[RESOLVED] Need a check up 1 - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: [RESOLVED] Need a check up 1

  1. #16
    Join Date
    May 2005
    Posts
    122
    FRST log 2

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com"
    CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://udn.com; hxxps://www.chinatimes.com; hxxps://www.worldjournal.com
    CHR Profile: C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default [2019-11-15]
    CHR DownloadDir: C:\Users\Thinkpad\Desktop
    CHR Extension: (Slides) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-18]
    CHR Extension: (Floorplanner) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2018-11-18]
    CHR Extension: (Sudoku) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2018-11-18]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2018-11-18]
    CHR Extension: (Docs) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-18]
    CHR Extension: (Google Drive) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-18]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-09-03]
    CHR Extension: (Windows Defender Browser Protection) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2019-07-07]
    CHR Extension: (YouTube) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-18]
    CHR Extension: (Adobe Acrobat) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-01]
    CHR Extension: (Sheets) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-18]
    CHR Extension: (Online Security Pro) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjgpapimgnmibnacmeilgjefnoofefp [2019-09-03]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-11-18]
    CHR Extension: (HTTPS Everywhere) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-11-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-24]
    CHR Extension: (Click&Clean) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2019-11-11]
    CHR Extension: (360 Internet Protection) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-11-18]
    CHR Extension: (Pinterest Save Button) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-11-08]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-11-18]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-11-13]
    CHR Extension: (Dropbox) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-11-18]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-11]
    CHR Extension: (Web Whiteboard) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmonflnoepbijmbbfipoifgkbibofgd [2018-11-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Rollip - Photo Effects) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2018-11-18]
    CHR Extension: (Tv Online) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2018-11-18]
    CHR Extension: (Click&Clean App) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-11-08]
    CHR Extension: (Gmail) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-07]
    CHR Extension: (Chrome Media Router) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
    CHR Extension: (Cool Metronome) - C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmfiinlikaadclgdojekfaoglellgm [2018-11-18]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1233272 2019-05-14] (Autodesk, Inc. -> Autodesk Inc.)
    R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16926864 2019-08-07] (Autodesk, Inc. -> Autodesk)
    S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
    S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
    S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\77.1.1834.93\elevation_service.exe [984880 2019-09-25] (Piriform Software Ltd -> Piriform Software)
    S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [209128 2019-08-31] (Piriform Software Ltd -> Piriform Software)
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81392 2019-08-01] (INTERNET PROJECT LLC -> Freemake)
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
    R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo -> Lenovo)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-13] (Malwarebytes Inc -> Malwarebytes)
    R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-11-13] (Adlice -> )
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-07-19] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-19] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVCx32: CmSvc -> no filepath.
    NETSVCx32: HpSvc -> no filepath.

    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-15 17:06 - 2019-11-15 17:07 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2019-11-15 17:06 - 2019-11-15 17:07 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2019-11-13 21:37 - 2019-11-13 21:37 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-11-13 21:37 - 2019-11-13 21:37 - 000248480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-11-13 21:33 - 2019-11-13 21:35 - 000000000 ____D C:\AdwCleaner
    2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\mbamtray
    2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\mbam
    2019-11-13 21:01 - 2019-11-13 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-11-13 21:00 - 2019-11-13 21:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-11-13 21:00 - 2019-11-13 21:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-11-13 21:00 - 2019-11-13 21:00 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-11-13 21:00 - 2019-11-13 21:00 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-11-13 20:58 - 2019-11-15 20:57 - 000000000 ____D C:\Users\Thinkpad\Desktop\Virtualdr scans 11-13-2019
    2019-11-13 20:41 - 2019-11-13 20:41 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-11-13 20:40 - 2019-11-13 20:40 - 000003162 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
    2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-11-13 20:40 - 2019-11-13 20:40 - 000000000 ____D C:\Program Files\RogueKiller
    2019-11-12 19:42 - 2019-11-15 20:58 - 000000000 ____D C:\FRST
    2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Users\Thinkpad\Documents\Apowersoft
    2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Apowersoft
    2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
    2019-11-12 19:34 - 2019-11-12 19:34 - 000000000 ____D C:\Program Files (x86)\Apowersoft
    2019-11-12 19:34 - 2018-12-07 11:36 - 000370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 000282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 000107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 000098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 000053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
    2019-11-11 14:53 - 2019-11-11 14:53 - 000126784 _____ C:\Users\Thinkpad\AppData\Local\GDIPFONTCACHEV1.DAT
    2019-11-11 14:39 - 2019-11-11 14:39 - 012627458 _____ C:\Users\Thinkpad\Desktop\ASCE - Future World Vision Report.pdf
    2019-11-11 14:39 - 2019-11-11 14:39 - 008278202 _____ C:\Users\Thinkpad\Desktop\ASCE - CA Roadway Score.pdf
    2019-11-10 11:09 - 2019-11-10 11:09 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000001391 _____ C:\Users\Public\Desktop\NCH Suite.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000001391 _____ C:\ProgramData\Desktop\NCH Suite.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000001245 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000001245 _____ C:\ProgramData\Desktop\Express Zip File Compression.lnk
    2019-11-10 11:09 - 2019-11-10 11:09 - 000000000 ____D C:\Users\Thinkpad\NCH Software Suite
    2019-11-10 11:09 - 2019-11-10 11:09 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\NCH Software
    2019-11-10 11:07 - 2019-11-10 11:08 - 011121916 _____ C:\Users\Thinkpad\Desktop\121282v6131209_vegetationblocksoftreesandplants.zip
    2019-11-10 08:46 - 2019-11-10 08:46 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Sosometago
    2019-11-10 08:45 - 2019-11-10 08:46 - 000000000 ____D C:\ProgramData\{3BEF07D3-13C7-7FAB-4B9F-5783A3778F5B}
    2019-11-10 07:47 - 2019-11-10 07:48 - 000000000 ____D C:\Users\Thinkpad\Desktop\Autocad 2020
    2019-11-09 17:35 - 2019-11-09 17:35 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\cache
    2019-11-09 17:34 - 2019-11-09 17:35 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\AdSSO
    2019-11-09 17:29 - 2019-11-09 17:29 - 000000000 ____D C:\Users\Thinkpad\Autodesk
    2019-11-09 17:27 - 2019-11-09 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English
    2019-11-09 17:26 - 2019-11-09 17:26 - 000000000 ____D C:\Users\Thinkpad\Documents\Inventor Server for AutoCAD
    2019-11-09 17:11 - 2019-11-09 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Licensing
    2019-11-09 17:04 - 2019-11-09 17:04 - 000000000 ____D C:\Users\Thinkpad\Downloads\{284712BE-7D15-674C-51A3-B81AA2718CA8}
    2019-11-09 16:49 - 2019-11-09 16:49 - 000000000 ____D C:\ProgramData\Applications
    2019-11-05 21:17 - 2019-11-05 21:26 - 000000000 ____D C:\Users\Thinkpad\Desktop\5114 Raphael St
    2019-10-27 19:55 - 2019-10-27 19:55 - 000275642 _____ C:\Users\Thinkpad\Desktop\BOE report.approved_products_report.pdf
    2019-10-26 18:49 - 2019-10-26 18:49 - 000209913 _____ C:\Users\Thinkpad\Documents\Scan_0003.pdf

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-15 20:47 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-11-15 19:44 - 2019-08-11 20:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-11-15 18:01 - 2018-11-24 11:20 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-11-15 17:58 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-11-15 17:58 - 2018-11-24 11:19 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-11-15 17:06 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-11-15 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-11-15 16:49 - 2019-08-09 21:31 - 000000000 ___RD C:\Users\Thinkpad\iCloudDrive
    2019-11-15 16:43 - 2018-11-18 12:20 - 000000000 __SHD C:\Users\Thinkpad\IntelGraphicsProfiles
    2019-11-13 21:42 - 2019-08-11 21:09 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-11-13 21:42 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
    2019-11-13 21:36 - 2019-08-11 21:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-11-13 21:35 - 2019-07-14 13:46 - 000000000 ____D C:\ProgramData\WinZip
    2019-11-13 21:35 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2019-11-13 21:00 - 2019-03-18 20:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-11-13 20:15 - 2018-11-18 19:32 - 000000000 ____D C:\ProgramData\Autodesk
    2019-11-13 20:07 - 2018-11-25 08:49 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-11-12 19:36 - 2019-07-14 14:51 - 000000000 ____D C:\Users\Thinkpad\Desktop\Bin
    2019-11-12 18:35 - 2019-08-18 10:36 - 000000064 _____ C:\Users\Thinkpad\AppData\Roaming\WB.CFG
    2019-11-11 12:10 - 2019-08-11 20:53 - 000545352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-11-11 12:09 - 2018-11-18 18:54 - 000000000 ____D C:\Program Files\CCleaner
    2019-11-11 12:00 - 2018-11-18 19:45 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2019-11-11 11:54 - 2018-11-18 19:34 - 000000000 ____D C:\ProgramData\Package Cache
    2019-11-11 11:52 - 2018-11-18 19:32 - 000000000 ____D C:\Users\Thinkpad\AppData\Roaming\Autodesk
    2019-11-11 11:51 - 2018-11-18 19:45 - 000000000 ____D C:\Program Files\Autodesk
    2019-11-11 11:24 - 2018-11-18 20:00 - 000000000 ____D C:\Users\Public\Documents\Autodesk
    2019-11-11 11:24 - 2018-11-18 20:00 - 000000000 ____D C:\ProgramData\Documents\Autodesk
    2019-11-11 11:15 - 2018-11-18 20:11 - 000000000 ____D C:\Users\Thinkpad\Documents\Autodesk Application Manager
    2019-11-10 17:26 - 2018-11-18 20:00 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\Autodesk
    2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\ProgramData\NCH Software
    2019-11-10 11:09 - 2019-08-13 20:02 - 000000000 ____D C:\Program Files (x86)\NCH Software
    2019-11-10 11:09 - 2019-08-11 20:58 - 000000000 ____D C:\Users\Thinkpad
    2019-11-09 17:29 - 2018-11-18 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    2019-11-09 17:28 - 2018-11-18 20:00 - 000000000 ____D C:\Program Files (x86)\Autodesk
    2019-11-09 17:00 - 2018-11-18 19:26 - 000000000 ____D C:\Autodesk
    2019-11-09 16:19 - 2018-11-18 20:15 - 000000000 ____D C:\ProgramData\FLEXnet
    2019-11-07 17:27 - 2018-11-18 18:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-07 17:22 - 2018-11-18 19:27 - 000000000 ____D C:\Users\Thinkpad\AppData\Local\Akamai
    2019-11-04 18:42 - 2019-08-11 21:12 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-11-04 18:42 - 2019-08-11 21:12 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-11-04 18:42 - 2018-11-18 18:50 - 000000000 ____D C:\Program Files (x86)\Google
    2019-10-31 19:56 - 2018-11-18 12:34 - 000000000 ____D C:\ProgramData\Packages
    2019-10-31 19:53 - 2019-08-11 21:12 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1312108708-3844341841-2510355704-1001
    2019-10-31 19:53 - 2019-08-11 20:58 - 000002376 _____ C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-10-31 19:53 - 2018-11-18 12:23 - 000000000 ___RD C:\Users\Thinkpad\OneDrive
    2019-10-21 16:10 - 2019-07-14 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

    ==================== Files in the root of some directories ========

    2019-08-18 10:36 - 2019-11-12 18:35 - 000000064 _____ () C:\Users\Thinkpad\AppData\Roaming\WB.CFG

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  2. #17
    Join Date
    May 2005
    Posts
    122
    ADDITION log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
    Ran by Thinkpad (15-11-2019 20:59:21)
    Running from C:\Users\Thinkpad\Desktop\Virtualdr scans 11-13-2019
    Windows 10 Home Version 1903 18362.418 (X64) (2019-08-12 05:12:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1312108708-3844341841-2510355704-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1312108708-3844341841-2510355704-503 - Limited - Disabled)
    Guest (S-1-5-21-1312108708-3844341841-2510355704-501 - Limited - Disabled)
    Thinkpad (S-1-5-21-1312108708-3844341841-2510355704-1001 - Administrator - Enabled) => C:\Users\Thinkpad
    WDAGUtilityAccount (S-1-5-21-1312108708-3844341841-2510355704-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
    ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
    ACA & MEP 2020 Object Enabler (HKLM\...\{28B89EEF-3004-0000-5102-CF3F3A09B77D}) (Version: 8.2.45.0 - Autodesk) Hidden
    ACAD Private (HKLM\...\{28B89EEF-3001-0000-3102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
    ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
    AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
    AutoCAD 2020 (HKLM\...\{28B89EEF-3001-0000-0102-CF3F3A09B77D}) (Version: 23.1.70.0 - Autodesk) Hidden
    AutoCAD 2020 Language Pack - English (HKLM\...\{28B89EEF-3001-0409-1102-CF3F3A09B77D}) (Version: 23.1.70.0 - Autodesk) Hidden
    Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
    Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
    Autodesk App Manager 2020 (HKLM-x32\...\{093769E2-0281-4626-88B1-43180365CCDF}) (Version: 3.0.0 - Autodesk)
    Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
    Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
    Autodesk AutoCAD 2016.0.11 (HKLM\...\AutoCAD 2016 Hotfix 7) (Version: 20.1.151.0 - Autodesk)
    Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk)
    Autodesk AutoCAD 2020.1 Update (HKLM-x32\...\{f4f9ba0b-3001-0000-0102-f66cecb07000}) (Version: 23.1.70.0 - Autodesk)
    Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
    Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{3706CB50-BF5C-4494-8252-0258501C14FE}) (Version: 4.37.2870 - Autodesk)
    Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
    Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
    Autodesk Download Manager (HKLM-x32\...\{402BEAF1-A9F1-4D40-85B4-4F43D0D0EA27}) (Version: 6.3.181.0 - Autodesk, Inc.)
    Autodesk DWG TrueView 2020 - English (HKLM\...\DWG TrueView 2020 - English) (Version: 23.1.48.0 - Autodesk)
    Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
    Autodesk Featured Apps 2020 (HKLM-x32\...\{D0194D24-57D6-4FC8-9B80-3B60BFEBA23A}) (Version: 3.0.0 - Autodesk)
    Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
    Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
    Autodesk Material Library 2020 (HKLM-x32\...\{B9312A51-41B5-479D-9F72-E7448A2D89AF}) (Version: 18.11.1.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{0E976988-E753-4C81-BD96-434CE305B176}) (Version: 18.11.1.0 - Autodesk)
    Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
    Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
    Autodesk Save to Web and Mobile (HKLM\...\{26FB18F7-B553-430D-94F6-C2389A91235F}) (Version: 3.0.21 - Autodesk)
    Autodesk Single Sign On Component (HKLM\...\{43D6A09F-C6C9-426A-8651-9EF8990B0A65}) (Version: 11.0.0.1800 - Autodesk)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
    CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 77.1.1834.93 - Piriform Software)
    CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden
    DWG TrueView 2020 - English (HKLM\...\{28B89EEF-3028-0409-0100-CF3F3A09B77D}) (Version: 23.1.48.0 - Autodesk) Hidden
    Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
    Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.25 - NCH Software)
    FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
    Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
    iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.)
    IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    RogueKiller version 13.5.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.6.0 - Adlice Software)
    Sight Survey 2016 (HKLM-x32\...\{3D387B2D-B0C0-48FF-872A-3434AC81C6DF}) (Version: 1.0 - Carlson Software)
    SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
    SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version: - )
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
    Video Download Capture V6.4.8.5 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.8.5 - APOWERSOFT LIMITED)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
    WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation)

    Packages:
    =========
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-19] (Dolby Laboratories)
    Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-11-18] (Fitbit)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-07] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-07] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-15] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-24] (Netflix, Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1312108708-3844341841-2510355704-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2020\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
    ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-02-07] (Autodesk, Inc. -> Autodesk)
    ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-11-10] () [File not signed]
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-07-22] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-13] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-11-10] () [File not signed]
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-13] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-01-30] (Corel Corporation -> WinZip Computing)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2019-11-12 19:34 - 2018-12-07 11:35 - 001176576 _____ () [File not signed] C:\Program Files (x86)\Apowersoft\Video Download Capture 6\CefSharp.Core.dll
    2019-11-12 19:34 - 2018-12-07 11:36 - 061096960 _____ () [File not signed] C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libcef.dll
    2019-11-10 11:09 - 2019-11-10 11:09 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 15:38 - 2019-11-13 20:23 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: AdAppMgrSvc => 2
    MSCONFIG\Services: Autodesk Content Service => 2
    HKU\S-1-5-21-1312108708-3844341841-2510355704-1001\...\StartupApproved\Run: => "Chromium"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{41609E89-EC44-4A30-A297-93D2A048EA4A}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
    FirewallRules: [{1001C2F0-E4EB-456E-91C9-D66318C43E1E}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
    FirewallRules: [{68A7EEDE-535A-454C-8D2D-A29331472D31}] => (Allow) C:\Users\Thinkpad\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    FirewallRules: [{C231BD34-FF08-41EA-A1DC-BD3CD32E9A62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{98859B50-4078-45B2-9A54-44521EE88C89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{20FDB20F-E60F-4956-ABED-9361D268030D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A1A305E3-81C7-4DC1-9EDA-E973E792ADB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{267D9084-9737-4990-B707-14D5C42FE63D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{781C1871-C6CE-4C2A-A4A8-C8BC492BB6AA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{3A103F64-BC98-4B0D-BD2D-E4C205E4F2D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{AB380591-BD8C-4F34-A81A-E36E38E0E915}] => (Allow) C:\Users\Thinkpad\AppData\Local\Temp\7zS6133\HP.EasyStart.exe No File
    FirewallRules: [{C52AD5BD-016A-47B1-826D-D8C405A451C4}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
    FirewallRules: [{2CB004C4-7859-4A5C-9572-9A38335A4AD9}] => (Allow) LPort=5357
    FirewallRules: [{1136D8D0-05C5-475F-8826-19E18FF400F4}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
    FirewallRules: [{B331BEB2-5351-47C5-A77E-589D9A4BFD7A}] => (Allow) LPort=5000
    FirewallRules: [{1778D97A-97D8-4800-99DF-7CB9B0FA05DA}] => (Allow) LPort=65111
    FirewallRules: [{CC823103-B606-4FE9-B1CB-8ADDE4299A50}] => (Allow) LPort=50248
    FirewallRules: [UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [{D5DD35CC-A96D-4DEB-8B66-38800ABF13D1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{B2C72496-FC54-4B66-8452-89BA4BFECABD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{84FC00EE-ED52-4640-873A-80CB10EB929E}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
    FirewallRules: [{4B3A349B-61BC-4D74-8659-8F47982553B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{B33B4D67-EE27-49F1-9533-369F208C1306}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
    FirewallRules: [{CAFE67F7-A99D-41DE-B873-79E38B67B2E2}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
    FirewallRules: [{258609ED-1186-41F4-8C69-0B9C517E4088}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
    FirewallRules: [{77A8A7C5-F048-483C-A5F2-C29DE4A5D67E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )

    ==================== Restore Points =========================

    24-10-2019 20:45:36 Scheduled Checkpoint
    01-11-2019 17:24:23 Scheduled Checkpoint
    09-11-2019 16:50:05 Installed Autodesk Download Manager
    15-11-2019 17:05:41 Windows Update

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/15/2019 07:46:07 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (8028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4437

    Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4437

    Error: (11/15/2019 06:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3016

    Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3016

    Error: (11/15/2019 06:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/15/2019 06:08:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1609


    System errors:
    =============
    Error: (11/15/2019 08:53:47 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-OLAV58N)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "2147942767"
    Happened while starting this command:
    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (11/15/2019 04:48:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/13/2019 09:36:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Autodesk Content Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/13/2019 09:36:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (45000 milliseconds) while waiting for the Autodesk Content Service service to connect.

    Error: (11/13/2019 09:35:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OLAV58N)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The FlexNet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/13/2019 09:35:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


    Windows Defender:
    ===================================
    Date: 2019-08-13 10:31:07.295
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {21B63D7F-7C57-4087-9106-2A9C38F8F4E7}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-08-13 09:24:29.873
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {A415B3D9-5FEA-4503-803A-C704E83008CF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2019-11-13 21:14:55.688
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:55.670
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.663
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.658
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.653
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.634
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.631
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    Date: 2019-11-13 21:14:18.628
    Description:
    Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

    ==================== Memory info ===========================

    BIOS: LENOVO 9SKT60AUS 01/30/2013
    Motherboard: LENOVO MAHOBAY
    Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
    Percentage of memory in use: 45%
    Total physical RAM: 7980.45 MB
    Available physical RAM: 4377.11 MB
    Total Virtual: 9260.45 MB
    Available Virtual: 5069.43 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:930.97 GB) (Free:862.13 GB) NTFS

    \\?\Volume{55b0e137-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 55B0E137)
    Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  4. #19
    Join Date
    May 2005
    Posts
    122
    Fixlog.txt

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
    Ran by Thinkpad (16-11-2019 08:37:35) Run:1
    Running from C:\Users\Thinkpad\Desktop
    Loaded Profiles: Thinkpad (Available Profiles: Thinkpad)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    NETSVCx32: CmSvc -> no filepath.
    NETSVCx32: HpSvc -> no filepath.
    2019-08-18 10:36 - 2019-11-12 18:35 - 000000064 _____ () C:\Users\Thinkpad\AppData\Roaming\WB.CFG
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    FirewallRules: [{41609E89-EC44-4A30-A297-93D2A048EA4A}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
    FirewallRules: [{1001C2F0-E4EB-456E-91C9-D66318C43E1E}] => (Allow) C:\Program Files (x86)\CouponMaster\CouponTray.exe No File
    FirewallRules: [{AB380591-BD8C-4F34-A81A-E36E38E0E915}] => (Allow) C:\Users\Thinkpad\AppData\Local\Temp\7zS6133\HP.EasyStart.exe No File
    FirewallRules: [UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File
    FirewallRules: [TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\thinkpad\appdata\local\akamai\netsession_win.exe No File


    *****************

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs CmSvc => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HpSvc => removed successfully
    C:\Users\Thinkpad\AppData\Roaming\WB.CFG => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41609E89-EC44-4A30-A297-93D2A048EA4A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1001C2F0-E4EB-456E-91C9-D66318C43E1E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB380591-BD8C-4F34-A81A-E36E38E0E915}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{53930495-1FBC-4659-869C-106364384F78}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1A1A8FF-F280-4402-8BA3-945989450CEF}C:\users\thinkpad\appdata\local\akamai\netsession_win.exe" => removed successfully

    ==== End of Fixlog 08:37:36 ====

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  6. #21
    Join Date
    May 2005
    Posts
    122
    Security check log:

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner Browser
    CCleaner Update Helper
    Google Chrome (78.0.3904.97)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````



    FSS log:

    Farbar Service Scanner Version: 27-01-2016
    Ran by Thinkpad (administrator) on 16-11-2019 at 10:15:50
    Running from "C:\Users\Thinkpad\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

  7. #22
    Join Date
    May 2005
    Posts
    122
    TFC log:

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Thinkpad
    ->Temp folder emptied: 1487238 bytes
    ->Temporary Internet Files folder emptied: 744867 bytes
    ->Google Chrome cache emptied: 282682694 bytes
    ->Flash cache emptied: 2148 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2421628 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 274.00 mb




    Sophos found 0 threats, no log was created.

  8. #23
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your computer is clean [img=https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:

    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings


    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

    10. Please, let me know, how your computer is doing.

  9. #24
    Join Date
    May 2005
    Posts
    122
    Thank you very much Broni.

    Computer seems more responsive.

  10. #25
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You're very welcome

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •