Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Firefox/Yahoo Mail Freeze....virus or?

Started by redleader74 , Jan 29 2018 12:24 PM

Please log in to reply

#1
redleader74

Posted 29 January 2018 - 12:24 PM

Member

Member
195 posts

So I am having trouble with my Firefox and/or Yahoo Mail again. I'm not sure which one is causing the problem, but the behavior is very similar to the last time I encountered this:

http://www.geekstogo...fox-zeus-virus/

Again, Firefox starts slowing down to where it completely freezes, active processes for Firefox skyrocket to ~900MB+. Last Friday my Firefox crashed and started to reinstall itself so I'm not sure if that has something to do with it or if maybe that was the result of a virus. Also, because of last week's crash and reinstall, I also now no longer had adblocker on my Firefox.

Anyway, not sure which step to take first....thanks for the help in advance!

#2
RKinner

Posted 31 January 2018 - 02:54 PM

Malware Expert

Expert
24,625 posts

We have had several complaints of Yahoo causing problems. It appears that their ads are at fault. Get the Ublock Origin extension and see if that helps.

https://addons.mozil.../ublock-origin/

If not then post your FRST logs:

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
redleader74

Posted 31 January 2018 - 05:05 PM

Member

Topic Starter
Member
195 posts

Ok thanks. I just added Ublock Origin and we'll see how it goes.

Although, I did have Ublock Origin installed and running when this most recent crash happened. I've been also running Yahoo mail on Chrome and the same crash happened, the Yahoo mail screen turned into this (see attached image). So it does seem like it's Yahoo mail related, as you point out. Interestingly, I'm also running Yahoo mail on IE9 and because Yahoo Mail no longer supports IE9, I'm running it in basic mode and have had no problems/crashes/freezes/virus-suspects.

Attached Thumbnails

#4
RKinner

Posted 31 January 2018 - 10:17 PM

Malware Expert

Expert
24,625 posts

That's a bogus window and not related to Yahoo. We see those sometimes when a website has been compromised. It's probably not on your PC tho it is possible that a compromised website might try to infect your PC with something so best not to stay on the site too long. I don't like to click on a page like that and sometimes they won't let you close the browser anyway so I right click on the clock and bring up Task Manager and use it to close the browser. (Don't let it restore when you bring it back up).

The URL: 159.89.188.193 belongs to:

OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: 10th Floor
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2017-07-03
Comment: http://www.digitalocean.com
Comment: Simple Cloud Hosting
Ref: https://whois.arin.net/rest/org/DO-13

Looks like a website hosting service. You might want to send a copy of the window to their abuse address:

OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse<%]digitalocean.com (assume that's [email protected])

so they can tell their client that the site has been compromised.

This info from: http://www.whois365.com

Probably best to do the FRST scan and post both logs so I can make sure there is nothing wrong.

#5
redleader74

Posted 01 February 2018 - 11:18 AM

Member

Topic Starter
Member
195 posts

Thanks, here are the FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Kwong (administrator) on KWONGCHANG-PC (01-02-2018 09:13:50)
Running from C:\Users\Kwong\Desktop
Loaded Profiles: Kwong (Available Profiles: Kwong)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\IN0XRCV.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SS0XRCV.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Applied Systems, Inc.) C:\Users\Kwong\AppData\Local\Apps\2.0\R7V3M6OG.QDR\QZ9DNJRC.WK7\appl..tion_91ebb94d4de0a4e5_0001.0002_5d0bee18fda4dab7\AppliedOnlineUploadCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [IN0XRCV] => C:\Windows\system32\spool\drivers\x64\3\IN0XRCV.exe [102400 2006-10-19] (SHARP CORPORATION)
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Applied TAMOnline (2).lnk [2015-10-07]
ShortcutTarget: Applied TAMOnline (2).lnk -> C:\Users\Kwong\Documents\VTAM1TAMOnline.RDP ()
InternetURL: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Solutions Webmail.website -> URL: hxxps://webmail.networksolutionsemail.com/edgedesk/cgi-bin/global.exe?id=018ba005b1f9993d8b12852f8007540f2b29&xsl=sso.xsl
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pleasant Log.doc - Shortcut.lnk [2017-02-15]
ShortcutTarget: Pleasant Log.doc - Shortcut.lnk -> C:\Users\Kwong\Desktop\Pleasant Log.doc ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{19550974-7148-45F2-824D-08A491D5376E}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5D791FDA-61B7-4A36-AFF6-A7BEB976ED58}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{F3B3039B-9D6A-4152-9DFD-4F58BD0B5BFA}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2726765177-3793255156-395904341-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-31] (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://gis.ci.fremont.ca.us/public/install/mgaxctrlsp1.cab

FireFox:
========
FF DefaultProfile: o0026yy1.default-1517017002407
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407 [2018-02-01]
FF Homepage: Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407 -> www.google.com
FF Extension: (uBlock Origin) - C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407\Extensions\[email protected] [2018-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2726765177-3793255156-395904341-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Kwong\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-16] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-10]
CHR Extension: (YouTube) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-10]
CHR Extension: (Sheets) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-02]
CHR Extension: (Gmail) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8422760 2011-10-05] (DisplayLink Corp.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.0.32700.0.sys [17408 2012-12-19] (hxxp://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S1 MpKsl84621d77; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC27264D-4830-4FFF-8322-8B5A0AA58795}\MpKsl84621d77.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-01 09:13 - 2018-02-01 09:16 - 000015270 _____ C:\Users\Kwong\Desktop\FRST.txt
2018-02-01 09:13 - 2018-02-01 09:13 - 002393088 _____ (Farbar) C:\Users\Kwong\Desktop\FRST64.exe
2018-01-31 14:23 - 2018-01-31 17:18 - 003054614 _____ C:\Users\Kwong\Desktop\2018-01-31 Quote.pdf
2018-01-25 17:17 - 2018-01-25 17:17 - 000081398 _____ C:\Users\Kwong\Desktop\2012-2013 WC Policy (Gospel Ops).pdf
2018-01-19 10:40 - 2018-01-19 10:40 - 000172528 _____ C:\Users\Kwong\Desktop\Domain Names, Web Hosting and Online Marketing Services _ Network Solutions.pdf
2018-01-19 09:42 - 2018-01-19 09:42 - 000009992 _____ C:\Users\Kwong\Desktop\HA00151852144 (2018 REN).pdf
2018-01-19 09:41 - 2018-01-19 09:41 - 000009945 _____ C:\Users\Kwong\Desktop\HA00151852143 (2017 REN).pdf
2018-01-11 16:29 - 2018-01-11 16:29 - 000032079 _____ C:\Users\Kwong\Desktop\FormGenerationServlet.pdf
2018-01-09 14:18 - 2018-01-09 14:18 - 000044423 _____ C:\Users\Kwong\Desktop\6.pdf
2018-01-05 15:33 - 2018-01-30 11:07 - 000000000 ____D C:\Users\Kwong\Desktop\TSE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-01 09:13 - 2017-08-30 13:52 - 000000000 ____D C:\FRST
2018-02-01 09:07 - 2012-12-20 10:41 - 000000000 ____D C:\Users\Kwong\AppData\Local\Deployment
2018-02-01 09:06 - 2016-12-06 09:06 - 000000000 ____D C:\Users\Kwong\AppData\LocalLow\Mozilla
2018-02-01 09:04 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 17:29 - 2017-09-08 14:39 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2018-01-31 17:18 - 2012-12-20 12:28 - 000000000 ____D C:\Users\Kwong\AppData\Local\CutePDF Writer
2018-01-31 16:24 - 2017-09-08 14:39 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2018-01-31 09:30 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-31 09:30 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 09:11 - 2017-10-12 08:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-29 09:11 - 2012-12-21 17:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-23 10:58 - 2010-11-20 19:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 17:36 - 2012-10-26 11:39 - 000000000 ____D C:\Users\Kwong
2018-01-19 13:58 - 2017-06-27 11:29 - 000000000 ____D C:\Users\Kwong\AppData\Roaming\iMazing
2018-01-18 10:11 - 2017-07-10 13:16 - 000000000 ____D C:\Users\Kwong\AppData\Local\GoToMeeting
2018-01-18 10:11 - 2015-07-02 14:08 - 000003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000
2018-01-18 10:11 - 2015-07-02 14:08 - 000003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000
2018-01-12 14:38 - 2012-12-26 09:15 - 000000000 ____D C:\Users\Kwong\Documents\Outlook Files
2018-01-12 14:38 - 2012-12-19 20:19 - 000000000 ____D C:\Users\Kwong\Documents\Mail Archives
2018-01-09 10:51 - 2017-11-30 15:28 - 000004484 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 10:51 - 2015-06-04 08:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 10:51 - 2012-10-05 01:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 10:51 - 2012-10-05 01:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 10:51 - 2012-10-05 01:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 10:51 - 2012-10-05 01:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 10:01 - 2012-12-28 14:24 - 000000000 ____D C:\ProgramData\ThumbsPlus
2018-01-09 09:49 - 2012-12-28 14:25 - 000000000 ____D C:\Users\Kwong\AppData\Roaming\ThumbsPlus
2018-01-09 09:24 - 2016-11-10 17:05 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-12-11 17:47 - 2012-12-11 17:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe
2012-12-12 14:14 - 2012-12-12 14:14 - 000001855 _____ () C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe.config
2014-11-05 09:35 - 2014-11-05 09:35 - 000002316 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTP.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000001766 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTPS.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000099010 _____ () C:\Users\Kwong\AppData\Roaming\HKCUIS.reg
2014-11-05 09:36 - 2014-11-05 09:36 - 000008920 _____ () C:\Users\Kwong\AppData\Roaming\HKCUMAIN.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000001346 _____ () C:\Users\Kwong\AppData\Roaming\HKCUNW.reg
2014-11-05 09:36 - 2014-11-05 09:36 - 000000662 _____ () C:\Users\Kwong\AppData\Roaming\HKCUPF.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000024032 _____ () C:\Users\Kwong\AppData\Roaming\HKCUTAB.reg
2017-03-21 08:17 - 2017-03-21 08:17 - 000000000 _____ () C:\Users\Kwong\AppData\Local\{93D3AA8F-D0E9-4774-B2A4-95F4BE620C77}

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 12:51

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Kwong (01-02-2018 09:16:39)
Running from C:\Users\Kwong\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-26 19:39:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2726765177-3793255156-395904341-500 - Administrator - Disabled)
Guest (S-1-5-21-2726765177-3793255156-395904341-501 - Limited - Disabled)
Kwong (S-1-5-21-2726765177-3793255156-395904341-1000 - Administrator - Enabled) => C:\Users\Kwong

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version: - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
arc_setup_west (HKLM-x32\...\{C2CFBD0F-B632-417B-9656-3DF8D7C7D475}) (Version: 1.0 - InstallAware Software Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7820N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)
Driving Recorder Player (HKLM-x32\...\{197DB879-DBD3-41CD-8550-2FF7F06C83C9}) (Version: 1.0.4898.21771 - Archlink Technology Corporation)
Driving Recorder Player (HKLM-x32\...\{D329F868-66B6-4F03-BE4E-57413957188E}) (Version: 1.0.5728.20341 - Archlink Technology Corporation)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
iMazing 2.2.8.0 (HKLM\...\iMazing_is1) (Version: 2.2.8.0 - DigiDNA)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 58.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 58.0 (x86 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oce cm2510/4010 Series PC-Fax Driver (HKLM-x32\...\Oce cm2510 4010 Series PC-Fax Driver) (Version: 1.00.000 - Oce)
Oce cm2510/4010 Series PCL/PS Printer Driver (HKLM-x32\...\Oce cm2510/4010 Series PCL PS Printer Driver) (Version: 1.00.000 - Oce)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.4.0.0 - den4b Team)
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{7A1354BD-FD99-414A-AA13-C6E9F4DB8BD8}) (Version: 4.6.01.09 - triCerat, Inc.)
SHARP Driver Uninstall Tool (HKLM-x32\...\SHARP Driver Uninstall Tool) (Version: 1.0.0.0 - SHARP CORPORATION)
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX-2610/3110/3610/4110/5110 Series PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks)
ThumbsPlus (HKLM-x32\...\{9D7C721E-9861-4994-A91E-2E219CC4A7FD}) (Version: 9.0.0.3920 - Cerious Software Inc.) Hidden
ThumbsPlus (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\ThumbsPlus) (Version: - Cerious Software Inc.)
Travelers AgentBrowserConfiguration (HKLM-x32\...\{15E5B0F4-3E84-4EB1-B5C9-EC618B339FD6}) (Version: 1.0.55.0 - Travelers, Inc.)
VChannelClient (HKLM-x32\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {0DF9C426-5517-45EE-8F88-6E007C472BCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2796FA55-D57F-4421-B3C5-132F0F3A5ED5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {2796FA55-D57F-4421-B3C5-132F0F3A5ED5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {4B258667-A8AA-4CDB-A50A-B17EA1D83CB3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {753EAA4F-3634-4D00-9F8E-3725AD4D86F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {925065EA-9C8C-4C37-B879-95C3F5725F3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {97B20DCE-D8AD-4B1B-BA22-7131122E11AB} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {9D46A589-E60B-4DF8-B5FB-BC2BBC52DF8F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9D46A589-E60B-4DF8-B5FB-BC2BBC52DF8F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {A6AD2451-9CFD-4490-B96D-211559EF2201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B6607889-7BEE-4D81-ADB8-4A5CC7208E6A} - System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-18] (LogMeIn, Inc.)
Task: {C2C4BF10-BFCB-436C-8996-FE7397AF84F0} - System32\Tasks\{C38373DC-3F42-45E9-9D07-8C1F74540BDE} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {D11CB6C1-6BDA-45C3-85B7-83E467691304} - System32\Tasks\{F767F846-DFE5-430A-B318-CE69AE9CEA1C} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {E105279E-1290-4F58-B548-FDBCF2DE4F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E47EFA4E-3D2D-48DF-8036-B98FD69C1EC0} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe
Task: {F76B2136-3462-47FA-A1DE-64BA80FF3515} - System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-18] (LogMeIn, Inc.)
Task: {FD5DCE66-BB04-41B3-9CFE-EA7D67746298} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {FD5DCE66-BB04-41B3-9CFE-EA7D67746298} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-10-26 14:36 - 2009-11-05 07:40 - 000085504 _____ () C:\Windows\System32\cpwmon64.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-05 02:35 - 2011-06-10 10:36 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 02:05 - 2017-05-09 02:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 02:05 - 2017-05-09 02:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2012-10-26 14:37 - 2005-04-22 12:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 004297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.scr: => <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\csespi.com -> spinn.csespi.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\isohomevalue.com -> isohomevalue.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\safeco.com -> hxxps://safeco.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxp://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxps://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxp://travelerspc.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxps://travelerspc.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{CA6841FB-ED68-4BA6-9A26-C9BE1B763599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BCE76975-7798-4DCB-9304-6F7571AAD2D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{92C0C9CF-6A45-49EE-B9F3-55B6E8B2A00C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F472B530-5A0F-48E4-AE7D-920633B35CF7}] => (Allow) LPort=2869
FirewallRules: [{04A70910-C3A6-4F24-9059-9F9823E47749}] => (Allow) LPort=1900
FirewallRules: [{80466809-D1EA-474E-B840-4D0259F0640D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4F8A948D-C553-4B73-AC13-892FE35E41A2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E1B766CF-0017-40FE-8CF5-9364144C1FE5}] => (Allow) LPort=61117
FirewallRules: [{71ADF70D-538D-4774-8D15-56BFB11C81BA}] => (Allow) LPort=61116
FirewallRules: [{BCF45379-2452-486A-BA0D-7EF5EFABF893}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{EAFA016F-92D0-40B8-BE51-8A9705F458EC}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [UDP Query User{52507263-56A4-4BD2-94B5-213991BF7A51}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [TCP Query User{E4F22D58-35CE-4E05-9D5A-C2346C97C115}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9B8E092D-78BB-417D-8C74-DCEEBDEF6B1D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{91F590D9-CBC7-4190-8C16-BF93119685A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0748FE5-6DA0-4BD2-B2F2-E1E93807A3DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B10FFABC-821A-44F8-959F-F74DB34703D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE94C274-C86F-4223-86BB-D531DA0A6FDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B418E4-A7E1-4D12-8E21-B0ACAF30F3CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{805370A1-B3D2-4409-8004-69189EBFE94B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56C56AF7-B99B-43F2-93D8-343E3C4F0927}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D22085-531B-4F24-9BDC-2941E6EB20AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-01-2018 09:23:42 Windows Update
16-01-2018 08:38:08 Windows Update
19-01-2018 09:18:36 Windows Update
22-01-2018 10:37:55 Windows Update
25-01-2018 12:00:42 Windows Update
29-01-2018 09:22:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: MpKsl84621d77
Description: MpKsl84621d77
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl84621d77
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2018 09:06:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/31/2018 09:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2018 08:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2018 09:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/26/2018 09:11:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/25/2018 11:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/24/2018 09:09:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/24/2018 09:09:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mstsc.exe, version: 6.1.7601.18540, time stamp: 0x53c72529
Faulting module name: mstscax.dll, version: 6.1.7601.18918, time stamp: 0x55a004fd
Exception code: 0xc0000005
Fault offset: 0x00000000001a326c
Faulting process id: 0x%9
Faulting application start time: 0xmstsc.exe0
Faulting application path: mstsc.exe1
Faulting module path: mstsc.exe2
Report Id: mstsc.exe3

Error: (01/22/2018 10:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2018 01:29:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

System errors:
=============
Error: (01/31/2018 09:18:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/31/2018 09:18:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/31/2018 09:18:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (01/31/2018 09:13:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (01/30/2018 03:48:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (01/29/2018 09:12:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (01/26/2018 09:11:11 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/24/2018 09:08:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (01/24/2018 09:08:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (01/23/2018 08:30:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 89%
Total physical RAM: 1959.06 MB
Available physical RAM: 211.14 MB
Total Virtual: 3918.12 MB
Available Virtual: 1934.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.16 GB) (Free:112.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 4B1A5462)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6
RKinner

Posted 01 February 2018 - 03:04 PM

Malware Expert

Expert
24,625 posts

i don't see any malware but it looks like MSE may not be working correctly. I would download a new copy, uninstall the old reboot and install the new.

Also uninstall Bonjour.

You have two services which are not working.

Search for

services.msc

hit Enter. This should open up the Services Window.

Scroll down to

Google Update Service

right click and select Properties. change the startup type to Manual. OK

Now find

Windows Media Play Network Sharing

right click and select Properties. Change Startup Type: to Disabled.

These errors:

Error: (01/30/2018 03:48:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (01/29/2018 09:12:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

probably refer to a USB drive or a phone or something that you connect up but which is not connected now.

Next time you plug it up:

1. Double-click My Computer, and then right-click the hard disk that you want to check. Probably not C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.

Do you use Citrix Go2Meeting?

Do you use Remote Desktop Connection? If not turn it off:

https://www.lifewire...-desktop-153337

Why don't you want to update to IE11?

#7
redleader74

Posted 01 February 2018 - 03:50 PM

Member

Topic Starter
Member
195 posts

Thanks, I tried to uninstall MSE but can't find where/how to do so. I usually use Revo to uninstall things, but it doesn't show up in Revo.

#8
RKinner

Posted 01 February 2018 - 10:24 PM

Malware Expert

Expert
24,625 posts

Sorry. MSE = Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)

#9
redleader74

Posted 09 March 2018 - 07:06 PM

Member

Topic Starter
Member
195 posts

Sorry, I forgot all about this open thread. Today I got this screen again while on Yahoo Mail. Should I start the diagnostics all over again or?

Attached Thumbnails

#10
RKinner

Posted 10 March 2018 - 07:03 AM

Malware Expert

Expert
24,625 posts

It a bogus warning. Either the page you or visiting (or one of its ads) is infected or your DNS has sent you to the wrong page.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.