Jump to content

SuicideSolution

Members
  • Content Count

    94
  • Joined

  • Last visited

About SuicideSolution

  • Rank
    Member

Contact Methods

  • Website URL
    http://

Profile Information

  • Location
    Suffolk, England

Previous Fields

  • Teams:
    Nothing Selected

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. p.s. I meant to say that in order to remove the 'PremierOpinion' from the computer I searched for it and found that it only seemed to appear on the start up menu so I used the remove/uninstall option from here and it seems to have gone (on face value anyway?)
  2. Hi Juliet Continued thanks for your help and support. I have followed your instructions but with a few little glitches along the way ... I removed the 4 listed items but in doing so I could not find a 'chromium' browser and so I assumed this was Google Chrome and removed that … I am not sure if that is correct? Also when trying to remove the PremierOpinion from the 'add / remove' options window, I kept getting an error message: I have uploaded a desktop image of the fault message titled 'PremierOpinion Error Message. FRST FIX LOG FILE: Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2019 Ran by jack (23-06-2019 12:52:01) Run:1 Running from C:\Users\jack\Desktop\Loz\FRST Loaded Profiles: jack (Available Profiles: jack) Boot Mode: Normal ============================================== fixlist content: ***************** Clos eP rocesses: CreateRestorePoint: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) CHR HomePage: Default -> hxxp://www.view-search.com/ CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6D A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File C:\Windows\Temp\*.* ***************** Clos eP rocesses: => Error: No automatic fix found for this entry. Restore point was successfully created. "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => removed successfully HKLM\Software\Classes\CLSID\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll" => not found "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc." => not found "C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll" => not found "Chrome HomePage" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\PremierOpinion => removed successfully PremierOpinion => service removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67326F6A-DAF4-403D-A689-0E3589ADA176}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD17905-62A1-4291-A526-FA3C48F69916}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65268CB6-BF11-4237-A176-E025C99D6D A4}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248605FB-F395-4A06-B7BC-FA98B3476600}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\chrome_installer.log => moved successfully Could not move "C:\Windows\Temp\MpCmdRun.log" => Scheduled to move on reboot. C:\Windows\Temp\sa.Microsoft.SkypeApp_kzf8qxf38zg5c_1__.Public.InstallAgent.dat => moved successfully C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2019 12:58:32) C:\Windows\Temp\MpCmdRun.log => Could not move ==== End of Fixlog 12:58:33 ==== ADW CLEANER LOG FILE: # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-23-2019 # Duration: 00:00:04 # OS: Windows 10 Pro # Cleaned: 32 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\WebDiscoverBrowser Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\jack\AppData\Local\WebDiscoverBrowser Deleted C:\Users\jack\AppData\Local\slimware utilities inc ***** [ Files ] ***** Deleted C:\Windows\SysWOW64\pmls.dll Deleted C:\Windows\System32\PMLS64.DLL ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F Deleted HKCU\Software\WebDiscoverBrowser Deleted HKCU\Software\csastats Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser Deleted HKLM\Software\WebDiscoverBrowser Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\.DEFAULT\Software\WebDiscoverBrowser Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-18\Software\WebDiscoverBrowser Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\java-runtime-environment-64.en.softonic.com Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\java-runtime-environment-64.en.softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted Search Manager ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [5686 octets] - [23/06/2019 13:04:08] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ROGUEKILLER LOG FILE: RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17763) 64 bits Started in : Normal mode User : jack [Administrator] Started from : C:\Users\jack\Desktop\RogueKiller_portable64.exe Signatures : 20190622_071611, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/06/23 13:44:36 (Duration : 00:18:55) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.SearchManager (Potentially Malicious)] Search Manager -- nahhmpbckpgdidfnmfkfgiflpjijilce -> Deleted With the RogueKiller programme I wasnt sure which version to install - I know it is 64 bit but it gave me the option of 'Installer' or 'Portable' versions and as the portable version differentiated between 32 and 64 bit I went for that. In doing so I found that none of the buttons were in the places you had described so I am not sure if the log posted will have what you might expect to see? Let me know and i can always try the installer version and report the resulting log file Many thanks
  3. Hi Juliet, Firstly, sincere apologies for delay in applying your solution and posting the logs. I have had all sorts of problems actually getting the problematic computer to run at all but today have managed it. The links would not work using my default browser and in the end I copied and pasted the HTTP details from the properties of the link to a different browser For future reference, Windows Defender would not allow me to run the FRST app and I had to disable it which took a little time to work out (not being a massive tech dude) but eventually I have managed it and below are the results: FRST Notepad Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019 Ran by jack (administrator) on DESKTOP-O8IQLFD (Packard Bell imedia S2870) (09-06-2019 17:33:46) Running from C:\Users\jack\Downloads Loaded Profiles: jack (Available Profiles: jack) Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed] HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-06-09] (Google LLC -> Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {45452D94-A227-443D-B941-06D26CCBC5EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {58DEFE7B-9A11-4738-B769-08EB8AC9131B} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask => {7C83C056-1D0D-4C8E-A6B0-89E79C213559} C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [191488 2019-05-01] (Microsoft Windows -> Microsoft Corporation) Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7A343A59-5C9C-4004-9E17-B1E57E933FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {8630196E-C4B3-4FCB-928C-31E7104D5C2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) Task: {908A8B3C-CE7F-4AD1-8F11-3B38B9759999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E8EF172D-5181-4F72-A7C8-917528CC7669}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01}" /ENABLE Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {B6596B23-B583-4976-B70B-09942B51D533} - System32\Tasks\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01} => C:\WINDOWS\system32\pcalua.exe -a E:\start.exe -d E:\ Task: {BEC14D0B-64D3-46CB-B192-2681B18181E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.) Task: {C5F485D0-1BB8-4F2D-8A39-45128DB0D008} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {D9ED0550-AB98-485F-A012-009BE5BF1557} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{59cf69be-9c1f-4872-8d31-66ca5a00501f}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> hxxp://www.google.co.uk/ FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.view-search.com/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> view search CHR Profile: C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default [2019-04-29] CHR Extension: (Slides) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10] CHR Extension: (Docs) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10] CHR Extension: (Google Drive) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10] CHR Extension: (YouTube) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] CHR Extension: (Sheets) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10] CHR Extension: (Google Docs Offline) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-24] CHR Extension: (Avast Online Security) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-29] CHR Extension: (Search Manager) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-04-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20] CHR Extension: (Gmail) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-29] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-03-05] (Intel(R) pGFX -> Intel Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-02] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-05-02] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation) S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-06-09] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-09-15] (Microsoft Windows -> Windows (R) Win 7 DDK provider) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2017-03-08] (Intel Corporation -> Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:33 - 2019-06-09 17:35 - 000022858 _____ C:\Users\jack\Downloads\FRST.txt 2019-06-09 17:33 - 2019-06-09 17:33 - 000000000 ____D C:\FRST 2019-06-09 17:31 - 2019-06-09 17:31 - 002417664 _____ (Farbar) C:\Users\jack\Downloads\FRST64.exe 2019-06-09 17:29 - 2019-06-09 17:29 - 001770496 _____ (Farbar) C:\Users\jack\Downloads\FRST.exe 2019-06-09 17:01 - 2019-06-09 17:01 - 000000556 _____ C:\WINDOWS\wininit.ini 2019-06-09 15:50 - 2019-01-21 16:46 - 000000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190609-155037.backup 2019-06-09 15:49 - 2019-06-09 15:49 - 000000000 ____D C:\Users\jack\AppData\Local\SlimWare Utilities Inc 2019-06-09 15:43 - 2019-06-09 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2019-06-09 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2019-06-09 15:43 - 2019-06-09 15:43 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2019-06-09 15:43 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2019-06-09 15:39 - 2019-06-09 15:39 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\jack\Downloads\spybotsd-2.7.64.0.exe 2019-06-09 15:37 - 2019-06-09 15:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers 2019-06-09 15:05 - 2019-06-09 15:03 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-05-17 20:30 - 2019-03-05 17:54 - 001108344 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 17:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-09 17:12 - 2019-05-01 19:57 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-09 17:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-09 17:10 - 2017-04-03 14:04 - 000000000 ____D C:\Program Files (x86)\Steam 2019-06-09 17:07 - 2017-03-05 14:37 - 000000000 __SHD C:\Users\jack\IntelGraphicsProfiles 2019-06-09 17:06 - 2019-05-01 20:03 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-06-09 17:06 - 2019-05-01 20:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-09 17:05 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-09 16:59 - 2019-05-01 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-09 16:53 - 2018-07-31 22:47 - 000000000 ____D C:\Users\jack\AppData\Local\CrashDumps 2019-06-09 16:43 - 2018-11-21 00:10 - 000000000 ____D C:\ProgramData\Packages 2019-06-09 15:56 - 2017-12-10 14:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-09 15:52 - 2018-04-20 21:47 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-06-09 15:48 - 2018-04-20 21:47 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-06-09 15:47 - 2019-04-24 16:47 - 000000000 ___RD C:\Users\jack\Desktop\Loz 2019-06-09 15:39 - 2018-06-26 20:04 - 000000000 ____D C:\Users\jack\AppData\Local\AVAST Software 2019-06-09 15:36 - 2019-05-01 20:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001 2019-06-09 15:36 - 2019-05-01 19:46 - 000002364 _____ C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-09 15:36 - 2017-03-05 14:24 - 000000000 ___RD C:\Users\jack\OneDrive 2019-06-09 15:17 - 2019-04-24 16:02 - 000000000 ____D C:\Users\jack\AppData\Local\D3DSCache 2019-06-09 15:10 - 2019-05-01 19:46 - 000000000 ____D C:\Users\jack 2019-06-09 15:05 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-09 15:04 - 2019-03-01 17:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-06-09 15:04 - 2018-10-29 11:05 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-06-09 15:04 - 2018-04-20 21:47 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-06-09 15:01 - 2019-01-28 19:33 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-06-09 15:01 - 2019-01-21 16:53 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-06-09 15:01 - 2018-04-20 21:47 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-05-17 20:37 - 2019-05-01 20:41 - 000000000 ____D C:\Windows.old 2019-05-17 20:36 - 2019-05-01 20:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-17 20:36 - 2019-05-01 20:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-17 20:26 - 2018-01-28 19:52 - 000000000 ___RD C:\Users\jack\3D Objects 2019-05-17 20:26 - 2016-11-23 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== Files in the root of some directories ======= 2018-05-07 18:49 - 2018-05-07 18:49 - 000000000 _____ () C:\Users\jack\AppData\Local\{3AE4B38E-B619-4099-86F2-2FAC96EA531A} ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019 Ran by jack (09-06-2019 17:36:03) Running from C:\Users\jack\Downloads Windows 10 Pro Version 1809 17763.475 (X64) (2019-05-01 19:05:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4127454622-3581897595-3763097022-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4127454622-3581897595-3763097022-503 - Limited - Disabled) Guest (S-1-5-21-4127454622-3581897595-3763097022-501 - Limited - Disabled) jack (S-1-5-21-4127454622-3581897595-3763097022-1001 - Administrator - Enabled) => C:\Users\jack WDAGUtilityAccount (S-1-5-21-4127454622-3581897595-3763097022-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts) Microsoft OneDrive (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.45.62.1020 - Electronic Arts Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) World of Tanks (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-09] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.5.5.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com) Code Writer -> C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_3.3.29.0_x64__24pqs290vpjk0 [2019-04-21] (Actipro Software LLC) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.6.0.9_x86__h6adky7gbf63m [2019-01-21] (Gameloft.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-06-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m [2019-06-09] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-05-01] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-04-29] (Microsoft Corporation) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-01] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0 [2019-06-09] (Spotify AB) Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2017-07-10] (Ryan Tremblay) [MS Ad] Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-30] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-02-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\AppData:CSM [442] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7943 more sites. IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123simsen.com -> www.123simsen.com There are 7943 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2019-06-09 17:12 - 000454736 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15606 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{DEC7D197-3BA5-437A-9049-0D85C2363A0C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{DC3F9561-2BE9-4DB7-B6AE-34569439FE4E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{6DD80E10-C303-4768-AE8F-ABFFC6A76A0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5C146A50-4CD1-4D92-806D-F1E32BE1CC1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{7BC40AC7-1F75-4C4D-B664-D05DEE53A735}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{FE9680C6-9BCB-48F2-ACC4-F622C720ECCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{81DFC864-3FAD-4201-8AA8-1592787048AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F0617115-A03B-4A46-8CA7-B9FD5F39695D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{741172BE-D110-4CDE-A0EF-DA16327C7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{00B97100-3509-41E0-8030-659EE04C3393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{D1E91A08-98D2-405D-B044-772851BD2BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{472B6F9A-B2CF-44B3-8DC9-17E32988F23C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{1DC36F1F-DC00-4F4F-B580-DE8AA7B30378}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{F667035D-6C19-43F5-968B-F8300B03DB0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{0B6FBE3B-2C9A-4121-9413-A685B39B6A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{AA41E2F4-B274-4E53-8843-FE426A1AC82A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{3BC22425-2F6C-4867-8F47-E1A940C971AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{5E0B3903-ED20-4405-ADE2-8A3D2B1CBD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File FirewallRules: [{471F6D60-FB2A-4987-90B7-67C9BE3AE709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{0E056B65-842E-4AF1-B97F-96E32674B8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File FirewallRules: [{C9540541-E069-4C2D-857B-98B6641674F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{F50B3A5A-76E8-4860-9770-A0A27D09E994}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{234D5FEA-936F-4257-8892-B6AD49B4DBA2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{764BF0ED-23FF-4969-8342-67486B238931}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{411A9ED2-FAE3-4D31-89AF-E5FDA365EF59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{9C355290-1442-4A7E-8B2E-5B2BF5A1E036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed] FirewallRules: [{6C082675-089E-41B0-BE0A-452AE101FE2A}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7219AB0B-352B-4800-9E61-B732BF5EEECE}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.) FirewallRules: [{7D3F4AFD-398D-40EC-8075-2FAD1C39427F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [{5FBA93B2-8DA0-4273-AB19-26F980D33C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{8AB97966-EA6C-44CF-9D4C-7DB6F6A735FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [UDP Query User{6F98FBD7-0ED5-4D82-AEAD-6509224A1428}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [TCP Query User{4E0801A1-3C82-4FD3-8F7D-A064B04DFC1B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{B184455F-7786-46E4-B3FE-EAB454274F77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{971FF884-1CBC-4EB1-B11F-560E6B9B5E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{1AB033B8-57BE-46D5-BC47-F1E50ADFBB3A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{8F439E62-8E69-43A3-BE38-0A1AA124D0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{476B8BE2-5A86-4796-9FC5-5019688E9908}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{505F67D3-0DB3-420E-884D-BB6F8173AD8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{7E120442-D437-4957-9E58-2F9CF3B820BA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{4F0D2ED3-0662-4A4B-B23D-CEE138207AA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{8BB775C4-FB5D-49A4-8FF4-80A54D87ADF6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{59962D78-F343-4650-8713-C20C4E91F83B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{AD4347D5-B237-4094-8C60-3E44B338BBAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{8B28F566-D121-4A17-A80D-C7345A0AFDC3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{C4B73AF8-1A0C-41A3-8ABD-60956B9352A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{931C0DC7-C55E-4A6E-B4ED-3DB1ECC7D799}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File FirewallRules: [{8870048C-F815-4391-86CC-7621A4509FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{FF1ABA3C-5419-4D9F-A2CF-F7272C976E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd) FirewallRules: [{E6C10C76-B6D2-4412-92D4-C6963F500B94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{0F59AF8C-2FB3-4C19-83EA-ADA18749D4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9BC9CA88-E082-4C5B-A6D3-516D277C89A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{623E975E-15F1-4EBA-A25E-594138747853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{72F03D48-9C34-4B07-B816-77090B5F75D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{22C78244-AC29-43B3-9AB7-AF905067B853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AF4AEC1B-526F-4AA8-8791-EBF95A763AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B485EBD6-AA37-409C-A082-FCA779151D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{01806C9B-5453-4635-AE4F-3BF63887AD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 02-05-2019 17:36:27 Windows Update 09-06-2019 15:49:19 Removed Avast Driver Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2019 05:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a10 Start Time: 01d51ee01a4b78d3 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: d5683e54-0a7f-4442-816f-7e5cad887d01 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm (1).exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2304 Start Time: 01d51edda6f005bb Termination Time: 220 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 92af275e-deda-4dc5-a92d-52dc7ecdfcac Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (06/09/2019 05:24:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d14 Start Time: 01d51edf242b6b7d Termination Time: 10165 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 975f26e3-487d-405f-85cf-4b4947d9b91b Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a04 Start Time: 01d51ede77ef990a Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 6884681a-d0af-4b96-8b0c-89ac576c6c74 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (06/09/2019 05:08:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\jack\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2019 05:06:31 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (06/09/2019 05:10:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8IQLFD) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-O8IQLFD\jack SID (S-1-5-21-4127454622-3581897595-3763097022-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (06/09/2019 05:04:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD} Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (06/09/2019 05:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2019-06-09 17:09:18.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 17:06:17.609 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 17:06:17.333 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-09 16:52:39.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:52:22.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-09 16:47:39.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P11-A3 02/21/2013 Motherboard: Packard Bell imedia S2870 Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 80% Total physical RAM: 3982.99 MB Available physical RAM: 781.95 MB Total Virtual: 7694.99 MB Available Virtual: 4239.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:461.32 GB) (Free:316.09 GB) NTFS Drive e: (Sims4_1) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF \\?\Volume{1059c9e4-01d1-4c84-9dc8-267f55d2fb7c}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS \\?\Volume{78f3c03f-586e-453c-b80b-c2f9daca59d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3C0F8483) Partition: GPT. ==================== End of Addition.txt ============================ Many thanks for your help and support Regards Loz
  4. Hi Been a while since I posted on here so I apologise if this is not the correct forum location …. Friends sons computer has been a git lately and is causing all sorts of slowing issues! System details: Windows 10 Pro 64 bit Operating System (x64 bit processor) 4GB Ram Hijackthis log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 16:29:05, on 24/04/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Games\World_of_Tanks\WargamingGameUpdater.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\jack\Desktop\HijackThis.exe C:\Users\jack\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit= O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" O4 - HKCU\..\Run: [Chromium] "c:\users\jack\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol hijack: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) -- End of file - 9231 bytes ---------------------------------- Kind Regards Loz
  5. Nice one Red, just what I was looking for .... One small prob - being from the UK I had to look elsewhere for the item and found this: http://www.1topstore.com/product_info.php?...p;products_id=5 Can you just advise - Do I need to purchase a kit that has a power supply or can I simply supply power to the drive from the usual loom/power supply within my own comp? cheers Loz
  6. Hello again one and all, Firstly, sorry for resurrecting this thread but I have still not been able to resolve thenissue at hand - the delay in writting is somewhat a better reason - my baby boy was born on 7th December and after a few initial complications all is well now And back to the problem: My mothers laptop is having a major issue - it stops during start up and says: 'Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM' It then offers me the opportunity to repayr this file by starting Windows Setup using the original setup CD-ROM. I have tried this and at no point does it offer me the chance to 'repair' the files - it only offers me the chance to reinstall. I have also followed the links previously submitted in this thread and encountered the following problem: Using the manual steps to recover a corrupt registry - it stated that the following file did not exist and could not be copied = copy c:\windows\system32\config\software c:\windows\tmp\software.bak. Now if I try to manually recover using this method it tells me that md tmp already exists and I cannot think of a way of getting around this. The most recent suggestion of again performing a Windows XP repair install doesnt work because the option to repair is not available I have never tried to slave a laptop hard drive but i think that is now the best option to save some of the files then do a reinstall. I only have a Windows 7 laptop but my desktop is Windows XP - can I slave a laptop hard drive to a desktop PC?? or can I slave the XP corrupted HDD to my Windows 7 laptop? All help gratefully received ... Happy New Year one and all Cheers Loz
  7. Ok, heres some strange stuff .... I reset the BIOS by removing the battery and leaving it for about 20 mins ... booted up the puter and it says: 'CMOS checksum error - defaults loaded' Great I think, BIOS reset now I can enter and swap the boot sequence ... no, it still wouldnt work, both keyboards simply would not work (1 x PS2 and 1 x USB) So I decide to 'jump' the BIOS and again I get the same checksum error message at start up but now I get the option of F1 to continue but you may not be suprised to hear the again both keyboards fail to allow me entry Final option, I decide to unplug the HDD in reverse order and in between restart the puter ... only when I had both HDD's unplugged would it let me enter the BIOS ... The defaults had not been loaded but I was now able to change the boot sequence so that CD-Rom booted first .... I plug in the master HDD (The one with XP installed) and jackpot!!! I can boot from the XP CD. Now this bit is really strange to me ... Im now all prepared with my mini notebook all set up with the instructions on how to manually re-write the boot.ini etc but the puter simply boots from the XP CD straight to normal desktop operation with no mention of missing or corrupt files ?? Its almost as if it automatically fixed the problem and continued with no fuss ... Anyways - long story short, the puter now works fine and I am happy In the end a very simply solution for a potentially drastic problem - ty so much again to everyone for your contributions
  8. Hi Red, Firstly cheers for taking the time to advise The link you have posted is the exact one that I was following prior to encountering the problem - I had gone to it because the original problem was a BSOD with the error: Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate So I figured on reading that the issue was to do with the HIVE (whatever that is? lol) Anyways - I typed the 'md tmp' command no problem and the first line entered ok but then the second line I entered - 'copy c:\windows\system32\config\software c:\windows\tmp\software.bak' said the file did not exist or I could not copy it?. Stupidly, I realise now, I continued and went the whole way through. Then when I rebooted I got the new problem where the comp reaches the safe mode or last known good configuration stage but then when I select whatever it comes up with the fault: 'Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM' Now, my laymens way of thinking is this ... The operating system is missing some files and / or some are corrupt so, rather than re-installing why dont I just use the original install disc where those files are and take them off the CD and put them amongst the HDD installation writing over the damaged one?? 'Simples', as a certain meerkat would say but it all seems to have gone horribly wrong and now I think I have deleted the files by following the instruction Is it beyond help do you think? As for a clean re-install - I am happy to do that but there is so much on the puter that mother wants to keep I want to hook the HDD up to my main puter and retrieve files before I go ahead and wipe it - when the time comes I shall ask more about the drivers once I can identify the Mobo etc ... The challenge continues
  9. Great advice Doug, the suggestions u gave about the file replacements are what I have read and it was the first hurdle I was struggling with ... as I was reading your post about replacing the Battery I thought to myself ... I just did that when I rebuilt it ... doh! why dont I just jump the BIOS and reset them ... the next line of yours suggested pretty much the same thing lol.. I shall be trying it tonight once I have settled the 9 dogs (4 new puppies included!), the 2 children and made sure that the good lady is comfortable in front of X Factor before I begin! Will update laters - cheers Loz
  10. Hello Again Jacee, I recall your help from many moons ago so I take great comfort in knowing you are still about to offer advice The suggestions you linked is one I have read about and I would gladly try it but when I first installed the system I changed the boot sequence (Stupid I know now - hind sight is wonderful!) - having done this I cannot boot straight from the CD and I need to enter setup to change the boot sequence, which is where my first problem lies I cannot enter setup / BIOS no matter how much I patiently tap the del key nothing happens Loz
  11. Hi, My mothers laptop seems to be giving up the will to live and has now decided that it will not start Windows XP at all The error message is: 'Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM' I have visited several site that talk about using the recovery cosole on the Windows XP Disc which I have done but the option to repair an installation never appears - I have been through the licence agrrement stage and the option simply is not there I have also looked at manually replacing the system + software + sam + default files using the command prompt but again having used the md tmp command I cannot seem to now try it again - it kept telling me that the file did not exist when i tried the command copy c:\windows\system32\config\software c:\windows\tmp\software.bak ... now it doesnt want to know. I have tried replacing the boot sector files but again this doesnt work - I at totally lost with this now - I dont want to do a re-install because my mother has a lot of files she doesnt want to lose, and we dont have the original motherboard drivers and other software discs that the laptop came pre-loaded with. Please please please can one (or more!) of you very kind and knowledgable people help me ?? tks Loz
  12. Hi All, My old home build computer is now in the hands of my 15 yr old boy .... and rather unsuprisingly he has had problems with it!! The latest is proving to be a real tester: Whenever we boot the computer up we get the following black stop screen: TRAP 00000006 =================== EXCEPTION ====================== TR=0028 cr0=8000000011, cr2=00000000, cr3=00039000 GDT limit=03ff base=0003F000 idt limit=07ff base=0003F400 CS:eip=0008:0040737F ss:esp=0010:0005F95C errcode=0000 flags=00010086 NoCy NoZr intdis down trapdis eax=00008000 ebx00008000 ecx=00000000 edx=00480001 ds-0010 es=0010 edi=80507580 esi=00488000 ebp=0005f978 cr0=80000011 fs=0030 gs=0000 The system is as follows: 2 x 40 GB HDD (1 master and 1 slave) Windows XP Home edition AMD Athlon XP2800+ processor ATI Radeon HD3850 512 MB GDDR2 GPU I have tried to boot from the original WIndows XP disc but neither the F8 or Del buttons will let me enter the respective set up menu's. I have tried 3 different keyboards just to make sure it wasnt those but it wont work. I have also tried unplugging each HDD and rebooting but it wont work. The reason I have tried the above is because from what I can gather the problem could be down to a nissing NTLDR file and I need to run a CHKDISK or repair from the original CD. I am concerned that all this could be be down to a virus so after I have managed to fire things up I will need to clean up the whole system?? I also notice that when the comp goes through its usual boot up sequence the message 'secondary IDE channel no 80 conductor cable installed' (or something very similar to this - it goes past very quickly!) Im at a loss on this one so any help is as always gratefully appreciated. Cheers Loz
  13. Aren't glitches fun All sorted now: JRE installed System restore off and then on again OTCleanIt ran in about 2 seconds so no issues with that. I do believe we are clean. I shall ensure that other half mother reads these threads, especially with the advice you have given at the end. Thank you seems an understatement of gratitude when ever you lot help out ... keep up the good work and the fight against all that is 'puter bad' Cheers Loz
  14. Hey, GMER scan run and result as below: GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-03-31 01:13:04 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT 886ACA40 ZwAlertResumeThread SSDT 886ACB20 ZwAlertThread SSDT 886A4340 ZwAllocateVirtualMemory SSDT 88674C38 ZwAlpcConnectPort SSDT 886AC718 ZwCreateMutant SSDT 886A6A50 ZwCreateThread SSDT 886AC398 ZwDebugActiveProcess SSDT 886A41A0 ZwFreeVirtualMemory SSDT 886AC808 ZwImpersonateAnonymousToken SSDT 886AC960 ZwImpersonateThread SSDT 886A53A8 ZwMapViewOfSection SSDT 886AC638 ZwOpenEvent SSDT 8867F188 ZwOpenProcessToken SSDT 886AC478 ZwOpenSection SSDT 886A5180 ZwOpenThreadToken SSDT 886E62F8 ZwResumeThread SSDT 886A50C0 ZwSetContextThread SSDT 886A5250 ZwSetInformationProcess SSDT 886AB968 ZwSetInformationThread SSDT 886AC558 ZwSuspendProcess SSDT 886AB7A8 ZwSuspendThread SSDT 86BF3E58 ZwTerminateProcess SSDT 886AB888 ZwTerminateThread SSDT 886E2668 ZwUnmapViewOfSection SSDT 886A4270 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 350 81EFB914 8 Bytes [40, CA, 6A, 88, 20, CB, 6A, ...] {INC EAX; RETF 0x886a; AND BL, CL; PUSH -0x78} .text ntkrnlpa.exe!KeSetTimerEx + 364 81EFB928 4 Bytes [40, 43, 6A, 88] {INC EAX; INC EBX; PUSH -0x78} .text ntkrnlpa.exe!KeSetTimerEx + 370 81EFB934 4 Bytes [38, 4C, 67, 88] {CMP [EDI-0x78], CL} .text ntkrnlpa.exe!KeSetTimerEx + 428 81EFB9EC 4 Bytes [18, C7, 6A, 88] {SBB BH, AL; PUSH -0x78} .text ntkrnlpa.exe!KeSetTimerEx + 454 81EFBA18 4 Bytes [50, 6A, 6A, 88] .text ... ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- ---------------------------------------------------------------------------------------------------------------------- HJT scan run and result as below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:16:11, on 31/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Pammy\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=2081209 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=2081209 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Pammy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-gb.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10948 bytes ----------------------------------------------------------------------------------------------------------- I went to update Java but the link you provided unforetunately didnt work. I found the page manually but as it didnt say the exact words you had written I chose not to download it. Also, when it asked me to identify the platform the option only stated windows or windows x64 (apart from Linux which I obviously knew wasnt right!) Just following instructions and not going off on my own Loz
  15. Well, what can I say? There are no other problems that I am aware of and when the other halfs mother asked me to take a look at it for her I did tell here I thought it was something minor .... not sure if thats the right way to describe these types of problem? lol Anyway, I did the Kaspersky online scan for piece of mind really and below are the results, even to my lamens eye this looks quite good ------------------- KasperSky scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, March 30, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, March 30, 2009 14:35:03 Records in database: 1986635 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 103336 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:19:54 No malware has been detected. The scan area is clean. The selected area was scanned. -------------------------------------- What say you, oh holy one? Tks Loz p.s. If its not too much trouble, can you just tell me what the issue was (in lamens terms plesae! lol) as I am bound to be asked to explain to the other halfs mother what had snuck onto her puter - Im thinker a little browser hijacker?? cheers
×
×
  • Create New...