Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zeus virus; slow; pages freeze


  • This topic is locked This topic is locked

#1
shelovestomuse

shelovestomuse

    Member

  • Member
  • PipPipPip
  • 121 posts

I have a new-to-me Alienware that I got from a computer repair friend here locally. Recently, I had a run-in with "Zeus" virus.

 

I've run CC Cleaner and a purchased version of Malwarebytes. Everything either got cleaned or came up clean.

 

Yet, the computer is still running very slow. Pages occasionally freeze altogether. May be something still lurking there, may be something else entirely.

 

------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by admin1 (administrator) on ADMIN (21-06-2017 16:50:44)
Running from C:\Users\admin1\Desktop
Loaded Profiles: admin1 (Available Profiles: admin1 & admin new)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-09-11] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-07-24] (Alienware)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [886272 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546576 2013-01-21] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\Run: [GoogleChromeAutoLaunch_975EBB33C7229661C9C0DA4A2B75A4FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [187152 2015-09-11] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [187152 2015-09-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165528 2015-09-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{993D39E3-0B1C-4005-AA94-16E56E99D8CB}: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{F2A67AD3-E95F-4878-8AB4-0AF5EE50C50F}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> DefaultScope {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-01-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4125187598-2613234932-3738395790-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\admin1\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://essentialoilfare.com/wp-admin/","hxxps://sr11.supercp.com:2083/cpsess8049136517/frontend/paper_lantern/index.html?login=1&post_login=94321420609820","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mg.mail.yahoo.com/neo/launch?.partner=vz-acs&.rand=chka8i1cc4j8f","hxxps://www.mydoterra.com/","hxxp://forecast.weather.gov/MapClick.php?lat=30.589424670713072&lon=-96.30792859932467#.WTXWt-vyt0x","hxxps://www.facebook.com/"
CHR Profile: C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (Google Slides) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (ColorZilla) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-01-16]
CHR Extension: (YouTube) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-16]
CHR Extension: (Pinterest Save Button) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-01] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2012-06-20] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1055360 2012-06-20] (Creative Technology Ltd)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-15] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-21] (Malwarebytes)
R1 MpKsl438bbea6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5AEE33-E7CB-44B6-94E2-4C49E725C55B}\MpKsl438bbea6.sys [44928 2017-06-20] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R1 nvkflt; C:\WINDOWS\system32\DRIVERS\nvkflt.sys [309888 2015-09-11] (NVIDIA Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-21 16:50 - 2017-06-21 16:50 - 00021025 _____ C:\Users\admin1\Desktop\FRST.txt
2017-06-21 16:48 - 2017-06-21 16:50 - 00000000 ____D C:\FRST
2017-06-21 16:47 - 2017-06-21 16:47 - 02439680 _____ (Farbar) C:\Users\admin1\Desktop\FRST64.exe
2017-06-20 18:16 - 2017-06-20 18:24 - 00000000 ____D C:\Users\admin1\AppData\Roaming\Apple Computer
2017-06-20 18:16 - 2017-06-20 18:16 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-20 18:16 - 2017-06-20 18:16 - 00000000 ____D C:\Users\admin1\AppData\Local\Apple Computer
2017-06-20 18:16 - 2017-06-20 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-20 18:14 - 2017-06-20 18:16 - 00000000 ____D C:\Program Files\iTunes
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\ProgramData\Apple Computer
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\iPod
2017-06-20 18:13 - 2017-06-20 18:13 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Users\admin1\AppData\Local\Apple
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files\Bonjour
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-06-20 18:12 - 2017-06-20 18:13 - 00000000 ____D C:\ProgramData\Apple
2017-06-20 18:12 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-20 18:09 - 2017-06-20 18:11 - 259195720 _____ (Apple Inc.) C:\Users\admin1\Desktop\iTunes64Setup.exe
2017-06-20 11:53 - 2017-06-21 16:50 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-20 11:53 - 2017-06-20 18:18 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-20 11:53 - 2017-06-20 18:18 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-20 11:53 - 2017-06-20 11:53 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-20 11:52 - 2017-06-20 18:18 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-20 11:52 - 2017-06-20 11:52 - 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-20 11:52 - 2017-06-20 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-20 11:51 - 2017-06-20 12:00 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-20 11:51 - 2017-06-20 11:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-20 11:49 - 2017-06-20 11:50 - 64025992 _____ (Malwarebytes ) C:\Users\admin1\Desktop\mb3-setup-cb.NT-3.1.2.1733-10139.exe
2017-06-16 08:33 - 2017-06-16 08:33 - 00000000 ____D C:\Users\admin1\AppData\LocalLow\Adobe
2017-06-16 08:31 - 2017-06-16 08:31 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-16 08:30 - 2017-06-16 08:34 - 00000000 ____D C:\ProgramData\Adobe
2017-06-16 08:30 - 2017-06-16 08:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-16 08:30 - 2017-06-16 08:30 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-06-16 08:30 - 2017-06-16 08:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-14 06:34 - 2017-06-02 07:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-14 06:34 - 2017-06-02 07:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-14 06:34 - 2017-06-02 07:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-14 06:34 - 2017-06-02 07:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 06:34 - 2017-06-02 07:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-14 06:34 - 2017-06-02 06:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 06:34 - 2017-06-02 06:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 06:34 - 2017-06-02 05:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 06:34 - 2017-06-02 05:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-14 06:34 - 2017-06-02 05:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-14 06:34 - 2017-06-02 05:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-14 06:34 - 2017-06-02 05:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 06:34 - 2017-06-02 04:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 06:34 - 2017-06-02 04:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 06:34 - 2017-05-15 14:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 06:34 - 2017-05-14 15:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-14 06:34 - 2017-05-14 15:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 06:34 - 2017-05-14 15:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 06:34 - 2017-05-14 15:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 06:34 - 2017-05-14 15:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-14 06:34 - 2017-05-14 15:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-14 06:34 - 2017-05-14 14:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 06:34 - 2017-05-14 14:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-14 06:34 - 2017-05-14 14:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-14 06:34 - 2017-05-14 14:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 06:34 - 2017-05-14 14:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-14 06:34 - 2017-05-14 14:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 06:34 - 2017-05-14 14:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-14 06:34 - 2017-05-14 14:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 06:34 - 2017-05-14 14:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 06:34 - 2017-05-14 13:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 06:34 - 2017-05-14 13:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 06:34 - 2017-05-14 13:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-14 06:34 - 2017-05-14 13:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-14 06:34 - 2017-05-14 13:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 06:34 - 2017-05-14 13:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 06:34 - 2017-05-14 13:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 06:34 - 2017-05-14 13:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 06:34 - 2017-05-14 13:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 06:34 - 2017-05-14 13:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-14 06:34 - 2017-05-14 13:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 06:34 - 2017-05-14 13:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 06:34 - 2017-05-14 13:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-14 06:34 - 2017-05-14 13:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 06:34 - 2017-05-14 13:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 06:34 - 2017-05-14 13:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 06:34 - 2017-05-14 13:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-14 06:34 - 2017-05-14 13:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-14 06:34 - 2017-05-12 12:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 06:34 - 2017-05-12 11:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-14 06:34 - 2017-05-12 11:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 06:34 - 2017-05-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-14 06:34 - 2017-05-12 10:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-14 06:34 - 2017-05-12 10:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-14 06:34 - 2017-05-12 10:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-14 06:34 - 2017-05-11 23:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 06:34 - 2017-05-11 21:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 06:34 - 2017-05-11 21:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 06:34 - 2017-05-11 21:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 06:34 - 2017-05-11 21:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-14 06:34 - 2017-05-11 21:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-14 06:34 - 2017-05-11 21:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-14 06:34 - 2017-05-11 21:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-14 06:34 - 2017-05-11 21:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-14 06:34 - 2017-05-11 21:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-14 06:34 - 2017-05-11 18:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 06:34 - 2017-05-11 18:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 06:34 - 2017-05-10 13:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-14 06:34 - 2017-05-06 11:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 06:34 - 2017-05-06 11:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 06:34 - 2017-04-06 12:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-14 06:34 - 2017-04-06 12:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-14 06:34 - 2017-04-06 11:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 06:34 - 2017-04-06 11:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-14 06:34 - 2017-04-06 11:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-14 06:34 - 2017-04-06 11:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-14 06:34 - 2017-04-06 11:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-14 06:34 - 2017-04-06 10:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-14 06:34 - 2017-04-02 09:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 06:34 - 2017-04-02 08:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-06 18:02 - 2017-06-06 18:02 - 00000000 ____D C:\Users\admin1\Desktop\FB English 101 Class
2017-06-05 18:29 - 2017-06-05 18:29 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-05 18:29 - 2017-06-05 18:29 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-05 18:29 - 2017-06-05 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-05 18:29 - 2017-06-05 18:29 - 00000000 ____D C:\Program Files\CCleaner
2017-06-05 18:28 - 2017-06-05 18:28 - 09551280 _____ (Piriform Ltd) C:\Users\admin1\Desktop\ccsetup530.exe
2017-06-05 17:33 - 2017-06-05 17:33 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-06-05 17:18 - 2017-06-05 17:34 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-05 17:17 - 2017-06-05 17:17 - 11584088 _____ (SurfRight B.V.) C:\Users\admin1\Desktop\hitmanpro_x64.exe
2017-06-05 16:27 - 2017-06-21 16:50 - 00111035 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-05 16:27 - 2017-06-20 18:21 - 00057128 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-05 16:27 - 2017-06-20 18:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-05 16:26 - 2017-06-05 16:26 - 05774688 _____ (Zemana Ltd. ) C:\Users\admin1\Desktop\Zemana.AntiMalware.Setup.exe
2017-06-05 16:26 - 2017-06-05 16:26 - 00000000 ____D C:\Users\admin1\AppData\Local\Zemana
2017-05-27 18:46 - 2017-06-19 09:02 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-27 18:46 - 2017-06-19 09:02 - 00004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-27 18:45 - 2017-06-16 08:33 - 00000000 ____D C:\Users\admin1\AppData\Local\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-21 16:24 - 2016-12-25 00:06 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4125187598-2613234932-3738395790-1002
2017-06-21 16:19 - 2017-01-28 11:25 - 00003168 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 16:19 - 2017-01-28 11:25 - 00002307 _____ C:\Users\admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-06-21 16:19 - 2017-01-26 16:07 - 00003176 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4125187598-2613234932-3738395790-1002
2017-06-21 15:37 - 2017-01-11 11:42 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D93671C3-3939-4FAD-9323-18149092C452}
2017-06-21 09:21 - 2017-02-25 17:03 - 00000000 ___RD C:\Users\admin1\Google Drive
2017-06-21 09:21 - 2016-12-25 10:22 - 00000000 __SHD C:\Users\admin1\IntelGraphicsProfiles
2017-06-20 18:18 - 2016-12-25 02:45 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-20 18:18 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-20 18:17 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-06-20 18:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-20 11:51 - 2017-01-16 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-20 11:23 - 2017-01-26 16:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-20 11:23 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 11:12 - 2017-02-15 09:50 - 00000000 ____D C:\ProgramData\ProductData
2017-06-19 10:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-19 09:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 09:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-19 09:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-19 08:55 - 2016-12-25 02:53 - 00000000 ____D C:\Users\admin1
2017-06-19 08:51 - 2013-08-22 09:44 - 00403880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-16 10:19 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-16 08:33 - 2016-12-24 16:47 - 00000000 ____D C:\Users\admin1\AppData\Roaming\Adobe
2017-06-16 08:20 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 08:18 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-16 08:17 - 2016-12-24 21:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-16 08:14 - 2016-12-24 21:38 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 06:27 - 2017-04-11 12:37 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-14 06:27 - 2017-04-11 12:37 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-14 06:27 - 2017-04-11 12:37 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-13 20:35 - 2017-04-10 10:04 - 00000000 ____D C:\Users\admin1\AppData\LocalLow\Mozilla
2017-06-06 18:59 - 2017-01-16 19:05 - 00000000 ____D C:\Users\admin1\Desktop\doTERRA
2017-06-06 18:11 - 2014-11-21 03:44 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-06 18:08 - 2016-12-24 16:46 - 00000000 ____D C:\Users\admin1\AppData\Local\Packages
2017-06-06 17:41 - 2017-01-16 19:05 - 00000000 ____D C:\Users\admin1\Desktop\Memes
2017-06-06 07:24 - 2017-04-10 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-05 18:32 - 2016-12-25 04:40 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-05 17:40 - 2017-03-05 21:12 - 00000000 ____D C:\Users\admin1\AppData\Local\Microsoft Help
2017-06-05 12:19 - 2017-04-10 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-02 21:31 - 2017-05-10 07:09 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 21:31 - 2017-05-10 07:09 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 19:21 - 2017-02-25 16:06 - 00000000 ____D C:\Users\admin1\AppData\Local\ElevatedDiagnostics
2017-05-30 15:45 - 2017-02-15 10:01 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2017-02-11 17:33 - 2017-02-11 17:33 - 0003584 _____ () C:\Users\admin1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 15:45 - 2013-06-01 15:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-01 15:42 - 2013-06-01 15:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-01 15:42 - 2013-06-01 15:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-01 15:41 - 2013-06-01 15:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-01 15:43 - 2013-06-01 15:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-20 11:48
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by admin1 (21-06-2017 16:51:28)
Running from C:\Users\admin1\Desktop
Windows 8.1 (Update) (X64) (2016-12-25 15:22:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin new (S-1-5-21-4125187598-2613234932-3738395790-1003 - Administrator - Enabled) => C:\Users\admin new
admin1 (S-1-5-21-4125187598-2613234932-3738395790-1002 - Administrator - Enabled) => C:\Users\admin1
Administrator (S-1-5-21-4125187598-2613234932-3738395790-500 - Administrator - Disabled)
Guest (S-1-5-21-4125187598-2613234932-3738395790-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{F5BC7030-7BC1-4D2B-A75C-6528B7AE2A22}) (Version: 2.8.10.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.10.0 - Alienware Corp.) Hidden
Alienware Digital Delivery (HKLM-x32\...\{4B3230C5-F069-416B-9169-1B84A216ED6A}) (Version: 2.5.1400.0 - Dell Products, LP)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.1.4C - )
Alienware On-Screen Display (x32 Version: 0.32.1.4C - ) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG3000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3000_series) (Version: 1.02 - Canon Inc.)
Canon MG3000 series On-screen Manual (HKLM-x32\...\Canon MG3000 series On-screen Manual) (Version: 1.2.0 - Canon Inc.)
Canon MG3000 series User Registration (HKLM-x32\...\Canon MG3000 series User Registration) (Version:  - ‭Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.1.1.6338 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 en-US)) (Version: 52.1.1 - Mozilla)
NVIDIA 3D Vision Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sound Blaster Recon3Di (HKLM-x32\...\{FEF74F43-9C01-46CC-8A28-43BBBBB8C6B2}) (Version: 1.00.15 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0028 - ST Microelectronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TrojanHunter 6.2 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.2 - Bytelayer AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Zoom (HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\admin1\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3024F6E8-8AC0-4A76-95CA-B0558C4BB4CD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {322E1A29-9531-420A-ADAC-6AE59486D300} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {3EA6440B-03BC-4EDA-8FAB-346E7E90EF97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {44215963-0317-40BF-AB9E-476C2E263735} - System32\Tasks\Uninstaller_Install_admin1 => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
Task: {4EE1A078-92CA-4935-845A-B0454531CE54} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {543A6011-AFF6-434A-B074-C8201728B91D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {60EFE4E4-8246-42F1-996B-598DC8A45F53} - System32\Tasks\Driver Booster SkipUAC (admin1) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {627880C7-6494-4577-81DF-F245188DB33C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {78BD883C-9A20-45F4-A0BC-E299FC14D305} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7A53CFBB-E188-4452-815F-0C1CBB08754C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-19] (Adobe Systems Incorporated)
Task: {8DF7EFE5-DD91-4D58-883D-34CE37C4D7FA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {9BC0521B-6E03-40A9-A84C-3ABB2F854A42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {9FA2A4A4-8F88-4D88-A89B-CBFDFECFF7C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {A3D00E17-8A1E-47D2-A1E7-86A7F92F6152} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {A97412E9-86A0-4449-8410-67928270B891} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-19] (Adobe Systems Incorporated)
Task: {B5877F13-BD81-4BF2-8F66-A8B49FEC0625} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {BBE457CA-376E-44A5-AC5F-DFD4427B6053} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {D7530D70-EF12-45DF-BF54-E311290A5063} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {DD665B30-DD0E-4422-90E0-5C731E7C452A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E36A1F0D-1A0D-403B-829B-AB25333FF8BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_admin1.job => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 16:01 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-01 15:43 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-06-20 11:51 - 2017-06-20 12:00 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-09-11 14:02 - 2015-09-11 14:02 - 00020808 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-12-25 02:45 - 2015-08-07 12:28 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-21 23:16 - 2017-01-31 07:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-15 16:51 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 16:51 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2013-01-21 21:40 - 2013-01-21 21:40 - 01546576 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2017-02-15 09:50 - 2016-03-31 18:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2013-03-13 16:33 - 2013-03-13 16:33 - 00109576 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-10 13:15 - 2017-05-10 13:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\a84b76a7e963e66443ac22457490ec3c\PSIClient.ni.dll
2009-12-18 13:07 - 2009-12-18 13:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2015-09-11 14:02 - 2015-09-11 14:02 - 00020624 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00098816 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32api.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00110080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pywintypes27.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00364544 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pythoncom27.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00320512 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32com.shell.shell.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00914432 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_hashlib.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01176576 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._core_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00806400 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._gdi_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00816128 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._windows_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01067008 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._controls_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00733184 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._misc_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00682496 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pysqlite2._sqlite.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00088064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_ctypes.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00686080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\unicodedata.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00119808 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32file.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00108544 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32security.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00007168 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\hashobjs_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00017920 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\thumbnails_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00088064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\usb_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00012800 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\common.time34.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00018432 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32event.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00167936 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32gui.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00046080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_socket.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01303552 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_ssl.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00128512 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_elementtree.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00127488 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pyexpat.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00038912 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32inet.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00036864 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_psutil_windows.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00524248 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\windows._lib_cacheinvalidation.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00011264 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32crypt.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00123392 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._wizard.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00077312 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._html2.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00027648 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_multiprocessing.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00020480 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_yappi.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00035840 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32process.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00078848 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._animate.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00024064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32pipe.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00010240 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\select.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00025600 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32pdh.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00017408 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32profile.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00022528 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32ts.pyd
2013-06-01 15:42 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\admin1\Desktop\richards_snow1resized.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AE187273-4529-41BB-9A83-F82A96ADE692}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5C0C42BC-C148-44A7-83D2-72A2827FF410}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{1BB83542-B718-4FE5-A142-A0E5B3A5D290}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AC27B900-62BE-4FC0-97F6-AF74C3068AC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F766B4C9-F481-4600-B93A-BC4EAFD7CE82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{678A7DA4-9969-4CF3-824B-7FF2F43DDED3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2BB0CE2B-FA15-4F9B-892F-7B635DAB41DA}] => (Allow) C:\Users\admin1\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4640A3D5-1257-4995-B810-7274A1A959BC}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5B649856-E59C-4FD3-A8E8-FC0AA1F68C94}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4D571E8D-B95D-403D-9ED4-271843324EFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90430440-76E7-4554-B0A8-937276F5B3EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5BEED633-32E9-4E57-8154-BB4C4EB8A42E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09B1B502-E79E-4BCF-BFFF-4DB8AEE3ED14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADB39FB1-E238-40E5-B99E-CA4826DB9F88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E476449-5DA6-4FFB-B19E-5BD029C60890}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
05-06-2017 17:32:56 Checkpoint by HitmanPro
13-06-2017 09:50:36 Scheduled Checkpoint
20-06-2017 18:13:40 Installed iTunes
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2017 09:50:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl1f72e3d3.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000048c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000092DB02ECF0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e6c,(null),0,REG_BINARY,000000ED06ADDB90.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {0ecb4657-d4c7-4b7f-a9a1-328ed221ba80}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008d4,(null),0,REG_BINARY,000000CF40BADE10.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {2cd64f96-8010-4332-90f9-2b7638b8e462}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003d0,(null),0,REG_BINARY,000000FD2784E270.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {812847e4-0290-472c-b3af-c4ec7dfac6ca}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000022c,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000092DC7BE6E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ea54ebad-7b1b-4b21-a0d5-c69f25be4a01}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e6c,(null),0,REG_BINARY,000000ED06ADDB90.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {0ecb4657-d4c7-4b7f-a9a1-328ed221ba80}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008d4,(null),0,REG_BINARY,000000CF40BADE10.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {2cd64f96-8010-4332-90f9-2b7638b8e462}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000092DB35EB70.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {784fae08-929d-4887-9d30-a01eacd4aa71}
 
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000092DC6BF280.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {dfe44516-3f0b-466f-a22a-1cab456018b8}
 
 
System errors:
=============
Error: (06/21/2017 09:33:49 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/21/2017 09:33:19 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (06/20/2017 06:21:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/20/2017 12:33:28 PM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/20/2017 11:49:24 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/20/2017 11:48:53 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (06/20/2017 11:12:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (06/19/2017 10:13:25 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/19/2017 10:08:31 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/19/2017 10:08:01 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8071.27 MB
Available physical RAM: 4811.41 MB
Total Virtual: 8679.27 MB
Available Virtual: 5084.5 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.86 GB) (Free:383.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 490E6FE7)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Zeus has also been used to trick victims of tech support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all.

Is that what you actually had, a pop up message telling you that the computer was infected with Zeus and to call a certain number ?

Someone had Advanced system care installed. Unnecessary program for Windows. I'm removing some left over entries from it. Other that that there's not much to see here

Next
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> DefaultScope {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
U0 aswVmm; no ImagePath
2013-06-01 15:45 - 2013-06-01 15:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-01 15:42 - 2013-06-01 15:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-01 15:42 - 2013-06-01 15:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-01 15:41 - 2013-06-01 15:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-01 15:43 - 2013-06-01 15:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Task: {322E1A29-9531-420A-ADAC-6AE59486D300} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)  
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\AV\avast
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {543A6011-AFF6-434A-B074-C8201728B91D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {44215963-0317-40BF-AB9E-476C2E263735} - System32\Tasks\Uninstaller_Install_admin1 => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
C:\Program Files (x86)\IObit
Task: {60EFE4E4-8246-42F1-996B-598DC8A45F53} - System32\Tasks\Driver Booster SkipUAC (admin1) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_admin1.job => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
FirewallRules: [{4640A3D5-1257-4995-B810-7274A1A959BC}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5B649856-E59C-4FD3-A8E8-FC0AA1F68C94}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Howdy, zep516! Yes, that is exactly what I saw. I have a screenshot of it, if you want it.

 

I will continue with the instructions you gave me.


  • 0

#4
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by admin1 (22-06-2017 10:19:25) Run:1
Running from C:\Users\admin1\Desktop
Loaded Profiles: admin1 (Available Profiles: admin1 & admin new)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> DefaultScope {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
U0 aswVmm; no ImagePath
2013-06-01 15:45 - 2013-06-01 15:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-01 15:42 - 2013-06-01 15:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-01 15:42 - 2013-06-01 15:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-01 15:41 - 2013-06-01 15:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-01 15:43 - 2013-06-01 15:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Task: {322E1A29-9531-420A-ADAC-6AE59486D300} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)  
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\AV\avast
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {543A6011-AFF6-434A-B074-C8201728B91D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {44215963-0317-40BF-AB9E-476C2E263735} - System32\Tasks\Uninstaller_Install_admin1 => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
C:\Program Files (x86)\IObit
Task: {60EFE4E4-8246-42F1-996B-598DC8A45F53} - System32\Tasks\Driver Booster SkipUAC (admin1) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_admin1.job => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
FirewallRules: [{4640A3D5-1257-4995-B810-7274A1A959BC}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5B649856-E59C-4FD3-A8E8-FC0AA1F68C94}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D354F82-4671-4B84-8209-5271B8C3AA4C} => key removed successfully
HKLM\Software\Classes\CLSID\{3D354F82-4671-4B84-8209-5271B8C3AA4C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
ZAM_Guard => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{322E1A29-9531-420A-ADAC-6AE59486D300} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322E1A29-9531-420A-ADAC-6AE59486D300} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => No running process found
"C:\Program Files\Common Files\AV\avast" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{543A6011-AFF6-434A-B074-C8201728B91D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{543A6011-AFF6-434A-B074-C8201728B91D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44215963-0317-40BF-AB9E-476C2E263735} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44215963-0317-40BF-AB9E-476C2E263735} => key removed successfully
C:\WINDOWS\System32\Tasks\Uninstaller_Install_admin1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_Install_admin1 => key removed successfully
C:\Program Files (x86)\IObit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60EFE4E4-8246-42F1-996B-598DC8A45F53} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60EFE4E4-8246-42F1-996B-598DC8A45F53} => key removed successfully
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (admin1) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (admin1) => key removed successfully
C:\WINDOWS\Tasks\Uninstaller_Install_admin1.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4640A3D5-1257-4995-B810-7274A1A959BC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B649856-E59C-4FD3-A8E8-FC0AA1F68C94} => value removed successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78747056 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 6036987 B
Edge => 0 B
Chrome => 527237709 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 23388 B
NetworkService => 346984 B
UpdatusUser => 0 B
admin1 => 85165263 B
admin new => 2424307 B
 
RecycleBin => 78899010 B
EmptyTemp: => 750.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:20:20 ====

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#6
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
# AdwCleaner v6.047 - Logfile created 23/06/2017 at 11:56:48
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : admin1 - ADMIN
# Running from : C:\Users\admin1\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\admin1\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\admin1\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1319 Bytes] - [23/06/2017 11:56:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1584 Bytes] - [23/06/2017 11:55:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1465 Bytes] ##########

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hello,

Let me know if there is any better performance now.

Thanks
Joe :)
  • 0

#8
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

The latest annoyance had been the FB business page freezing. I have to do some work on it today, so I'll let you know at the end of the day! 

 

(I wanted to post the thumbs up emoji, but a popup said I'm not allowed to use it.  :unsure: )


  • 0

#9
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Everything seems to be running smoothly! Thank you!


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
You're welcome and thank you very much !

You may delete the programs we downloaded.
Right click and delete and all associated log files that were generated.

Thanks
Joe :)
  • 0

Advertisements


#11
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Plah. My FB business page keeps freezing still. Is this a browser thing? I cleared the cache again, but it didn't help. It's the only thing freezing as of right now. Any advice on what to look for?


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
It could be a browser related issue. Try another browser for now.

You might also reset the current browser you're using

To do that

https://www.howtogee...fault-settings/
  • 0

#13
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

:(  It didn't work. And it's just the FB business page. No other FB pages. No other web pages. Could it be something at their end? Or should I keep looking at mine?


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
This looks like something on their end. Do you have another computer you could try it on just for fun ?


Anything here helpful,

https://www.facebook...206306160531368
  • 0

#15
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Yes, that's pretty much what I've been seeing. I just emailed them at "Report a Problem". At least they seem to be aware of it and are working to get it fixed. I can be patient. Thank you again!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP