Topics tagged under "1" on WiredWX Christian Hobby Weather Tools

infected laptop

NOTE #1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Darshana (administrator) on PANCHALFAMILY (30-03-2018 22:05:56)
Running from C:\Users\Darshana\Downloads
Loaded Profiles: Darshana (Available Profiles: Darshana & emani)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\arto.exe
() C:\Users\Darshana\AppData\Local\arto.exe
() C:\Users\Darshana\AppData\Local\peanut.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Insley\arto.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Users\Darshana\AppData\Local\peanut.exe
() C:\Users\Darshana\AppData\Local\arto.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\mandarin\marathi.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\mois\arto.exe
() C:\Program Files (x86)\Insley\peanut.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_video.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.263.1801.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
() C:\Program Files (x86)\Gibsons\peanut.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\Gibsons\peanut.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor)
HKLM\...\Run: [reckoned] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKLM\...\Run: [reckonedclinics] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKLM\...\Run: [reckonedreckoned] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [trumpets] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [trumpetsdiorama] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKLM-x32\...\Run: [trumpetstrumpets] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [diorama] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [dioramatrumpets] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [dioramadiorama] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinics] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinicsreckoned] => C:\Program Files (x86)\mois\arto.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [clinicsclinics] => C:\Program Files (x86)\Insley\peanut.exe [139776 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [marathi] => C:\Program Files (x86)\mandarin\marathi.exe [66832 2018-03-08] ()
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\Run: [kinship] => C:\Program Files (x86)\Gibsons\peanut.exe [139776 2018-03-08] ()
Startup: C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\commendably.lnk [2018-03-08]
ShortcutTarget: commendably.lnk -> C:\Program Files (x86)\Gibsons\peanut.exe ()
Startup: C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\commendablycommendably.lnk [2018-03-08]
ShortcutTarget: commendablycommendably.lnk -> C:\Program Files (x86)\mois\arto.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b6ff9527-1a31-46c5-bd98-ca3176acb48d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b6ff9527-1a31-46c5-bd98-ca3176acb48d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c2b9313f-cbae-45ca-a98c-c7b6017bacb4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{faf1cc92-181e-40eb-8977-a2aa961609eb}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{fbf30311-849a-43e8-aa3b-60e7a3a3f519}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {D30033F5-8C51-4E4A-B401-13293E04B767} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2438051969-607994775-1632804330-1001 -> {D30033F5-8C51-4E4A-B401-13293E04B767} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2438051969-607994775-1632804330-1001 -> hxxp://google.com/

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (Slides) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-08]
CHR Extension: (Docs) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-08]
CHR Extension: (Google Drive) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-08]
CHR Extension: (YouTube) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-19]
CHR Extension: (Sheets) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-08]
CHR Extension: (Gmail) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Darshana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2016-05-06] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-30] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-08] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [177800 2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2016-05-06] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2016-05-06] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2016-05-06] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-19] (Malwarebytes)
R1 MpKsl2cac190a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64F7DADC-D7C9-46DB-AF9D-59B38E283875}\MpKsl2cac190a.sys [58120 2018-03-19] (Microsoft Corporation)
R1 MpKslc22aa6d3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DECCA136-D2CF-48C8-AA14-542C1042DC83}\MpKslc22aa6d3.sys [58120 2018-03-19] (Microsoft Corporation)
R1 MpKsld4c78389; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A49F1DD-00E7-4CAB-B14F-DC1BFD2A5A04}\MpKsld4c78389.sys [58120 2018-03-30] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-08] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-08] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:05 - 2018-03-30 22:07 - 000019430 _____ C:\Users\Darshana\Downloads\FRST.txt
2018-03-30 22:05 - 2018-03-30 22:05 - 002403328 _____ (Farbar) C:\Users\Darshana\Downloads\FRST64.exe
2018-03-30 22:05 - 2018-03-30 22:05 - 000000000 ____D C:\FRST
2018-03-30 19:38 - 2018-03-30 19:38 - 000000000 ___HD C:\OneDriveTemp
2018-03-19 19:30 - 2018-03-19 19:30 - 000000000 ____D C:\Users\Darshana\AppData\Local\CEF
2018-03-19 19:29 - 2018-03-19 19:29 - 000000000 ____D C:\Users\Darshana\AppData\LocalLow\Adobe
2018-03-19 19:25 - 2018-03-19 20:59 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-19 19:06 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-19 19:06 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-19 18:43 - 2018-03-19 21:02 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-19 18:43 - 2018-03-19 19:22 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-03-19 18:36 - 2018-03-19 18:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-19 18:33 - 2018-03-19 19:31 - 000000000 ____D C:\ProgramData\Adobe
2018-03-19 18:31 - 2018-03-19 19:30 - 000000000 ____D C:\Users\Darshana\AppData\Local\Adobe
2018-03-19 06:44 - 2018-03-19 06:44 - 000026246 _____ C:\Users\Darshana\Downloads\SHRM Roster 2018 (1).xlsx
2018-03-19 06:43 - 2018-03-19 06:44 - 000026246 _____ C:\Users\Darshana\Downloads\SHRM Roster 2018.xlsx
2018-03-15 21:19 - 2018-03-15 21:19 - 000195377 _____ C:\Users\Darshana\Desktop\OkOKP.pdf
2018-03-15 21:12 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-15 21:12 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-15 21:12 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-15 21:12 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-15 21:12 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-15 21:12 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-15 21:12 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-15 21:12 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-15 21:12 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-15 21:12 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-15 21:12 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-15 21:12 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-15 21:12 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-15 21:12 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-15 21:12 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-15 21:12 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-15 21:12 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-15 21:12 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-15 21:12 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-15 21:12 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-15 21:12 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-15 21:12 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-15 21:12 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-15 21:12 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-15 21:12 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-15 21:12 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-15 21:12 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-15 21:12 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-15 21:12 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-15 21:12 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-15 21:12 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-15 21:12 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-15 21:12 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-15 21:12 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-15 21:12 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-15 21:12 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-15 21:12 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-15 21:12 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-15 21:12 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-15 21:12 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-15 21:12 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-15 21:12 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-15 21:12 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-15 21:12 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-15 21:12 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-15 21:12 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-15 21:12 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-15 21:12 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-15 21:12 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-15 21:12 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-15 21:12 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-15 21:12 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-15 21:12 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-15 21:12 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-15 21:12 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-15 21:12 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-15 21:12 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-15 21:12 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-15 21:12 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-15 21:12 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-15 21:12 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-15 21:12 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-15 21:12 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-15 21:12 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-15 21:12 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-15 21:12 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-15 21:12 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-15 21:12 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-15 21:12 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-15 21:12 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-15 21:12 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-15 21:12 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-15 21:12 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-15 21:12 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-15 21:12 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-15 21:12 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-15 21:12 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-15 21:12 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-15 21:12 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-15 21:12 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-15 21:12 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-15 21:12 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-15 21:12 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-15 21:12 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-15 21:12 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-15 21:11 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-15 21:11 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-15 21:11 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-15 21:11 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-15 21:11 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-15 21:11 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-15 21:11 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-15 21:11 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-15 21:11 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-15 21:11 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-15 21:11 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-15 21:11 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-15 21:11 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-15 21:11 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-15 21:11 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-15 21:11 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-15 21:11 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-15 21:11 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-15 21:11 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-15 21:11 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-15 21:11 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-15 21:11 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-15 21:11 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-15 21:11 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-15 21:11 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-15 21:11 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-15 21:11 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-15 21:11 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-15 21:11 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-15 21:11 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-15 21:11 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-15 21:11 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-15 21:11 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-15 21:11 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-15 21:11 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-15 21:11 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-15 21:11 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-15 21:11 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-15 21:11 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-15 21:11 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-15 21:11 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-15 21:11 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-15 21:11 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-15 21:11 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-15 21:11 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-15 21:11 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-15 21:11 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-15 21:11 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-15 21:11 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-15 21:11 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-15 21:11 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-15 21:11 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-15 21:11 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-15 21:11 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-15 21:11 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-15 21:11 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-15 21:11 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-15 21:11 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-15 21:11 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-15 21:11 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-15 21:11 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-15 21:11 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-15 21:11 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-15 21:11 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-15 21:11 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-15 21:11 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-15 21:11 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-15 21:11 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-15 21:11 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-15 21:01 - 2018-03-15 21:01 - 000165649 _____ C:\Users\Darshana\Desktop\Payment Receipt.pdf
2018-03-08 20:54 - 2018-03-08 20:54 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\11756
2018-03-08 20:41 - 2018-03-08 20:41 - 000000000 ____D C:\Cinavia
2018-03-08 16:21 - 2018-03-19 19:04 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-08 16:16 - 2018-03-08 16:16 - 000000832 _____ C:\Users\Darshana\Desktop\PeaZip.lnk
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\PeaZip
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2018-03-08 16:16 - 2018-03-08 16:16 - 000000000 ____D C:\Program Files\PeaZip
2018-03-08 16:14 - 2018-03-08 16:14 - 007785353 _____ (Giorgio Tani ) C:\Users\Darshana\Downloads\peazip-6.5.1.WIN64.exe
2018-03-08 16:10 - 2018-03-29 20:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-08 16:10 - 2018-03-29 20:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-08 16:09 - 2018-03-08 16:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-08 16:09 - 2018-03-08 16:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-08 15:22 - 2018-03-08 15:22 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-08 15:22 - 2018-03-08 15:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-08 15:22 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-08 14:50 - 2018-03-08 14:50 - 069033984 _____ (Malwarebytes ) C:\Users\Darshana\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4246.exe
2018-03-08 14:49 - 2018-03-08 21:02 - 000000000 ____D C:\Users\Darshana\Desktop\revouninstaller-portable
2018-03-08 14:21 - 2018-03-08 14:21 - 000004012 _____ C:\WINDOWS\System32\Tasks\bickered_complementarity
2018-03-08 14:21 - 2018-03-08 14:21 - 000003976 _____ C:\WINDOWS\System32\Tasks\photos_polygamists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003968 _____ C:\WINDOWS\System32\Tasks\ck sime ironweed
2018-03-08 14:21 - 2018-03-08 14:21 - 000003950 _____ C:\WINDOWS\System32\Tasks\maximum lauritz
2018-03-08 14:21 - 2018-03-08 14:21 - 000003950 _____ C:\WINDOWS\System32\Tasks\khartoum-marson
2018-03-08 14:21 - 2018-03-08 14:21 - 000003942 _____ C:\WINDOWS\System32\Tasks\survivalists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003918 _____ C:\WINDOWS\System32\Tasks\Sabickered_complementaritybickered_complementarity
2018-03-08 14:21 - 2018-03-08 14:21 - 000003870 _____ C:\WINDOWS\System32\Tasks\Saphotos_polygamistsphotos_polygamists
2018-03-08 14:21 - 2018-03-08 14:21 - 000003858 _____ C:\WINDOWS\System32\Tasks\Sack sime ironweedck sime ironweed
2018-03-08 14:21 - 2018-03-08 14:21 - 000003842 _____ C:\WINDOWS\System32\Tasks\Samaximum lauritzmaximum lauritz
2018-03-08 14:21 - 2018-03-08 14:21 - 000003838 _____ C:\WINDOWS\System32\Tasks\Sakhartoum-marsonkhartoum-marson
2018-03-08 14:21 - 2018-03-08 14:21 - 000003824 _____ C:\WINDOWS\System32\Tasks\Sasurvivalistssurvivalists
2018-03-08 14:20 - 2018-03-08 15:43 - 000000000 ____D C:\Program Files (x86)\curvaceous
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ___HD C:\Program Files (x86)\mandarin
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ___HD C:\Program Files (x86)\Insley
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ____D C:\Program Files (x86)\mois
2018-03-08 14:20 - 2018-03-08 14:20 - 000000000 ____D C:\Program Files (x86)\Gibsons
2018-03-08 14:19 - 2018-03-08 14:19 - 000003418 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\AGData
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Users\Darshana\AppData\Local\AdvinstAnalytics
2018-03-08 14:19 - 2018-03-08 14:19 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-03-08 14:18 - 2018-03-08 14:18 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\SystemHealer
2018-03-08 14:17 - 2018-03-08 14:17 - 000003072 _____ C:\Users\Darshana\AppData\Local\removeHN.exe
2018-03-08 14:16 - 2018-03-08 15:42 - 000000000 ____D C:\Program Files\ff3840118776bf1765dcf32a7e449a2c
2018-03-08 14:16 - 2018-03-08 14:16 - 001223168 _____ C:\WINDOWS\f70448de34f9dc77c4c8d8934a0e0eb2.dll
2018-03-08 14:16 - 2018-03-08 14:16 - 000021604 _____ C:\WINDOWS\System32\Tasks\ja3VrQEySTpn
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\WINDOWS\greer.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ C:\Users\Darshana\AppData\Local\arto.exe
2018-03-07 12:51 - 2018-03-07 12:51 - 000038434 _____ C:\WINDOWS\uninstaller.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:05 - 2015-11-29 22:27 - 000000000 ____D C:\Users\Darshana\Documents\YouCam
2018-03-30 22:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-30 22:03 - 2018-01-21 11:26 - 001345108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-30 22:00 - 2015-11-29 22:30 - 000000000 ___RD C:\Users\Darshana\OneDrive
2018-03-30 21:57 - 2017-08-10 06:40 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-30 21:57 - 2015-11-29 22:26 - 000000000 __SHD C:\Users\Darshana\IntelGraphicsProfiles
2018-03-30 21:56 - 2018-01-21 11:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-30 21:56 - 2018-01-21 11:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-30 19:43 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-30 19:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-30 19:38 - 2018-01-21 11:49 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2438051969-607994775-1632804330-1001
2018-03-30 19:38 - 2015-11-29 22:30 - 000002379 _____ C:\Users\Darshana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-30 19:33 - 2018-01-21 11:27 - 000000000 ____D C:\Users\Darshana
2018-03-29 21:29 - 2015-11-29 22:26 - 000000000 ____D C:\Users\Darshana\AppData\Local\VirtualStore
2018-03-29 17:58 - 2018-01-21 11:49 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{14CAFCA3-2B72-4C1E-BB49-E3FBE5E0FE9B}
2018-03-19 19:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-19 19:29 - 2015-11-29 22:26 - 000000000 ____D C:\Users\Darshana\AppData\Roaming\Adobe
2018-03-19 19:25 - 2017-07-08 08:03 - 000000000 ____D C:\ProgramData\Freemake
2018-03-19 19:09 - 2018-01-21 12:24 - 000000000 ___RD C:\Users\Darshana\3D Objects
2018-03-19 19:09 - 2015-07-16 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-19 19:06 - 2018-01-21 11:21 - 000405536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-19 19:06 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-19 19:03 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-19 19:02 - 2017-05-23 19:48 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDarshana.job
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-19 19:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-19 18:11 - 2018-01-21 11:49 - 000003276 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDarshana
2018-03-19 06:47 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 21:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-15 21:16 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-15 21:16 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-08 16:09 - 2017-08-09 22:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-08 15:15 - 2018-01-21 11:29 - 000000000 ____D C:\Users\Darshana\AppData\Local\Packages
2018-03-08 14:17 - 2018-02-26 08:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-08 14:17 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender

==================== Files in the root of some directories =======

2017-01-26 21:32 - 2017-01-26 21:32 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 14:17 - 2018-03-08 14:17 - 000003072 _____ () C:\Users\Darshana\AppData\Local\removeHN.exe

Some files in TEMP:
====================
2018-02-23 08:22 - 2018-02-23 08:22 - 016163316 _____ () C:\Users\Darshana\AppData\Local\Temp\setup.dll
2018-01-21 14:23 - 2013-10-17 15:15 - 000450560 ____R (Macrovision Corporation) C:\Users\Darshana\AppData\Local\Temp\_isEC3F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-08 14:06

==================== End of FRST.txt ============================

by Darshmeet on 31st March 2018, 3:14 am
Search in: Technical Support Topic: infected laptop Replies: 25 Views: 4133

Computer Infected and Tough Getting It Cleaned

That is one old infection, and what's weird is that it creates itself using very old programming schemes back from Windows XP days. This would be a Windows XP exploit... Why it's causing issues on a W10 PC is beyond me, but it's not like it can do all that much damage as long as Windows is patched.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind directx.sys svchost.com popen
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please also download CKScanner by askey127 from here
Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

by Dr Jay on 29th October 2017, 6:10 pm
Search in: Technical Support Topic: Computer Infected and Tough Getting It Cleaned Replies: 23 Views: 3159

[INACTIVE] NetUtils2016: PC badly affected after installing program

Please download and run the Google Chrome Software Cleaner.

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind *netutils*
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

by Dr Jay on 12th February 2017, 11:07 pm
Search in: Technical Support Topic: [INACTIVE] NetUtils2016: PC badly affected after installing program Replies: 64 Views: 9836

Firefox Hacks/Tweaks/Add Ons

Fast loading web pages while surfing the Internet may have more to do with your web browser settings and preferences than your Internet connection speed.

Try these easy Firefox tweaks and you’ll see that you’re surfing the Internet from 3 to 30 times faster!

To get started, open your Firefox web browser. In the address/location bar type [about] and then press your Enter key. (NOTE: DON’T TYPE THE BRACKETS.)

Open Firefox Web Browser

Tweak #1:
In the Filter bar type [network.http.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #2:
In the Filter bar type [network.http.pipelining.maxrequests]. Then, double-click on this line under Preference Name and change the value from 4 to a higher number anywhere from 10 to 30. I set mine to 30.

Tweak #3:
In the Filter bar type [network.http.proxy.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #4:
In the Filter bar type [network.dns.disableIPv6]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #5:
In the Filter bar type [plugin.expose_full_path]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #6:
In the Filter bar type [network.protocol-handler.external.ms-help]. Now, you are going to create a new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer.

In the New Integer value box type in [nglayout.initialpaint.delay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Tweak #7:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [content.notify.backoffcount] and click OK. Then in the Enter Integer value box type [5] and click OK.

Tweak #8:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [ui.submenuDelay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Now, close your web browser and restart it. You’ll see how much faster web pages are loading.

Firefox Add-Ons

by techy on 13th January 2009, 3:38 am
Search in: Tech Tutorials Topic: Firefox Hacks/Tweaks/Add Ons Replies: 11 Views: 5831

Search found 4 matches for 1

infected laptop

Computer Infected and Tough Getting It Cleaned

[INACTIVE] NetUtils2016: PC badly affected after installing program

Firefox Hacks/Tweaks/Add Ons