Skyclad Posted January 7, 2019 Posted January 7, 2019 Hello to all my friends at PCHelp! I'm hoping you can help me with something that appears to be malware that keeps popping up on my computer.. It shows up in a small window in the bottom right had of my monitor usually when I log on, but can happen at any time.. It is from a locale called watchtvnow.com, and it's all over Google.. I've read how to get rid of it via several links, but opted to see if you guys could help me out on this one.. You have always taken care of my problems in the past, so hoping you can help with this one as well.. I would like to mention that I do have Malwarebytes, but it is the free edition.. In most of the links I read, the first thing they said to do was run MBAM, and once the malware is found you can delete or quarantine it that way.. Problem is, the Malwarebytes I have says everything is clean.. Please advise! Thanks in advance for any help on this! PS I'm running Microsoft Security Essentials as an AV and have had no issues until lately.. Wondering if I need to get an upgrade on my antivirus... Quote
ExTS Admin Starbuck Posted January 7, 2019 ExTS Admin Posted January 7, 2019 Hi Skyclad, I'm sure we can sort this out for you. Please download the following program and post the 2 reports asked for. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. When the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Thanks Quote Member of:UNITE
Skyclad Posted January 7, 2019 Author Posted January 7, 2019 (edited) Hello Starbuck and thanks for getting back on this.. Find attached the info you requested.. Hoping this will tell the tale...! Thanks again... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019 Ran by Mike (administrator) on HOME (07-01-2019 16:38:09) Running from C:\Users\Mike\Downloads Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-17] (Google Inc.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\RunOnce: [CleanUp!] => C:\Users\Mike\Desktop\Cleanup.exe [315392 2015-03-24] (Steven R. Gould) HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\MountPoints2: {7782d33e-6747-11e3-95c9-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-18\...\RunOnce: [sPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk [2019-01-05] ShortcutTarget: Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk -> C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPStatusBL.dll (HP Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{1E0DDCFC-1E76-4B24-A563-377693E78DF2}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{BFFEA40B-4E9A-4941-BD74-162078A16799}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.kadaza.com/ BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) FireFox: ======== FF DefaultProfile: fcovtdlu.default-1503001169035 FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 [2018-10-09] FF Homepage: Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 -> hxxp://www.kadaza.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default [2019-01-07] CHR Extension: (Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25] CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20] CHR Extension: (Sea Cliffs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpokehhbejeciipobnhjkhhflnmpidkf [2019-01-05] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20] CHR Extension: (Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25] CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20] CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-05] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-07 16:38 - 2019-01-07 16:38 - 000013174 _____ C:\Users\Mike\Downloads\FRST.txt 2019-01-07 16:33 - 2019-01-07 16:33 - 002424832 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2019-01-07 14:00 - 2019-01-07 14:00 - 012902928 _____ C:\Users\Mike\Downloads\TotalAV_Setup.exe 2019-01-02 09:33 - 2019-01-02 09:33 - 000195089 _____ C:\Users\Mike\Desktop\Why Americans Get Socialism and Capitalism Backwards.html 2019-01-02 09:33 - 2019-01-02 09:33 - 000000000 ____D C:\Users\Mike\Desktop\Why Americans Get Socialism and Capitalism Backwards_files 2018-12-27 21:38 - 2018-12-27 21:38 - 000298753 _____ C:\Users\Mike\Desktop\SmokingBasicsEcourse2017.pdf 2018-12-27 14:04 - 2018-12-27 14:20 - 000000000 ____D C:\Users\Mike\Desktop\FunnyBS 2018-12-27 13:23 - 2019-01-05 09:26 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-12-27 12:21 - 2018-12-27 12:21 - 000003556 _____ C:\Windows\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series 2018-12-27 12:21 - 2018-12-27 12:21 - 000002236 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk 2018-12-27 12:21 - 2018-12-27 12:21 - 000001991 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2018-12-27 12:21 - 2018-12-27 12:21 - 000001173 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk 2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\Visan 2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\HP Photo Creations 2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations 2018-12-27 12:21 - 2017-03-27 12:54 - 000840328 ____N (HP Inc.) C:\Windows\system32\HPDiscoPME511.dll 2018-12-27 12:20 - 2018-12-27 12:21 - 000000000 ____D C:\Program Files (x86)\HP 2018-12-27 12:20 - 2018-12-27 12:20 - 000000000 ____D C:\Program Files\HP 2018-12-27 12:19 - 2018-12-27 12:47 - 000000000 ____D C:\ProgramData\HP 2018-12-27 09:38 - 2018-12-27 12:48 - 000000000 ____D C:\Users\Mike\AppData\Local\HP 2018-12-22 07:07 - 2018-12-31 16:43 - 000000000 ____D C:\Users\Mike\Desktop\Winter18 2018-12-20 04:41 - 2018-12-14 18:06 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-12-20 04:41 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-12-20 04:41 - 2018-12-14 02:09 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-12-20 04:41 - 2018-12-14 02:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-12-20 04:41 - 2018-12-14 02:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-12-20 04:41 - 2018-12-14 01:51 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-12-20 04:41 - 2018-12-14 01:49 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-12-20 04:41 - 2018-12-14 01:49 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-12-20 04:41 - 2018-12-14 01:49 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-12-20 04:41 - 2018-12-14 01:48 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-12-20 04:41 - 2018-12-14 01:48 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-12-20 04:41 - 2018-12-14 01:42 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-12-20 04:41 - 2018-12-14 01:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-12-20 04:41 - 2018-12-14 01:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-12-20 04:41 - 2018-12-14 01:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-12-20 04:41 - 2018-12-14 01:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-12-20 04:41 - 2018-12-14 01:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-12-20 04:41 - 2018-12-14 01:38 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-12-20 04:41 - 2018-12-14 01:36 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-12-20 04:41 - 2018-12-14 01:33 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-12-20 04:41 - 2018-12-14 01:30 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-12-20 04:41 - 2018-12-14 01:24 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-12-20 04:41 - 2018-12-14 01:24 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-12-20 04:41 - 2018-12-14 01:23 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-12-20 04:41 - 2018-12-14 01:21 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-12-20 04:41 - 2018-12-14 01:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-12-20 04:41 - 2018-12-14 01:18 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-12-20 04:41 - 2018-12-14 01:17 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-12-20 04:41 - 2018-12-14 01:09 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-12-20 04:41 - 2018-12-14 01:06 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-12-20 04:41 - 2018-12-14 01:06 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-12-20 04:41 - 2018-12-14 01:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-12-20 04:41 - 2018-12-14 01:04 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-12-20 04:41 - 2018-12-14 01:02 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-12-20 04:41 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-12-20 04:41 - 2018-12-14 00:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-12-20 04:41 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-12-20 04:41 - 2018-12-14 00:45 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-12-20 04:41 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-12-20 04:41 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-12-20 04:41 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-12-20 04:41 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-12-20 04:41 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-12-20 04:41 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-12-20 04:41 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-12-20 04:41 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-12-20 04:41 - 2018-12-14 00:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-12-20 04:41 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-12-20 04:41 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-12-20 04:41 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-12-20 04:41 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-12-20 04:41 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-12-20 04:41 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-12-20 04:41 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-12-20 04:41 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-12-20 04:41 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-12-20 04:41 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-12-20 04:41 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-12-20 04:41 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-12-20 04:41 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-12-20 04:41 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-12-20 04:41 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-12-20 04:41 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-12-20 04:41 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-12-20 04:41 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-12-20 04:41 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-12-20 04:41 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-12-20 04:41 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-12-17 14:56 - 2018-12-17 14:56 - 000130797 _____ C:\Users\Mike\Desktop\Apparel – Kona Brewing.html 2018-12-17 14:56 - 2018-12-17 14:56 - 000000000 ____D C:\Users\Mike\Desktop\Apparel – Kona Brewing_files 2018-12-12 17:07 - 2018-12-12 17:07 - 005012020 _____ C:\Users\Mike\Desktop\8ccec5_a7d4fac1eb6548b18ef2e56205fa7e47.pdf 2018-12-11 22:21 - 2018-12-05 20:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-12-11 22:21 - 2018-11-28 16:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2018-12-11 22:21 - 2018-11-28 16:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2018-12-11 22:21 - 2018-11-28 16:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2018-12-11 22:21 - 2018-11-28 16:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2018-12-11 22:21 - 2018-11-28 16:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2018-12-11 22:21 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2018-12-11 22:21 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2018-12-11 22:21 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2018-12-11 22:21 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2018-12-11 22:21 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2018-12-11 22:21 - 2018-11-11 11:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-12-11 22:21 - 2018-11-11 11:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-12-11 22:21 - 2018-11-11 11:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-12-11 22:21 - 2018-11-11 11:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-12-11 22:21 - 2018-11-11 11:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys 2018-12-11 22:21 - 2018-11-11 11:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-12-11 22:21 - 2018-11-11 11:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-12-11 22:21 - 2018-11-11 11:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-12-11 22:21 - 2018-11-11 10:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-12-11 22:21 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-12-11 22:21 - 2018-11-11 10:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-12-11 22:21 - 2018-11-11 10:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-12-11 22:21 - 2018-11-11 10:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-12-11 22:21 - 2018-11-11 10:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-12-11 22:21 - 2018-11-11 10:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-12-11 22:21 - 2018-11-11 10:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-12-11 22:21 - 2018-11-11 10:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2018-12-11 22:21 - 2018-11-11 10:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-12-11 22:21 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-12-11 22:21 - 2018-11-11 10:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-12-11 22:21 - 2018-11-11 10:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-12-11 22:21 - 2018-11-11 10:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-12-11 22:21 - 2018-11-11 10:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-12-11 22:21 - 2018-11-11 10:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2018-12-11 22:21 - 2018-11-11 10:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2018-12-11 22:21 - 2018-11-11 10:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2018-12-11 22:21 - 2018-11-11 10:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2018-12-11 22:21 - 2018-11-11 10:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-12-11 22:21 - 2018-11-11 10:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-12-11 22:21 - 2018-11-11 10:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-12-11 22:21 - 2018-11-11 10:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-12-11 22:21 - 2018-11-11 10:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-12-11 22:21 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-12-11 22:21 - 2018-11-11 10:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-12-11 22:21 - 2018-11-11 10:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-12-11 22:21 - 2018-11-08 10:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2018-12-11 22:21 - 2018-11-08 10:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2018-12-11 22:21 - 2018-11-08 10:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2018-12-11 22:21 - 2018-11-08 10:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2018-12-11 22:21 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2018-12-11 22:21 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2018-12-11 22:21 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2018-12-11 22:21 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2018-12-11 22:21 - 2018-11-05 22:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2018-12-11 22:21 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2018-12-11 22:21 - 2018-10-06 10:03 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-12-11 22:21 - 2018-10-06 09:59 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-12-11 22:21 - 2018-10-06 09:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-12-11 22:21 - 2018-10-06 09:58 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-12-11 22:21 - 2018-10-06 09:58 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-12-11 22:21 - 2018-10-06 09:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-12-11 22:21 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-12-11 22:21 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-12-11 22:21 - 2018-10-06 09:44 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-12-11 22:21 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-12-11 22:21 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-12-11 22:21 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-07 16:38 - 2017-01-23 15:01 - 000000000 ____D C:\FRST 2019-01-07 16:37 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-07 16:37 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-05 20:06 - 2017-04-23 21:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-01-05 18:15 - 2018-09-14 04:42 - 000000000 ____D C:\Users\Mike\Desktop\Black Sabbath 2019-01-05 11:18 - 2017-06-08 18:51 - 000000000 ____D C:\Users\Mike\Desktop\WordWaiting 2019-01-05 09:29 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-05 09:29 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf 2019-01-05 09:28 - 2017-01-19 18:07 - 000000000 ____D C:\Users\Mike\Desktop\PicFaves18 2019-01-05 09:23 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-03 16:59 - 2013-12-17 21:53 - 000000000 ____D C:\Users\Mike\Documents\Wikipedia 2019-01-01 14:16 - 2013-12-17 21:34 - 000000000 ____D C:\Users\Mike\Documents\Italy 2018-12-30 09:10 - 2013-12-17 11:27 - 000000000 ____D C:\Users\Mike 2018-12-30 07:30 - 2013-12-17 21:35 - 000000000 ____D C:\Users\Mike\Documents\Menus 2018-12-27 14:22 - 2016-02-27 18:24 - 000000000 ____D C:\Users\Mike\Desktop\Tweed1 2018-12-27 14:20 - 2013-12-27 09:43 - 000000000 ____D C:\Users\Mike\Desktop\RecipesNow 2018-12-27 13:22 - 2013-12-17 16:09 - 000065552 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT 2018-12-27 13:21 - 2009-07-13 22:45 - 000300424 _____ C:\Windows\system32\FNTCACHE.DAT 2018-12-21 03:55 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache 2018-12-18 10:18 - 2018-10-16 13:09 - 000000000 ____D C:\Users\Mike\Desktop\Fall '18 2018-12-17 14:36 - 2016-07-28 15:54 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 2018-12-17 14:36 - 2016-07-28 15:54 - 000003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 2018-12-16 02:45 - 2018-10-08 06:26 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-12-12 13:36 - 2016-02-20 11:59 - 000002408 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-12-12 13:36 - 2016-02-20 11:59 - 000002371 _____ C:\Users\Mike\Desktop\Google Chrome.lnk 2018-12-12 03:08 - 2013-12-17 19:48 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-12-12 03:07 - 2013-12-17 12:03 - 000000000 ____D C:\Windows\system32\MRT 2018-12-12 03:04 - 2013-12-17 12:03 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-12-10 16:04 - 2013-12-17 11:55 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2013-12-24 14:36 - 2013-12-24 14:36 - 000000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan 2013-12-23 08:43 - 2013-12-23 14:27 - 000004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-01-03 00:57 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.01.2019 Ran by Mike (07-01-2019 16:39:24) Running from C:\Users\Mike\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled) Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled) HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.) AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.) Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) CleanUp! (HKLM-x32\...\CleanUp!) (Version: - ) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) HP OfficeJet 3830 series Basic Device Software (HKLM\...\{165CDB14-4CD3-4D4D-A38A-3FF93FAAFD5C}) (Version: 40.11.1119.1786 - HP Inc.) HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.) Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers1: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers2: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {166C76E8-C829-4F8D-966A-99994EE32692} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2017-03-27] (HP Inc.) Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {83893AD3-3975-4766-87E6-FE0BD841FBFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated) Task: {90ED12DA-F53C-4114-B5D3-4B12FE1121AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-10-08 06:26 - 2018-12-16 02:45 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-12-12 13:36 - 2018-12-11 23:11 - 005237216 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-12 13:36 - 2018-12-11 23:11 - 000117216 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2015-09-22 15:49 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation) FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.) FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.) FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.) FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.) FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.) FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.) FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.) FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.) FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.) FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.) FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc.) FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc.) FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.) FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.) FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.) FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.) FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc.) FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc.) FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.) FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.) FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.) FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.) FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc.) FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc.) FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc.) FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc.) FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc.) FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc.) FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc.) FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc.) FirewallRules: [{673BBE0F-0A84-41B4-A041-830CF5F49039}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (HP Inc.) FirewallRules: [{8DAE8A70-66CD-4796-A7B1-719AE81870E9}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (HP Inc.) FirewallRules: [{3E12EF65-E10A-40BD-95EB-73CCD50ED46B}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (HP Inc.) FirewallRules: [{296C7251-8195-41E1-A4F9-217BE632EEF3}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (HP Inc.) FirewallRules: [{7A98E836-0958-4CD5-B880-D2A811CB97D1}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (HP Inc.) FirewallRules: [{60295DE4-8E2F-442E-A566-EBD61A8A00D9}] => (Allow) LPort=5357 FirewallRules: [{5C206BAE-2864-42B0-B225-EC66D7180A14}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc.) FirewallRules: [TCP Query User{1A801913-446A-4E62-B980-44B9A13700A9}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.) FirewallRules: [uDP Query User{4305BD67-FCAD-435E-ADC5-A0C4972B7473}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.) FirewallRules: [{49E188DD-8E4D-4D6A-9D5F-0A4891A91205}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.) FirewallRules: [{EE3D6B0A-5F25-405A-BA1C-CAAB50E82E98}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.) ==================== Restore Points ========================= 27-12-2018 11:49:06 Windows Update 30-12-2018 13:34:16 Windows Update 03-01-2019 00:01:23 Windows Update 06-01-2019 00:46:09 Windows Update ==================== Faulty Device Manager Devices ============= Name: WAN Miniport (ATW) #2 Description: WAN Miniport (ATW) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: America Online, Inc. Service: wanatw Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2019 04:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/06/2019 09:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/06/2019 02:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/05/2019 07:00:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/04/2019 12:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/03/2019 05:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/02/2019 10:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (01/02/2019 03:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). System errors: ============= Error: (01/06/2019 03:00:48 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (01/06/2019 12:11:42 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (01/05/2019 09:28:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (01/05/2019 09:26:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (01/05/2019 09:23:00 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:42:43 AM on 1/5/2019 was unexpected. Error: (12/28/2018 03:28:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (12/27/2018 11:43:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (12/27/2018 01:19:04 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2017-08-09 03:21:10.763 Description: Windows Defender scan has been stopped before completion. Scan ID:{74F44B93-3ABC-47E0-A787-F9B7D736E8E1} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-10-01 23:16:15.220 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 Date: 2016-10-01 23:16:15.217 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source:Signature Update Folder Signature Type:AntiSpyware Update Type:Delta Current Engine Version: Previous Engine Version: Error code:0x80070002 Error description:The system cannot find the file specified. CodeIntegrity: =================================== Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom 8650 Triple-Core Processor Percentage of memory in use: 58% Total physical RAM: 5630.49 MB Available physical RAM: 2349.92 MB Total Virtual: 11259.13 MB Available Virtual: 7994.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:355.19 GB) NTFS \\?\Volume{7782d33a-6747-11e3-95c9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 94549454) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================FRST.txtAddition.txt Edited January 8, 2019 by Starbuck Quote
ExTS Admin Starbuck Posted January 8, 2019 ExTS Admin Posted January 8, 2019 (edited) Hi Skyclad, I added the reports to your post because they're a lot easier to read and check that way. Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mike\Downloads . NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log in Download folder (Fixlog.txt). Please post this in your next reply. Step 2 Please reset all browsers to their original settings. To Reset Firefox At the top of the Firefox window, click the Help menu and select Troubleshooting Information Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page. To continue, click Reset Firefox in the confirmation window that opens. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open. Note: After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don't need this folder any longer, you should delete it as it contains sensitive information. The reset feature works by creating a new profile folder for you while saving your most important data. Firefox will try to keep the following data: Bookmarks Browsing history Passwords Cookies Web form auto-fill information Personal dictionary -------------------- Reset IE back to the defaults. Close any Internet Explorer or Windows Explorer windows that are currently open. Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer. Click the Tools button, and then click Internet Options. Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data. In the Reset Internet Explorer Settings dialog box, click Reset. When Internet Explorer finishes applying default settings, click Close, and then click OK. Close Internet Explorer. Your changes will take effect the next time you open Internet Explorer. ----------------- To reset Google Chrome Click the Menu option button at the top right of the Google Chrome screen Select Settings. Click Show advanced settings and find the "Reset browser settings” section. Click Reset browser settings. In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes. Resetting your browser settings will impact the settings below: Default search engine and saved search engines will be reset and to their original defaults. Homepage button will be hidden and the URL that you previously set will be removed. Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook. New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved. Pinned tabs will be unpinned. Content settings will be cleared and reset to their installation defaults. Cookies and site data will be cleared. Extensions and themes will be disabled. Step 3 Please download RogueKiller Anti-malware (Free) onto your desktop. Close all open programs and internet browsers. Double click on RogueKiller Anti-malware to install the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator. Select Accept the User Agreement then continue to click Next then finally click Install Click Finish . When the program opens..... click Scan Click Start Scan Double check anything found and tick to select items to be removed Click Remove Selected When the items have been removed.... Click Open Report >> Open TXT. Copy and paste that report into your next reply. In your next reply, please submit: Fixlog.txt RogueKiller report Also give me an update on the system. Thanks.fixlist.txt Edited January 8, 2019 by Starbuck Quote Member of:UNITE
Skyclad Posted January 11, 2019 Author Posted January 11, 2019 Hello Starbuck... I'm having a bit of a problem here (which I'm honestly a bit embarrassed about.......hence the private message...) with regard to the destination of things that are downloaded. After clicking the fix button once (in step one), there is no fixlog file on desktop (and I cannot find the download folder).. Obviously, it's been awhile since I've delved into this realm.....:/ If you would, please advise on where the download folder is, and for all future downloads how I could set it up so they will go to desktop.. Thanks, and sorry for the trivial questions on my part... Mike Quote
Skyclad Posted January 11, 2019 Author Posted January 11, 2019 I'm hoping this is what you are asking for, as I'm very rusty these days on following exact instructions.. Thankfully, that is due to nothing significant going wrong here for so long.. Once again, I appreciate all your help Starbuck!! Awaiting further instructions... RogueKiller Anti-Malware V13.0.21.0 (x64) [Jan 7 2019] (Free) by Adlice Software mail : Contact - Adlice Software Website : RogueKiller Anti-Malware Free Download - Official Website Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : Mike [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Standard Scan, Delete -- Date : 2019/01/11 13:05:18 (Duration : 00:47:51) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} -- [%localappdata%\Google\Chrome\Application\71.0.3578.98\notification_helper.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\MetaStream -- -> Deleted [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1) [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1) [PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programdata%\Viewpoint -> Deleted [PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programfiles(x86)%\Viewpoint -> Deleted [PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programfiles(x86)%\Viewpoint -> FoundFixlog.txtRogueReport.txt Quote
ExTS Admin Starbuck Posted January 11, 2019 ExTS Admin Posted January 11, 2019 Hi Skyclad, The reports look ok. Are you still getting the popups from 'watchtvnow' ? Quote Member of:UNITE
Skyclad Posted January 11, 2019 Author Posted January 11, 2019 Hi Starbuck.. I got a couple of popups earlier, but decided to restart and then see what happens.. So far no popps, but I am still in the monitoring phase.. Will be watching this for awhile and hopefully things will be clear after the reboot.. Will definitely be in touch to let you know what is going on.. As usual, I thank you for your help...! Quote
ExTS Admin Starbuck Posted January 11, 2019 ExTS Admin Posted January 11, 2019 Yes that sounds good, give it a couple of days and then let me know the outcome. Quote Member of:UNITE
Skyclad Posted January 15, 2019 Author Posted January 15, 2019 Hi Starbuck..... Well, I'm afraid the popups are still there.. More of a nuisance than anything else right now, so not a priority item (I know you are busy with many others).. I would like to get rid of these though at some point.. Just get back in touch whenever is convenient for you to look into this again.... Thanks....! Skyclad Quote
ExTS Admin Starbuck Posted January 15, 2019 ExTS Admin Posted January 15, 2019 Hi Skyclad, Do you get these popups when running your browser, or do they also happen when the system is not on the internet? Quote Member of:UNITE
Skyclad Posted January 16, 2019 Author Posted January 16, 2019 Hi Starbuck... It is definitely when the browser is running.. Nothing shows up when it's not connected to the internet... Quote
ExTS Admin Starbuck Posted January 16, 2019 ExTS Admin Posted January 16, 2019 Hi Skyclad, It is definitely when the browser is running. Ok, according to the FRST report you use Chrome as your default browser. Have you tried running Firefox or IE to see if these popups still occur? If these popups only occur when the browser is running, there must be an extension or an addon that is causing it. Let's see if running Chrome in safe mode will put a stop to these. Running Chrome in safe mode will disable all add-ons & extensions. Click the Menu button in the top-right corner of the window Select More Tools and then Extensions. Uncheck all the Enabled check boxes and restart the browser. If this stops the popups..... you will need to enable the extensions one at a time until you find the one that is causing the problem. Let me know how this goes, also if the problem occurs when using Firefox or IE. Quote Member of:UNITE
Skyclad Posted January 18, 2019 Author Posted January 18, 2019 Hello Starbuck... It appears the problem is with Chrome.. I ran Firefox all afternoon yesterday and there was no popups at all..! So, I just accessed the "Extensions" page, and unticked the ones that showed up there.. There was also an option for "details" and "remove".. Do I remove these at this point or is this the part about ticking on back on at a time to ultimately delete with the remove button..? I'm thinking that is what you're indicating, but want to make sure that's the case and the buttons described above are where I delete or remove the problem.. Let me know when convenient.. Thanks as always! S Quote
ExTS Admin Starbuck Posted January 18, 2019 ExTS Admin Posted January 18, 2019 Hi Skyclad, Yes, turn off all extensions and addons using the slide button. (slide it to the left to turn off) When everything is turned off, try surfing with Chrome. If there's no popups, turn on the the first extension....... surf with Chrome again. Keep doing this until the popups start. Then you will know that the last extension activated is the culprit. This is the one that you remove ( using the remove button). Quote Member of:UNITE
Skyclad Posted January 21, 2019 Author Posted January 21, 2019 Hi Starbuck..! Interesting developments here.. Per your instructions I turned off all the extensions, and later while using Chrome things appeared to be fine...........then the popups began again.. They don't seem quite as frequent as at first, but not for sure.. This may be insignificant, but noticed awhile ago that when I turned on my monitor (which was on a website already via Chrome), a popup didn't show up until I moved the mouse.. Had noticed that pattern previously but only now seeing this pattern.. Hoping this all makes sense on your end.. Thanks for your continued help! Quote
ExTS Admin Starbuck Posted January 21, 2019 ExTS Admin Posted January 21, 2019 Hi Skyclad, when I turned on my monitor (which was on a website already via Chrome), a popup didn't show up until I moved the mouse. I take it that these popups occur on different sites..... not just one in particular. Can you confirm that you completed the Chrome reset as per instructions in post #4. Are you running Chrome by clicking on a Desktop shortcut? The easiest way ( as only Chrome is effected) would be to totally uninstall Chrome ( including bookmarks and history) and download a fresh copy. Would this be an option? Quote Member of:UNITE
Skyclad Posted January 23, 2019 Author Posted January 23, 2019 Hello Starbuck... Thanks for getting back on this.. Yes, the popups occur on different sites and just kind of randomly appear.........although most frequent in the am when first getting online via Chrome.. Regarding your question about the Chrome reset and following the instructions, I reviewed the instructions you sent previously........I've definitely reset the Extensions, but I do not for sure recall performing the following (see below).. Please advise if I need to go back and do this.. Some hesitancy I remember about the list of what it would change.. Thanks again for your help....! S To reset Google Chrome Click the Menu option button at the top right of the Google Chrome screen Select Settings. Click Show advanced settings and find the "Reset browser settings” section. Click Reset browser settings. In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes. Resetting your browser settings will impact the settings below: Default search engine and saved search engines will be reset and to their original defaults. Homepage button will be hidden and the URL that you previously set will be removed. Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook. New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved. Pinned tabs will be unpinned. Content settings will be cleared and reset to their installation defaults. Cookies and site data will be cleared. Extensions and themes will be disabled. Quote
ExTS Admin Starbuck Posted January 24, 2019 ExTS Admin Posted January 24, 2019 Hi Skyclad, Please advise if I need to go back and do this. Yes, you should definitely complete this step. Some hesitancy I remember about the list of what it would change.. Which part are you hesitant on? Quote Member of:UNITE
Skyclad Posted January 25, 2019 Author Posted January 25, 2019 Hi Skyclad, Yes, you should definitely complete this step. Which part are you hesitant on? Hi Starbuck, and thanks again on getting back on this.. I will definitely go back and perform that step that I omitted the first time.. Apologies for that mistake on my part.. In terms of the hesitation mentioned earlier, I think it's the resetting of preferences that I already have set up........and honestly these days were they to change, I likely could not recall how to go in and set some things back.... This is all very likely due to the "getting older" dynamic here and not wanting things to change.. I definitely need to get over that.. I'll perform that step asap to get this done.... Do I need to reRun Rogue Killer after performing the missed step..? Please let me know when convenient.... Thanks again....! Quote
ExTS Admin Starbuck Posted January 25, 2019 ExTS Admin Posted January 25, 2019 Hi Skyclad, Do I need to reRun Rogue Killer after performing the missed step..? No, you shouldn't need to. Running the reset will turn Chrome back to how it was originally when first downloaded. Because 'watchtvnow' is known to change some of Chromes settings, this should reset any alterations. The only other thing you didn't reply to was... Are you running Chrome by clicking on a Desktop shortcut? The reason I asked this is because 'watchtvnow' has been known to alter the setting for Chrome by adding its self to the Startup Target. If you are using a shortcut to start Chrome, you should check this. Right-click Google Chrome shortcut on the Desktop. Select Properties. Target text field under Shortcut tab should only contain the path to .exe file, put in quotes (example: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”). If there’s a URL after the closing quotation mark, delete the URL. Click OK. Repeat the steps with Chrome shortcuts on the taskbar at the bottom of the screen if you have one (for this one you may have to right-click on the shortcut, then right-click on Google Chrome and then click on Properties). Quote Member of:UNITE
Skyclad Posted January 27, 2019 Author Posted January 27, 2019 Hi Skyclad, No, you shouldn't need to. Running the reset will turn Chrome back to how it was originally when first downloaded. Because 'watchtvnow' is known to change some of Chromes settings, this should reset any alterations. The only other thing you didn't reply to was... The reason I asked this is because 'watchtvnow' has been known to alter the setting for Chrome by adding its self to the Startup Target. If you are using a shortcut to start Chrome, you should check this. Right-click Google Chrome shortcut on the Desktop. Select Properties. Target text field under Shortcut tab should only contain the path to .exe file, put in quotes (example: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”). If there’s a URL after the closing quotation mark, delete the URL. Click OK. [ATTACH=full]1820[/ATTACH] Repeat the steps with Chrome shortcuts on the taskbar at the bottom of the screen if you have one (for this one you may have to right-click on the shortcut, then right-click on Google Chrome and then click on Properties). Hello Starbuck.. I'm please to say that after performing the step that I omitted earlier, I have not seen a popUp since.. So glad this is the case..! Regarding your question about a Chrome shortcut on the desktop, I do not have one.. I always log into Chrome from the taskbar... I performed the steps above you indicated on the taskbar Chrome icon and did not see a URL after the chrome.exe.. I'm hoping that we're in the clear on this popUp issue now, but please let me know if there are further steps to take.. Thankfully, things appears good at this point..... Awaiting any further instructions on this, and as always thanks for your help! Quote
ExTS Admin Starbuck Posted January 28, 2019 ExTS Admin Posted January 28, 2019 Hi Skyclad, I always log into Chrome from the taskbar... I performed the steps above you indicated on the taskbar Chrome icon and did not see a URL after the chrome.exe. I'm please to say that after performing the step that I omitted earlier, I have not seen a popUp since That's good to hear. Give it a day or so to be sure, but if all is well you can remove the tools we've used and clear the MalwareBytes quarantine folder ( if there's anything there) Step 1 Restart MalwareBytes. Click on the Quarantine tab Tick to select all items (if any there ) and then click the Delete button. Close MalwareBytes. Step 2 FRST can now be removed: Right click on the FRST icon and select delete. Right click on any fixlog.txt or fixlist.txt files and select delete. Navigate to: C:\frst and delete the frst folder Empty your recycle bin ( to fully remove FRST) Step 3 RogueKiller AntiMalware can be uninstalled from the uninstall list: (if you want to remove it) It can be left and used as an on demand scanner if required. Glad I was able to help. Safe surfing. Quote Member of:UNITE
Skyclad Posted February 1, 2019 Author Posted February 1, 2019 Hi Skyclad, That's good to hear. Give it a day or so to be sure, but if all is well you can remove the tools we've used and clear the MalwareBytes quarantine folder ( if there's anything there) Step 1 Restart MalwareBytes. Click on the Quarantine tab Tick to select all items (if any there ) and then click the Delete button. Close MalwareBytes. Step 2 FRST can now be removed: Right click on the FRST icon and select delete. Right click on any fixlog.txt or fixlist.txt files and select delete. Navigate to: C:\frst and delete the frst folder Empty your recycle bin ( to fully remove FRST) Step 3 RogueKiller AntiMalware can be uninstalled from the uninstall list: (if you want to remove it) It can be left and used as an on demand scanner if required. Glad I was able to help. Safe surfing. [ATTACH=full]1821[/ATTACH] Hi Starbuck! Sorry for the delay in responding back, but am still monitoring things here.. After proclaiming victory earlier, I got a few popUps again.. I repeated the previously omitted step once again, and things seem clear for right now.. Still monitoring! If no further popUps show up in the next day or so, will perform the above to clean up.. Keeping fingers crossed.... As always thanks for your outstanding help...! S Quote
ExTS Admin Starbuck Posted February 1, 2019 ExTS Admin Posted February 1, 2019 After proclaiming victory earlier, I got a few popUps againDid you install any 'free' programs at all prior to the pop ups returning? Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.