Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

All Activity

This stream auto-updates   

  1. Yesterday
  2. Last week
  3. Can you turn the machine off then back on by holding the power button. Then perform a system restore from the recovery console.
  4. ZHP Diag Scan Download ZHP Diag to your desktop. 1. Right Click Run as Admin. 2. Click the Options button. Click on Check All Then Click Validate Then click close. 2. Click the Scanner button. When complete please push the report button. A notepad will open... copy and paste the report in your next reply.
  5. I keep getting a notice that says the "Scripted Diagnostics Native Host" has stopped working. Windows 10
  6. Ok so, when i turned on my laptop, it said, "Repairing disk error. This might take over and hour to complete" but it has been a day and its still going on...wtf is wrong with my lenovo laptop! HELP!
  7. Earlier
  8. Download the Ultimate Boot CD for windows. Start the video below at 53 minutes. Follow the instructions for using the Ultimate Boot CD.
  9. You still need help? ZHP Diag Scan Download ZHP Diag to your desktop. 1. Right Click Run as Admin. 2. Click the Scanner button. When complete please push the report button. A notepad will open... copy and paste the report in your next reply.
  10. solved

    @Kris, I know this is out of no where and a really late reply, but I just wanted to say I really appreciated your help. How are you doing?
  11. Hi, I was doing some stupid stuff like messing with disk management and was curious was setting active partitions would do. I set my memory drives as active for a stupid reason, then, after reading what setting as active partition does, I set my ssd boot drive as the one active. Now "bootmgr is missing, press Ctrl alt del to restart" shows up in the top left corner. I went into boot options and set my ssd as 1st priority yet it didn't change anything. I've also tried hold f8 and manually booting my ssd and that didn't change anything as well. I've tried "repair boot up" via windows 10 installation USB yet nothing is working out so far. Any help would be greatly appreciated. Thank you.
  12. O&O shut up 10 http://win10epicfail.proboards.com/thread/100/interested-participating-tweaker-development-test
  13. After Microsoft-initiated upgrades to Windows 10 (the last three) my PC locks up with a black screen with the little balls running around in a circle. No response to any key or any key combination I can think of. Only solution has been to unplug the computer overnight (brief power outages don't work). I'm fed up and worried that my "fix" won't work next time. Also, I see no way to shut down the computer without letting them perform the upgrade. Any ideas?
  14. Sorry for the delay, anymore issues?
  15. C:\FRST\Quarantine\C\Users\Logan\AppData\Local\Temp\uttB552.tmp.exe.xBAD a variant of Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\Dishonored\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application C:\Program Files (x86)\Dragon Age Inquisition DELUXE EDITION\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application C:\Users\Logan\AppData\Roaming\bitmonero\monero.win.x64.latest.zip a variant of Win64/BitCoinMiner.AK potentially unsafe application C:\Users\Logan\AppData\Roaming\bitmonero\simplewallet.exe a variant of Win64/BitCoinMiner.AK potentially unsafe application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AL potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\chrome\CT3289075\content\popup.js Win32/Conduit.SearchProtect.BC potentially unwanted application C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\AppData\Roaming\ZHP\Quarantine\hsbing_717_active.exe a variant of Win32/Toolbar.Perion.A potentially unwanted application,a variant of Win64/Toolbar.Perion.A potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application,Win32/Toolbar.Perion.K potentially unwanted application,a variant of Win32/Toolbar.Perion.J potentially unwanted application C:\Users\Logan\Application Data\bitmonero\monero.win.x64.latest.zip a variant of Win64/BitCoinMiner.AK potentially unsafe application C:\Users\Logan\Application Data\bitmonero\simplewallet.exe a variant of Win64/BitCoinMiner.AK potentially unsafe application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AL potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\chrome\CT3289075\content\popup.js Win32/Conduit.SearchProtect.BC potentially unwanted application C:\Users\Logan\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application C:\Users\Logan\Application Data\ZHP\Quarantine\hsbing_717_active.exe a variant of Win32/Toolbar.Perion.A potentially unwanted application,a variant of Win64/Toolbar.Perion.A potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application,Win32/Toolbar.Perion.K potentially unwanted application,a variant of Win32/Toolbar.Perion.J potentially unwanted application C:\Users\Logan\Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Logan\Local Settings\Google\Chrome\User Data\backup\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application E:\Documents and Settings\Logan\AppData\Local\Google\Chrome\User Data\backup\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\bitmonero\monero.win.x64.latest.zip a variant of Win64/BitCoinMiner.AK potentially unsafe application E:\Documents and Settings\Logan\AppData\Roaming\bitmonero\simplewallet.exe a variant of Win64/BitCoinMiner.AK potentially unsafe application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AL potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\chrome\CT3289075\content\popup.js Win32/Conduit.SearchProtect.BC potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\AppData\Roaming\ZHP\Quarantine\hsbing_717_active.exe a variant of Win32/Toolbar.Perion.A potentially unwanted application,a variant of Win64/Toolbar.Perion.A potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application,Win32/Toolbar.Perion.K potentially unwanted application,a variant of Win32/Toolbar.Perion.J potentially unwanted application E:\Documents and Settings\Logan\Application Data\bitmonero\monero.win.x64.latest.zip a variant of Win64/BitCoinMiner.AK potentially unsafe application E:\Documents and Settings\Logan\Application Data\bitmonero\simplewallet.exe a variant of Win64/BitCoinMiner.AK potentially unsafe application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AL potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.14.370.24_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeApproveTBPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ChromeAutoApproveTB.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application E:\Documents and Settings\Logan\Application Data\Might & Magic Heroes VI\WebKit\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.562_0\plugins\np-cwmp.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\chrome\CT3289075\content\popup.js Win32/Conduit.SearchProtect.BC potentially unwanted application E:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Documents and Settings\Logan\Application Data\ZHP\Quarantine\hsbing_717_active.exe a variant of Win32/Toolbar.Perion.A potentially unwanted application,a variant of Win64/Toolbar.Perion.A potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application,a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application,Win32/Toolbar.Perion.K potentially unwanted application,a variant of Win32/Toolbar.Perion.J potentially unwanted application E:\Documents and Settings\Logan\Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Documents and Settings\Logan\Local Settings\Google\Chrome\User Data\backup\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application E:\Program Files (x86)\Ask.com\GenericAskToolbar.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Program Files (x86)\Ask.com\precache.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Program Files (x86)\Ask.com\SaUpdate.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Program Files (x86)\Ask.com\UpdateTask.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Program Files (x86)\Ask.com\Updater\Updater.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Program Files (x86)\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application E:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Program Files (x86)\DaemonTools\DaemonTools.exe Win32/OpenCandy potentially unsafe application E:\Program Files (x86)\NCH Swift Sound\Switch\switch.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application E:\Program Files (x86)\NCH Swift Sound\Switch\switchsetup_v4.09.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application E:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application E:\Program Files (x86)\The Cave\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application E:\Program Files (x86)\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application E:\Program Files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Users\Logan\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Local\AskToolbar\Downloaded Program Files\Nerooeopd.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application E:\Users\Logan\AppData\Local\Temp\DWH7098.tmp Win32/Keygen.PF potentially unsafe application E:\Users\Logan\AppData\Local\Temp\DWH9F1C.tmp Win32/Keygen.PF potentially unsafe application E:\Users\Logan\AppData\Local\Temp\DWHFA17.tmp Win32/HackTool.Patcher.A potentially unsafe application E:\Users\Logan\AppData\Local\Temp\GLFACB8.tmp.ConduitEngineSetup.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application E:\Users\Logan\AppData\Local\Temp\ietA6D9.tmp.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Users\Logan\AppData\Local\Temp\prxGLF298C.tmp.tbSend.dll a variant of Win32/Toolbar.Conduit.AQ potentially unwanted application E:\Users\Logan\AppData\Local\Temp\tbSend.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application E:\Users\Logan\AppData\Local\Temp\AAWInstallerTemp\v9.6.0\Ad-Aware.msi a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application E:\Users\Logan\AppData\Local\Temp\is1467487132\bbp-bestbrandprotection-sntb.exe Win32/Toolbar.Zugo potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Toolbar.Zugo potentially unwanted application,Win32/Toolbar.Zugo.E potentially unwanted application E:\Users\Logan\AppData\Local\Temp\NERO20100408180204676\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application E:\Users\Logan\AppData\LocalLow\AskToolbar\nero.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application E:\Users\Logan\AppData\LocalLow\AskToolbar\xaddon.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\content\issigned.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe Win32/Bundled.Toolbar.Ask potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-10-Jun-2011-23-42-36-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Sep-2011-02-35-06-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Aug-2011-04-43-32-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-02-Jun-2011-01-57-54-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-11-Oct-2011-03-36-05-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-03-00-44-GMT\ff-config.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}\chrome\sendspace_bar.jar Win32/Toolbar.Conduit potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}\components\RadioWMPCoreGecko11.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}\modules\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko11.dll a variant of Win32/Toolbar.Conduit.AU potentially unwanted application E:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\rcbc8txw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application E:\Users\Logan\Documents\shit-dehr.iso a variant of Win32/Patched.F potentially unsafe application E:\Windows\Installer\378bb0.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,Win32/Bundled.Toolbar.Ask.H potentially unsafe application Autostart locations Win32/Bundled.Toolbar.Google.D potentially unsafe application error reading archive
  16. ~ ZHPCleaner v2017.4.18.66 by Nicolas Coolman (2017/04/18) ~ Run by Logan (Administrator) (21/04/2017 18:22:04) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Logan\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Logan\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (0) ~ No malicious or unnecessary items found. ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (20) MOVED file: C:\Windows\Installer\wix{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}.SchedServiceConfig.rmi =>.Superfluous.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_1f592befb78c8e02.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_2217fb3654f7d646.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_319ae6e38002c90f.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_4a2979ba3efe5efb.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_4a2979bab095aa2b.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_6d5c9cf373aba07b.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_74ac7fdab0d747b0.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_87f73a25d05f7450.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_a97f7395b80b8607.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_aa82a0082580be7d.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_aa82a008ea68e640.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_b5cdcb026f089b19.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_cbd60dc6d7117a17.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_ce8e83e9a90ac904.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_d468ee2fe94bd600.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\cloud_fe907bd2a8760470.dat =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Temp\launcher_online_options.xml =>.Superfluous.Temporary.Empty MOVED file: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.bonanza.com_0.localstorage =>PUP.Optional.BonanzaDeals MOVED file: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.bonanza.com_0.localstorage-journal =>PUP.Optional.BonanzaDeals ---\\ Registry ( Key, Value, Data) (4) DELETED key*: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} [IPosBHO] =>PUP.Optional.SweetIM DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} [IToolbarURLSearchHook] =>PUP.Optional.SweetIM DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect ---\\ Summary of the elements found (6) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty https://www.anti-malware.top/2016/04/28/pup-optional-bonanzadeals/ =>PUP.Optional.BonanzaDeals https://www.nicolascoolman.com/fr/pup-quickshare/ =>PUP.Optional.QuickShare https://www.nicolascoolman.com/fr/pup-sweetim/ =>PUP.Optional.SweetIM https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Other deletions. (18) ~ Registry Keys Tracing deleted (18) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 839 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 24 ~ End of clean in 00h00mn10s ~==================== ZHPCleaner-[R]-21042017-18_22_14.txt ZHPCleaner--19042017-17_28_58.txt ZHPCleaner--21042017-18_21_33.txt
  17. Disable useless items. Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items. You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.
  18. Please re-run ZHP cleaner, along with this scanner... We need you to run ESET Online Scanner to check and report on your PC. As Eset may take an extended time to run it is important to ensure your PC does not enter Sleep Mode. See HERE if you are not sure how to disable sleep mode. Click HERE to download ESET Online Scanner and save it to your desktop. Disable all Antivirus/Antimalware software. If you are unsure how to do this please ask? Right click on the downloaded Esetonlinescanner_enu.exe desktop icon and select "Run as Administrator" from the drop down menu. If you receive any security warnings you can safely allow Eset to run. On the opening screen click on Accept to agree with the Terms of Use. As per picture below Click "Enable detection of potentially unsafe applications" Click the Advanced settings link. Ensure all options shown ticked here are selected. Click "Scan". Eset will download a virus signature database and commence the scan. Depending on the amount of data on your PC this may take some time, please be patient. At the completion of the scan Eset will display a results dialogue: Click "Save to text file" Another box will open and ask you to name it and also where to save it. Suggest call it Eset.txt and save it to the Desktop. Then choose "Select all". Finally "Clean all". Another dialogue box will open where you can select Finish to complete the scan and clean. Please Copy and paste the contents of the new Eset.txt file in your next reply
  19. : Hijack This Fix. Start HijackThis , Right Click Run as Admin. Close all other open programs prior to running this tool!! Click System Scan Only. Then check mark the items listed below. R1 - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe -autorun O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun O4 - MSConfig\startupreg: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [AdobeBridge] (no file) (HKCU) (2017/04/19) O4 - MSConfig\startupreg: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun (HKCU) (2017/04/19) O4 - MSConfig\startupreg: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing) (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [f.lux] C:\Users\Logan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow (HKCU) (2017/04/19) O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O22 - Task (Queued): \Microsoft\Office\OfficeTelemetryAgentFallBack - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload mininterval:2880 O22 - Task (Queued): \Microsoft\Office\OfficeTelemetryAgentLogOn - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload O22 - Task (Ready): \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (file missing) O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate O22 - Task (Ready): \Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v O22 - Task (Ready): \Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" O22 - Task (Ready): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\Windows\system32\sc.exe start osppsvc O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Intel(R) Update Manager - (iumsvc) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service S3: Overwolf Updater Windows SCM - (OverwolfUpdater) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe Now click on fix checked. After the fix is complete, then reboot your machine.
  20. Still happening. Maybe it's time for a fresh install/upgrade.
  21. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/20/17 Scan Time: 5:47 PM Logfile: mbam.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1771 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Logan-PC\Logan -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 429369 Time Elapsed: 21 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  22. ---------- | AdsFix | g3n-h@ckm@n | V4_05.04.17.1 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 06:53:17 - 20/04/2017 update on : 05/04/2017 | 12.10 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Logan\Desktop\AdsFix.exe Boot: Normal boot [Logan (Administrator)] - [LOGAN-PC] - (usa [0409]) SID = S-1-5-21-1095536993-829723794-2801398977-1000 || [4c6f67616e205e5e] PC : BIOSTAR Group - TZ77A - None Processor : X64 - 3398 - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz Bios : American Megatrends Inc. - 02/14/2012 - V.4.6.5 CoreTemp : 33 C CPU #1 value:75 % CPU #2 value:56 % CPU #3 value:62 % CPU #4 value:68 % Total Overall CPU Usage value:65 % System : Windows 7 Enterprise (64 bits) Enterprise Service Pack 1 RAM memory = Total (MB) : 16741 | Free (MB) : 11540 Pagefile = Total (MB) : 33481 | Free (MB) : 25400 Virtual = Total (MB) : 4194 | Free (MB) : 3969 C:\ -> [Fixed] | [] | Total : 892.35 Go | Free : 97.19 Go -> NTFS [ATA] D:\ -> [Fixed] | [System Reserved] | Total : 0.1 Go | Free : 0.07 Go -> NTFS [ATA] E:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 10 Go -> NTFS [ATA] F:\ -> [Fixed] | [System Reserved] | Total : 0.1 Go | Free : 0.06 Go -> NTFS [ATA] Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [20.04.2017 @ 06_53_14]) or an element Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore" ---------- | Windows Updates Last detection : 2017-04-20 07:30:56 Last downloaded : 2017-04-20 08:14:34 Last installation : 2017-04-20 07:22:47 Next search : 2017-04-21 01:23:35 Possible Fixed Windows (Notification Mode) ---------- | Browsers IE : 11.0.9600.17801 (© Microsoft Corporation. All rights reserved.) FF : 53.0.0.6312 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 58.0.3029.81 (Copyright 2016 Google Inc. All rights reserved.) ---------- | Security (atcav : 0) AV : Malwarebytes Disabled AS : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = Order FW: Windows FireWall Service [Auto(2)] = Started WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started ---------- | FlashPlayer Plugin : 25.0.0.148 ---------- | Killed processes 1148 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Cisco Systems, Inc. - VPN Agent Service.) - (3.1.2026.0) = C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 1412 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe 1448 | [Owner : Logan |Parent : 632(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 1688 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1720 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (3.7.0.466) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 1840 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.374.913.1) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1892 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Hi-Rez Studios - HiPatchService.) - (3.9.1.8) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 1992 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe 2024 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe 1116 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2158.9553) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 1520 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 892 | [Owner : NETWORK SERVICE |Parent : 632(services.exe)] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2182.3155) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 2124 | [Owner : SYSTEM |Parent : 1520()] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 2392 | [Owner : Logan |Parent : 1116()] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2158.9553) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe 3000 | [Owner : Logan |Parent : 2124()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8165) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3028 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.-.) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe 3052 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.- GameScannerService.) - (1.0.6.2835) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2432 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Microsoft Corporation - Microsoft® Windows Live ID Service.) - (6.500.3165.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2944 | [Owner : SYSTEM |Parent : 2432(WLIDSVC.EXE)] - (.Microsoft Corporation - Microsoft® Windows Live ID Service Monitor.) - (6.500.3165.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3444 | [Owner : Logan |Parent : 3656(explorer.exe)] - (.Apple Inc. - iTunesHelper.) - (12.6.0.100) = C:\Program Files\iTunes\iTunesHelper.exe 3484 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (10.1.0.74) = C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe 3912 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Apple Inc. - iPodService Module (64-bit).) - (12.6.0.100) = C:\Program Files\iPod\bin\iPodService.exe 4288 | [Owner : NETWORK SERVICE |Parent : 632(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 5452 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Intel Corporation - Intel(R) ME Service.) - (8.1.0.1256) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 5484 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 5492 | [Owner : SYSTEM |Parent : 5420()] - (.Google Inc. - Google Installer.) - (1.3.28.13) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 3024 | [Owner : Logan |Parent : 3656(explorer.exe)] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 4112 | [Owner : Logan |Parent : 3024(chrome.exe)] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1592 | [Owner : Logan |Parent : 3024(chrome.exe)] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 5388 | [Owner : Logan |Parent : 3024(chrome.exe)] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1324 | [Owner : Logan |Parent : 3024(chrome.exe)] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 4628 | [Owner : SYSTEM |Parent : 632(services.exe)] - (.Intel Corporation - User Notification Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 2784 | [Owner : Logan |Parent : 3024()] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 5168 | [Owner : Logan |Parent : 5076()] - (.Valve Corporation - Steam Client Bootstrapper.) - (3.91.95.5) = C:\Program Files (x86)\Steam\Steam.exe 1332 | [Owner : Logan |Parent : 5168(Steam.exe)] - (.Valve Corporation - Steam Client WebHelper.) - (3.91.95.5) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe 5036 | [Owner : Logan |Parent : 5168(Steam.exe)] - (.-.) - (1.0.3.0) = C:\Program Files (x86)\Steam\SteamApps\common\Mad Max\MadMax.exe 2312 | [Owner : Logan |Parent : 5168(Steam.exe)] - (.Valve Corporation - gameoverlayui.exe.) - (3.91.95.5) = C:\Program Files (x86)\Steam\GameOverlayUI.exe 4024 | [Owner : Logan |Parent : 632(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 3552 | [Owner : NETWORK SERVICE |Parent : 632(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe ---------- | Tasks ---------- | Services Service : WINDEFEND : Restored ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Register Deleted successfully : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe : # Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp # Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL : # Deleted successfully : HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\doubleclick.net Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5} : C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll # Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E} : # C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12} : {316C9EA4-6140-4BC8-8537-B08D0D115D9E} Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12} : {316C9EA4-6140-4BC8-8537-B08D0D115D9E} Deleted successfully : HKU\S-1-5-18\SOFTWARE\AppDataLow\Software\PasswordBox Deleted successfully : HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Chromium Deleted successfully : HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\AppDataLow\Software\PasswordBox Deleted successfully : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]~[ITBar7Height] : 22 Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Deleted successfully : HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Users\Logan\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Game Booster_is1 : (Game Booster 3) "C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe" -> C:\Program Files (x86)\IObit\Game Booster 3\ ---------- | Folders | Files Deleted successfully : C:\Users\Public\Desktop\Game Booster 3.lnk (.-.) C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe Deleted successfully : C:\Users\Public\Desktop\Switch to Gaming Mode.lnk (.-.) C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dhdgffkkebhmkfjojejmpbldmpobfkfo Deleted successfully : C:\Users\Logan\AppData\Local\Chromium Deleted successfully : C:\Users\Logan\AppData\Local\CrashRpt Deleted successfully : C:\Users\Logan\AppData\LocalLow\Unity\WebPlayer Deleted successfully : C:\ProgramData\RzMaelstromVAD_1.1.41.1089 Deleted successfully : C:\ProgramData\RzMaelstromVAD_1.1.47.1552 Deleted successfully : C:\ProgramData\RzMaelstromVAD_1.1.58.1854 ---------- | .LNK ---------- | opening unknown extension ---------- | Proxy ---------- | Internet Explorer Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm Repaired : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Repaired : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Repaired : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Repaired : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Repaired : [HKU\S-1-5-21-1095536993-829723794-2801398977-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex : X ---------- | Google Chrome Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog) Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo = (Changelog) Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\dpdmhfocilnekecfjgimjdeckachfbec = permissions: [ \u003Call_urls> activeTab background browsingData clipboardRead clipboardWrite contextMenus cookies declarativeContent identity idle nativeMessaging notificationProvider notifications pageCapture proxy storage tabCapture tabs unlimitedStorage webRequest webRequestBlocking ] Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = description: Quickly access Skype for Web and Share on Skype through your browser Deleted successfully : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ] C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\backup\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm = : __MSG_extShortDesc__ -name: uBlock Origin -short_name: uBlock₀ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\okgdnknbephdpcpdmhdoipbimihfnccm = : EarnHoney HD$ meter. Keep track of your earnings progress as you take surveys play games and watch videos. - EarnHoney HD$ meter - https://clients2.google.com/service/update2/crx C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | SrWare Iron : X ---------- | Comodo Dragon : X ---------- | Firefox [Profile0] - Name=default -> Profiles/pgl9o5tr.default ---------- | SeaMonkey : X ---------- | Pale moon : X ---------- | Opera : X ---------- | Spark (Baidu) : X ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ---------- | ADS Other(s) report(s) Analyzed : 497098 | Modified : 6 | Deleted : 37 ---------- |EOF| ---------- | 10:28:05 | [20 Ko]
  23. Load more activity

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!