Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. gees I'm always late Happy Birthday!
  3. What might need to be done here is to temporarily disable Avast to run the tools that will be used. The below items need to be removed from your add/remove programs list. Chromium Browser ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option. When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them. follow the default prompts and allow it to remove all files and all configuration information related to this program. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Start Farbar Recovery Scan Tool with Administrator privileges (Right click on the FRST icon and select Run as administrator) highlight on the text below and select Copy. beginning with Start:: and finishing with End:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Highlight the entire content of the quote box below and select Copy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Start FRST (FRST64) with Administrator privileges Press the Fix button. FRST will process the lines copied above from the clipboard. When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from. Please copy and paste its contents in your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller Download the right version of RogueKiller for your Windows version (32 or 64-bit) Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete On completion, the results will be displayed Check every single entry (threat found), and click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply Please post these logs when finished.
  4. Let me apologize , I did not receive a response that you had replied, working on a fix now.
  5. Last week
  6. Hey @applemuffin and Please check this out and should you have any questions, please don't hesitate to reach out to our help desk at https://www.pcmatic.com/support/ They can also tell you what your subscription type it. Here's the how-to for installing on another computer. https://www.pcmatic.com/add-device/ Tx
  7. Sorry about the troubles yall are having with OverDriive. We're aware of the issues, are investigating and working to a solution. Thanks for your continued patience. Tx
  8. Yes, this is the message, but on my tests this will appear already in less than 3mins just after the Drive Health/Sending the Results phase ..., and sometimes even in some 5+secs! Reloading the test results you may sometimes note, that the test results have been had a chance to got sent to the database, even without the last two regular phases! One more note, there will not be any difference processing all this with IE11 as a regular user Administrator, but also logging in as a super Administrator opening it by -> cmd -> net user administrator /active:yes , and back /active:no (Note! administrator by your own language, and hopefully it do not have any unknown password ...).
  9. Hey @Lauren V. and That is mighty high ping. How are you connecting to the internet? Are you on satellite like Hughes or cable like Comcast, etc? Who's your provider and how are you connecting your pc/device to their services? Tx
  10. Hello edwin and There's no wait time to install after purchase. You're having trouble locating the download, you an re-download from https://cart.pcpitstop.com/go.asp?id=503141 Thanks for your interest in our software. Tx
  11. Hello Sharon and If you're trying to get PC Matic installed, you'll need to download it from this linkhttps://cart.pcpitstop.com/go.asp?id=503141 As well, it contains some how to videos and a link to our customer service should further help be needed. Thanks for you interest in our software! Tx
  12. is there a time to wait after purchase to install?
  13. I have purchased a new computer and need to register it. How do I do that ? My old computer was lost.
  14. Sorry for the delay justme and I see Devin replied to your other topic. I hope his response helps. Tx
  15. Hey justme, our product that is providing security is PC Matic, which is whitelist based. We only allow applications that are known good to run on the computer while all unknowns are blocked by default pre-execution. When unknowns are blocked they are then sent to our malware research team for analysis to determine if the application is good. Once marked good that is updated into our Global Whitelist so all of our users can run that application if they ever come across it. It's a unique approach compared to traditional security that would rely on blacklist signatures to block known bad applications or seeing bad behavior happen on the machine and blocking then rolling back changes.
  16. Just asking if any of the various software by Pitstop is behavior based vs signature based? Thanks
  17. It seems more and more, corporate companies are asking for behavior based malware software. Perhaps understandably?
  18. My Internet Ping Speed is 620ms and should be lower than 300ms. How do I improve this? Or can I improve this?
  19. Hi Juliet, Firstly, sincere apologies for delay in applying your solution and posting the logs. I have had all sorts of problems actually getting the problematic computer to run at all but today have managed it. The links would not work using my default browser and in the end I copied and pasted the HTTP details from the properties of the link to a different browser For future reference, Windows Defender would not allow me to run the FRST app and I had to disable it which took a little time to work out (not being a massive tech dude) but eventually I have managed it and below are the results: FRST Notepad Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019 Ran by jack (administrator) on DESKTOP-O8IQLFD (Packard Bell imedia S2870) (09-06-2019 17:33:46) Running from C:\Users\jack\Downloads Loaded Profiles: jack (Available Profiles: jack) Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-06-09] (Google LLC -> Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {45452D94-A227-443D-B941-06D26CCBC5EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {58DEFE7B-9A11-4738-B769-08EB8AC9131B} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask => {7C83C056-1D0D-4C8E-A6B0-89E79C213559} C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [191488 2019-05-01] (Microsoft Windows -> Microsoft Corporation) Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7A343A59-5C9C-4004-9E17-B1E57E933FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {8630196E-C4B3-4FCB-928C-31E7104D5C2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) Task: {908A8B3C-CE7F-4AD1-8F11-3B38B9759999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E8EF172D-5181-4F72-A7C8-917528CC7669}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {B6596B23-B583-4976-B70B-09942B51D533} - System32\Tasks\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01} => C:\WINDOWS\system32\pcalua.exe -a E:\start.exe -d E:\ Task: {BEC14D0B-64D3-46CB-B192-2681B18181E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {C5F485D0-1BB8-4F2D-8A39-45128DB0D008} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {D9ED0550-AB98-485F-A012-009BE5BF1557} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{59cf69be-9c1f-4872-8d31-66ca5a00501f}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> hxxp://www.google.co.uk/ FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.view-search.com/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Profile: C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default [2019-04-29] CHR Extension: (Slides) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10] CHR Extension: (Docs) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10] CHR Extension: (Google Drive) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10] CHR Extension: (YouTube) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] CHR Extension: (Sheets) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10] CHR Extension: (Google Docs Offline) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-24] CHR Extension: (Avast Online Security) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-29] CHR Extension: (Search Manager) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-04-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20] CHR Extension: (Gmail) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-29] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-03-05] (Intel(R) pGFX -> Intel Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-02] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-05-02] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation) S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-09-15] (Microsoft Windows -> Windows (R) Win 7 DDK provider) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2017-03-08] (Intel Corporation -> Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:33 - 2019-06-09 17:35 - 000022858 _____ C:\Users\jack\Downloads\FRST.txt 2019-06-09 17:33 - 2019-06-09 17:33 - 000000000 ____D C:\FRST 2019-06-09 17:31 - 2019-06-09 17:31 - 002417664 _____ (Farbar) C:\Users\jack\Downloads\FRST64.exe 2019-06-09 17:29 - 2019-06-09 17:29 - 001770496 _____ (Farbar) C:\Users\jack\Downloads\FRST.exe 2019-06-09 17:01 - 2019-06-09 17:01 - 000000556 _____ C:\WINDOWS\wininit.ini 2019-06-09 15:50 - 2019-01-21 16:46 - 000000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190609-155037.backup 2019-06-09 15:49 - 2019-06-09 15:49 - 000000000 ____D C:\Users\jack\AppData\Local\SlimWare Utilities Inc 2019-06-09 15:43 - 2019-06-09 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2019-06-09 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-06-09 15:43 - 2019-06-09 15:43 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2019-06-09 15:39 - 2019-06-09 15:39 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\jack\Downloads\spybotsd-2.7.64.0.exe 2019-06-09 15:37 - 2019-06-09 15:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers 2019-06-09 15:05 - 2019-06-09 15:03 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-05-17 20:30 - 2019-03-05 17:54 - 001108344 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-09 17:12 - 2019-05-01 19:57 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-09 17:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-09 17:10 - 2017-04-03 14:04 - 000000000 ____D C:\Program Files (x86)\Steam 2019-06-09 17:07 - 2017-03-05 14:37 - 000000000 __SHD C:\Users\jack\IntelGraphicsProfiles 2019-06-09 17:06 - 2019-05-01 20:03 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-06-09 17:06 - 2019-05-01 20:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-09 17:05 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-09 16:59 - 2019-05-01 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-09 16:53 - 2018-07-31 22:47 - 000000000 ____D C:\Users\jack\AppData\Local\CrashDumps 2019-06-09 16:43 - 2018-11-21 00:10 - 000000000 ____D C:\ProgramData\Packages 2019-06-09 15:56 - 2017-12-10 14:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-09 15:52 - 2018-04-20 21:47 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-06-09 15:47 - 2019-04-24 16:47 - 000000000 ___RD C:\Users\jack\Desktop\Loz 2019-06-09 15:39 - 2018-06-26 20:04 - 000000000 ____D C:\Users\jack\AppData\Local\AVAST Software 2019-06-09 15:36 - 2019-05-01 20:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001 2019-06-09 15:36 - 2019-05-01 19:46 - 000002364 _____ C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-09 15:36 - 2017-03-05 14:24 - 000000000 ___RD C:\Users\jack\OneDrive 2019-06-09 15:17 - 2019-04-24 16:02 - 000000000 ____D C:\Users\jack\AppData\Local\D3DSCache 2019-06-09 15:10 - 2019-05-01 19:46 - 000000000 ____D C:\Users\jack 2019-06-09 15:05 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-09 15:04 - 2019-03-01 17:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-06-09 15:04 - 2018-10-29 11:05 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-06-09 15:01 - 2019-01-28 19:33 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-05-17 20:37 - 2019-05-01 20:41 - 000000000 ____D C:\Windows.old 2019-05-17 20:36 - 2019-05-01 20:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-17 20:36 - 2019-05-01 20:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-17 20:26 - 2018-01-28 19:52 - 000000000 ___RD C:\Users\jack\3D Objects 2019-05-17 20:26 - 2016-11-23 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== Files in the root of some directories ======= 2018-05-07 18:49 - 2018-05-07 18:49 - 000000000 _____ () C:\Users\jack\AppData\Local\{3AE4B38E-B619-4099-86F2-2FAC96EA531A} ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019 Ran by jack (09-06-2019 17:36:03) Running from C:\Users\jack\Downloads Windows 10 Pro Version 1809 17763.475 (X64) (2019-05-01 19:05:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4127454622-3581897595-3763097022-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4127454622-3581897595-3763097022-503 - Limited - Disabled) Guest (S-1-5-21-4127454622-3581897595-3763097022-501 - Limited - Disabled) jack (S-1-5-21-4127454622-3581897595-3763097022-1001 - Administrator - Enabled) => C:\Users\jack WDAGUtilityAccount (S-1-5-21-4127454622-3581897595-3763097022-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts) Microsoft OneDrive (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.45.62.1020 - Electronic Arts Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) World of Tanks (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-09] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.5.5.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Code Writer -> C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_3.3.29.0_x64__24pqs290vpjk0 [2019-04-21] (Actipro Software LLC) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.6.0.9_x86__h6adky7gbf63m [2019-01-21] (Gameloft.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-06-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m [2019-06-09] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-05-01] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-04-29] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-01] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0 [2019-06-09] (Spotify AB) Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2017-07-10] (Ryan Tremblay) [MS Ad] Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-30] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-02-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\AppData:CSM [442] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7943 more sites. IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123simsen.com -> www.123simsen.com There are 7943 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2019-06-09 17:12 - 000454736 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15606 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{DEC7D197-3BA5-437A-9049-0D85C2363A0C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{DC3F9561-2BE9-4DB7-B6AE-34569439FE4E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{6DD80E10-C303-4768-AE8F-ABFFC6A76A0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5C146A50-4CD1-4D92-806D-F1E32BE1CC1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{7BC40AC7-1F75-4C4D-B664-D05DEE53A735}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{FE9680C6-9BCB-48F2-ACC4-F622C720ECCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{81DFC864-3FAD-4201-8AA8-1592787048AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F0617115-A03B-4A46-8CA7-B9FD5F39695D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{741172BE-D110-4CDE-A0EF-DA16327C7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{00B97100-3509-41E0-8030-659EE04C3393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{D1E91A08-98D2-405D-B044-772851BD2BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{472B6F9A-B2CF-44B3-8DC9-17E32988F23C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{1DC36F1F-DC00-4F4F-B580-DE8AA7B30378}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F667035D-6C19-43F5-968B-F8300B03DB0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{0B6FBE3B-2C9A-4121-9413-A685B39B6A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{AA41E2F4-B274-4E53-8843-FE426A1AC82A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{3BC22425-2F6C-4867-8F47-E1A940C971AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5E0B3903-ED20-4405-ADE2-8A3D2B1CBD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{471F6D60-FB2A-4987-90B7-67C9BE3AE709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{0E056B65-842E-4AF1-B97F-96E32674B8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{C9540541-E069-4C2D-857B-98B6641674F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{F50B3A5A-76E8-4860-9770-A0A27D09E994}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{234D5FEA-936F-4257-8892-B6AD49B4DBA2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{764BF0ED-23FF-4969-8342-67486B238931}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{411A9ED2-FAE3-4D31-89AF-E5FDA365EF59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{9C355290-1442-4A7E-8B2E-5B2BF5A1E036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{6C082675-089E-41B0-BE0A-452AE101FE2A}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7219AB0B-352B-4800-9E61-B732BF5EEECE}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7D3F4AFD-398D-40EC-8075-2FAD1C39427F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [{5FBA93B2-8DA0-4273-AB19-26F980D33C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{8AB97966-EA6C-44CF-9D4C-7DB6F6A735FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [UDP Query User{6F98FBD7-0ED5-4D82-AEAD-6509224A1428}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{4E0801A1-3C82-4FD3-8F7D-A064B04DFC1B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{B184455F-7786-46E4-B3FE-EAB454274F77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{971FF884-1CBC-4EB1-B11F-560E6B9B5E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{1AB033B8-57BE-46D5-BC47-F1E50ADFBB3A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{8F439E62-8E69-43A3-BE38-0A1AA124D0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{476B8BE2-5A86-4796-9FC5-5019688E9908}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{505F67D3-0DB3-420E-884D-BB6F8173AD8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{7E120442-D437-4957-9E58-2F9CF3B820BA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{4F0D2ED3-0662-4A4B-B23D-CEE138207AA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{8BB775C4-FB5D-49A4-8FF4-80A54D87ADF6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{59962D78-F343-4650-8713-C20C4E91F83B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{AD4347D5-B237-4094-8C60-3E44B338BBAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{8B28F566-D121-4A17-A80D-C7345A0AFDC3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{C4B73AF8-1A0C-41A3-8ABD-60956B9352A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{931C0DC7-C55E-4A6E-B4ED-3DB1ECC7D799}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [{8870048C-F815-4391-86CC-7621A4509FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{FF1ABA3C-5419-4D9F-A2CF-F7272C976E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{E6C10C76-B6D2-4412-92D4-C6963F500B94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{0F59AF8C-2FB3-4C19-83EA-ADA18749D4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9BC9CA88-E082-4C5B-A6D3-516D277C89A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{623E975E-15F1-4EBA-A25E-594138747853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{72F03D48-9C34-4B07-B816-77090B5F75D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{22C78244-AC29-43B3-9AB7-AF905067B853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AF4AEC1B-526F-4AA8-8791-EBF95A763AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B485EBD6-AA37-409C-A082-FCA779151D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{01806C9B-5453-4635-AE4F-3BF63887AD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 02-05-2019 17:36:27 Windows Update 09-06-2019 15:49:19 Removed Avast Driver Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2019 05:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a10 Start Time: 01d51ee01a4b78d3 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: d5683e54-0a7f-4442-816f-7e5cad887d01 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm (1).exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2304 Start Time: 01d51edda6f005bb Termination Time: 220 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 92af275e-deda-4dc5-a92d-52dc7ecdfcac Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (06/09/2019 05:24:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d14 Start Time: 01d51edf242b6b7d Termination Time: 10165 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 975f26e3-487d-405f-85cf-4b4947d9b91b Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a04 Start Time: 01d51ede77ef990a Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 6884681a-d0af-4b96-8b0c-89ac576c6c74 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:08:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:06:31 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (06/09/2019 05:10:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8IQLFD) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-O8IQLFD\jack SID (S-1-5-21-4127454622-3581897595-3763097022-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (06/09/2019 05:04:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2019-06-09 17:09:18.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 17:06:17.609 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.333 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 16:52:39.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:52:22.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:47:39.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P11-A3 02/21/2013 Motherboard: Packard Bell imedia S2870 Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 80% Total physical RAM: 3982.99 MB Available physical RAM: 781.95 MB Total Virtual: 7694.99 MB Available Virtual: 4239.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:461.32 GB) (Free:316.09 GB) NTFS Drive e: (Sims4_1) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF \\?\Volume{1059c9e4-01d1-4c84-9dc8-267f55d2fb7c}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS \\?\Volume{78f3c03f-586e-453c-b80b-c2f9daca59d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3C0F8483) Partition: GPT. ==================== End of Addition.txt ============================ Many thanks for your help and support Regards Loz
  20. Why do I always get this message No Session in Progress Possible causes: More than 20 minutes elapsed since your last activity on PC Pitstop. Our web server only keeps your results in memory for 20 minutes after the last page you loaded. If you are a registered user on the site and were looking at a set of test results, you can reload those test results.
  21. Earlier
  22. As long as the pc can be rebooted,why do that (Reinstall).
  23. Since the beginning of May, 2019 I have been having this problem. The links provided for your particular operating system aree, as in "404." Vimeo doesn't have that file. Since this is a system-wide anomaly and I am am sure by now you masterminds have found the cause and developed a fix, it is your responsibility to issue the fix in a most expeditious manner. Enough already.
  24. ok thank you I will use the other options to connect it as No power supply came with the hdd
  1. Load more activity
Click here to Read Amazon Reviews!



×
×
  • Create New...