}) (Version: 3.0.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library 2020 (HKLM-x32\...\{B9312A51-41B5-479D-9F72-E7448A2D89AF}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{0E976988-E753-4C81-BD96-434CE305B176}) (Version: 18.11.1.0 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk Save to Web and Mobile (HKLM\...\{26FB18F7-B553-430D-94F6-C2389A91235F}) (Version: 3.0.21 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{43D6A09F-C6C9-426A-8651-9EF8990B0A65}) (Version: 11.0.0.1800 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 77.1.1834.93 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden
DWG TrueView 2020 - English (HKLM\...\{28B89EEF-3028-0409-0100-CF3F3A09B77D}) (Version: 23.1.48.0 - Autodesk) Hidden
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.25 - NCH Software)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
RogueKiller version 13.5.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.6.0 - Adlice Software)
Sight Survey 2016 (HKLM-x32\...\{3D387B2D-B0C0-48FF-872A-3434AC81C6DF}) (Version: 1.0 - Carlson Software)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Video Download Capture V6.4.8.5 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.8.5 - APOWERSOFT LIMITED)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation)
Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-19] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-11-18] (Fitbit)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-07] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-24] (Netflix, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2020\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-02-07] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-11-10] () [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-07-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-11-10] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-11-12 19:34 - 2018-12-07 11:35 - 001176576 _____ () [File not signed] C:\Program Files (x86)\Apowersoft\Video Download Capture 6\CefSharp.Core.dll
2019-11-12 19:34 - 2018-12-07 11:36 - 061096960 _____ () [File not signed] C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libcef.dll
2019-11-10 11:09 - 2019-11-10 11:09 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 15:38 - 2019-11-13 20:23 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: Autodesk Content Service => 2
HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\...\StartupApproved\Run: => "Chromium"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41609E89-EC44-4A30-A297-93D2A048EA4A}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
FirewallRules: [{1001C2F0-E4EB-456E-91C9-D66318C43E1E}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
FirewallRules: [{68A7EEDE-535A-454C-8D2D-A29331472D31}] => (Allow) C:\Users\Thinkpad\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{C231BD34-FF08-41EA-A1DC-BD3CD32E9A62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98859B50-4078-45B2-9A54-44521EE88C89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{20FDB20F-E60F-4956-ABED-9361D268030D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1A305E3-81C7-4DC1-9EDA-E973E792ADB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{267D9084-9737-4990-B707-14D5C42FE63D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{781C1871-C6CE-4C2A-A4A8-C8BC492BB6AA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3A103F64-BC98-4B0D-BD2D-E4C205E4F2D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AB380591-BD8C-4F34-A81A-E36E38E0E915}] => (Allow) C:\Users\Thinkpad\AppData\Local\Temp\7zS6133\HP.EasyStart.exe No File
FirewallRules: [{C52AD5BD-016A-47B1-826D-D8C405A451C4}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2CB004C4-7859-4A5C-9572-9A38335A4AD9}] => (Allow) LPort=5357
FirewallRules: [{1136D8D0-05C5-475F-8826-19E18FF400F4}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B331BEB2-5351-47C5-A77E-589D9A4BFD7A}] => (Allow) LPort=5000
FirewallRules: [{1778D97A-97D8-4800-99DF-7CB9B0FA05DA}] => (Allow) LPort=65111
FirewallRules: [{CC823103-B606-4FE9-B1CB-8ADDE4299A50}] => (Allow) LPort=50248
FirewallRules: [UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{D5DD35CC-A96D-4DEB-8B66-38800ABF13D1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B2C72496-FC54-4B66-8452-89BA4BFECABD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{84FC00EE-ED52-4640-873A-80CB10EB929E}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{4B3A349B-61BC-4D74-8659-8F47982553B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B33B4D67-EE27-49F1-9533-369F208C1306}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{CAFE67F7-A99D-41DE-B873-79E38B67B2E2}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{258609ED-1186-41F4-8C69-0B9C517E4088}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{77A8A7C5-F048-483C-A5F2-C29DE4A5D67E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
==================== Restore Points =========================
24-10-2019 20:45:36 Scheduled Checkpoint
01-11-2019 17:24:23 Scheduled Checkpoint
09-11-2019 16:50:05 Installed Autodesk Download Manager
15-11-2019 17:05:41 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/15/2019 07:46:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4437
Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4437
Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3016
Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3016
Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/15/2019 06:08:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1609
System errors:
=============
Error: (11/15/2019 08:53:47 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-OLAV58N)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (11/15/2019 04:48:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2019 09:36:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Content Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/13/2019 09:36:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Autodesk Content Service service to connect.
Error: (11/13/2019 09:35:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OLAV58N)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FlexNet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2019-08-13 10:31:07.295
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {21B63D7F-7C57-4087-9106-2A9C38F8F4E7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-08-13 09:24:29.873
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A415B3D9-5FEA-4503-803A-C704E83008CF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===================================
Date: 2019-11-13 21:14:55.688
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:55.670
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.663
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.658
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.653
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.634
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.631
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-11-13 21:14:18.628
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: LENOVO 9SKT60AUS 01/30/2013
Motherboard: LENOVO MAHOBAY
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 7980.45 MB
Available physical RAM: 4377.11 MB
Total Virtual: 9260.45 MB
Available Virtual: 5069.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.97 GB) (Free:862.13 GB) NTFS
\\?\Volume{55b0e137-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 55B0E137)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
November 16th, 2019, 03:42 AM
#18
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
November 16th, 2019, 12:38 PM
#19
Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Thinkpad (16-11-2019 08:37:35) Run:1
Running from C:\Users\Thinkpad\Desktop
Loaded Profiles: Thinkpad (Available Profiles: Thinkpad)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
NETSVCx32: CmSvc -> no filepath.
NETSVCx32: HpSvc -> no filepath.
2019-08-18 10:36 - 2019-11-12 18:35 - 000000064 _____ () C:\Users\Thinkpad\AppData\Roaming\WB.CFG
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{41609E89-EC44-4A30-A297-93D2A048EA4A}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
FirewallRules: [{1001C2F0-E4EB-456E-91C9-D66318C43E1E}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
FirewallRules: [{AB380591-BD8C-4F34-A81A-E36E38E0E915}] => (Allow) C:\Users\Thinkpad\AppData\Local\Temp\7zS6133\HP.EasyStart.exe No File
FirewallRules: [UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs CmSvc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HpSvc => removed successfully
C:\Users\Thinkpad\AppData\Roaming\WB.CFG => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41609E89-EC44-4A30-A297-93D2A048EA4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1001C2F0-E4EB-456E-91C9-D66318C43E1E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB380591-BD8C-4F34-A81A-E36E38E0E915}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe" => removed successfully
==== End of Fixlog 08:37:36 ====
November 16th, 2019, 01:21 PM
#20
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
November 16th, 2019, 04:35 PM
#21
Security check log:
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner Browser
CCleaner Update Helper
Google Chrome (78.0.3904.97)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FSS log:
Farbar Service Scanner Version: 27-01-2016
Ran by Thinkpad (administrator) on 16-11-2019 at 10:15:50
Running from "C:\Users\Thinkpad\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe"".
Windows Defender Disabled Policy:
==========================
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
November 16th, 2019, 04:36 PM
#22
TFC log:
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Thinkpad
->Temp folder emptied: 1487238 bytes
->Temporary Internet Files folder emptied: 744867 bytes
->Google Chrome cache emptied: 282682694 bytes
->Flash cache emptied: 2148 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2421628 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 0 bytes
Process complete!
Total Files Cleaned = 274.00 mb
Sophos found 0 threats, no log was created.
November 16th, 2019, 05:45 PM
#23
Your computer is clean [img=https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg]
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create registry backup Purge System Restore Reset system settings
Now click "Run " and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately !
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).
7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager .
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware ), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
9. Read:
How did I get infected?, With steps so it does not happen again! : http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet : http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings : http://www.bleepingcomputer.com/foru.../#entry3187642
10. Please, let me know, how your computer is doing.
November 16th, 2019, 06:33 PM
#24
Thank you very much Broni.
Computer seems more responsive.
November 16th, 2019, 06:48 PM
#25
You're very welcome
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules