Malware analyse before SFCFix.exe

H

Hortiks

Member
Joined
Mar 25, 2019
Posts
17
Hello,
i'll be brief cause my laptop does not recognize keys of my keyboard. (thx visual keyboard)
All started with the laptop (Acer) refusing to boot on windows. I installed a linux distrib OK but my brother (owner of PC) refuses to use it.
I tried a default parameters reset of old WinX KO.
I installed a new WinX iso but there is a problem with WindowsUpdate and the tool SFCFix recommands a malware analyse and here i'm.
Thx for the help, i copy the 2 txt: FRST.txt and Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by julie (administrator) on DESKTOP-RMHG9C4 (25-03-2019 05:15:18)
Running from C:\Users\julie\Desktop
Loaded Profiles: julie (Available Profiles: julie)
Platform: Windows 10 Home Version 1803 17134.1 (X64) Language: Français (France)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Failed to access process -> Utilman.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-1547822664-3201803625-392272246-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b29afb59-4444-4ef3-8c16-428cc3bd3049}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: acxjrivf.default
FF ProfilePath: C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\acxjrivf.default [2019-03-25]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default [2019-03-23]
CHR Extension: (Slides) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-10]
CHR Extension: (Docs) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-10]
CHR Extension: (Google Drive) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-10]
CHR Extension: (YouTube) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-10]
CHR Extension: (Adblock Plus) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-10]
CHR Extension: (Dark Reader) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-01-10]
CHR Extension: (Sheets) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-10]
CHR Extension: (Google Docs hors connexion) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-10]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-10]
CHR Extension: (Gmail) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-10]
CHR Profile: C:\Users\julie\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [713816 2018-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-03-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-23] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-03-24] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-03-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-03-24] (Malwarebytes Corporation -> Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-11-19] (Intel(R) CherryTrail Windows -> Intel(R) Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [758312 2018-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [6320640 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [148240 2015-10-13] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 05:15 - 2019-03-25 05:17 - 000014062 _ C:\Users\julie\Desktop\FRST.txt
2019-03-25 05:15 - 2019-03-25 05:15 - 000000000 ____D C:\FRST
2019-03-25 05:10 - 2019-03-25 05:10 - 002434048 _ (Farbar) C:\Users\julie\Desktop\EnglishFRST64.exe
2019-03-25 04:51 - 2019-03-25 04:51 - 000000000 ____D C:\Users\julie\AppData\Local\niemiro
2019-03-25 04:31 - 2019-03-25 04:31 - 000000997 _ C:\Users\julie\Desktop\dism.log - Raccourci.lnk
2019-03-24 11:51 - 2019-03-24 11:51 - 002358744 _ (niemiro) C:\Users\julie\Desktop\SFCFix.exe
2019-03-24 11:23 - 2019-03-24 11:23 - 000002473 _ C:\Users\julie\Desktop\CBS.log - Raccourci.lnk
2019-03-24 09:27 - 2019-03-24 09:27 - 014148941 _ C:\Users\julie\Desktop\windows10.0-kb4456655-x64_fca3f0c885da48efc6f9699b0c1eaf424e779434.msu
2019-03-24 09:10 - 2019-03-24 09:10 - 014383609 _ C:\Users\julie\Desktop\windows10.0-kb4470788-x64_76f112f2b02b1716cdc0cab6c40f73764759cb0d.msu
2019-03-24 08:57 - 2019-03-24 08:57 - 000000000 ____D C:\Users\julie\AppData\Local\ElevatedDiagnostics
2019-03-24 08:41 - 2019-03-24 08:41 - 000000656 _ C:\Users\julie\Desktop\wu10.diagcab
2019-03-24 08:39 - 2019-03-24 08:39 - 000000656 _ C:\Users\julie\Downloads\wu10.diagcab
2019-03-24 06:07 - 2019-03-24 10:45 - 000073912 _ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-03-24 06:06 - 2019-03-25 04:09 - 000274416 _ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-24 06:06 - 2019-03-24 06:06 - 000127136 _ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-03-24 06:06 - 2019-03-24 06:06 - 000114040 _ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-03-24 06:05 - 2019-03-25 04:07 - 000001134 _ C:\Windows\system32\config\VSMIDK
2019-03-24 02:10 - 2019-03-24 08:57 - 000000000 ____D C:\Users\julie\AppData\Local\CrashDumps
2019-03-23 16:22 - 2019-03-24 11:33 - 000000000 ____D C:\Program Files\CUAssistant
2019-03-23 15:52 - 2019-03-23 15:52 - 000000000 ___HD C:\$WINDOWS.~BT
2019-03-23 15:18 - 2018-09-20 05:12 - 001483576 _ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-03-23 11:19 - 2019-03-23 11:19 - 000000138 _ C:\Users\julie\Desktop\winUpdate.url
2019-03-23 11:18 - 2019-03-23 11:19 - 092996776 _ (Microsoft Corporation) C:\Users\julie\Desktop\mpam-fe.exe
2019-03-23 03:21 - 2019-03-25 05:09 - 000000715 _ C:\Users\julie\Desktop\commandes.txt
2019-03-23 02:38 - 2019-03-23 02:38 - 000000000 ____D C:\Users\julie\Desktop\Nouveau dossier
2019-03-23 02:18 - 2019-03-23 02:18 - 000000000 ____D C:\Users\julie\AppData\Local\DBG
2019-03-23 02:05 - 2019-03-23 02:05 - 000001532 _ C:\Users\julie\Desktop\malwarebytes.txt
2019-03-23 02:00 - 2019-03-23 02:00 - 000001912 _ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-23 02:00 - 2019-03-23 02:00 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-23 01:42 - 2019-03-23 01:42 - 000001168 _ C:\Users\julie\Desktop\Event Viewer.lnk
2019-03-23 01:42 - 2019-03-23 01:42 - 000001108 _ C:\Users\julie\Desktop\Resource Monitor.lnk
2019-03-23 01:41 - 2019-03-23 01:41 - 000001132 _ C:\Users\julie\Desktop\Task Scheduler.lnk
2019-03-23 01:09 - 2019-03-23 01:09 - 000010454 _ C:\Users\julie\Desktop\tasklist.txt
2019-03-23 00:56 - 2019-03-23 00:56 - 000000938 _ C:\Users\julie\Desktop\startupp.txt
2019-03-23 00:55 - 2019-03-23 00:55 - 000000938 _ C:\Users\julie\Desktop\startup.txt
2019-03-23 00:53 - 2019-03-25 05:12 - 000002236 _ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-03-23 00:53 - 2019-03-24 10:42 - 000003254 _ C:\Windows\System32\Tasks\CCleaner Update
2019-03-23 00:53 - 2019-03-23 00:53 - 000000863 _ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-23 00:53 - 2019-03-23 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-23 00:53 - 2019-03-23 00:53 - 000000000 ____D C:\Program Files\CCleaner
2019-03-23 00:04 - 2019-03-23 00:04 - 000000000 ____D C:\Users\julie\AppData\Local\mbam
2019-03-23 00:03 - 2019-03-23 11:15 - 000198512 _ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-03-23 00:03 - 2019-03-23 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-23 00:03 - 2019-03-23 00:03 - 000000000 ____D C:\Users\julie\AppData\Local\mbamtray
2019-03-23 00:03 - 2019-02-01 12:20 - 000020936 _ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-03-23 00:03 - 2019-01-08 16:32 - 000153328 _ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-23 00:02 - 2019-03-23 00:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-23 00:02 - 2019-03-22 23:54 - 062402408 _ (Malwarebytes ) C:\Users\julie\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9800.exe
2019-03-22 23:58 - 2019-03-22 23:58 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-03-06 11:03 - 2019-01-11 15:42 - 000361352 _ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 05:16 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp
2019-03-25 05:12 - 2019-01-11 15:44 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-03-25 05:12 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-25 05:08 - 2019-01-14 22:44 - 000000000 _ C:\Windows\system32\last.dump
2019-03-25 05:03 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2019-03-25 04:15 - 2019-01-10 16:26 - 000004330 _ C:\Windows\system32\PerfStringBackup.INI
2019-03-25 04:15 - 2018-04-12 17:18 - 000279994 _ C:\Windows\system32\perfh00C.dat
2019-03-25 04:15 - 2018-04-12 17:18 - 000222360 _ C:\Windows\system32\perfc00C.dat
2019-03-25 04:09 - 2019-01-11 10:08 - 000000000 __SHD C:\Users\julie\IntelGraphicsProfiles
2019-03-25 04:08 - 2019-01-11 15:44 - 000004264 _ C:\Windows\System32\Tasks\Avast Emergency Update
2019-03-25 04:07 - 2019-01-10 17:39 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-25 04:07 - 2019-01-10 16:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-25 04:06 - 2018-04-11 22:04 - 000524288 _ C:\Windows\system32\config\BBI
2019-03-25 04:05 - 2019-01-10 16:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-03-25 04:05 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2019-03-24 10:45 - 2019-01-10 17:33 - 000000000 ____D C:\Users\julie
2019-03-24 09:43 - 2019-01-10 17:39 - 000000000 ____D C:\Users\julie\AppData\Local\Packages
2019-03-24 09:42 - 2019-01-10 17:43 - 000000000 ____D C:\Users\julie\AppData\Local\PlaceholderTileLogoFolder
2019-03-24 09:42 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-24 09:07 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\NDF
2019-03-24 07:30 - 2019-01-10 16:12 - 000000000 ____D C:\Windows\Panther
2019-03-23 16:22 - 2019-01-11 13:19 - 000000000 ____D C:\Program Files\rempl
2019-03-23 15:14 - 2018-04-11 22:04 - 000032768 _ C:\Windows\system32\config\ELAM
2019-03-23 11:33 - 2019-01-11 15:49 - 127411920 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-03-23 02:19 - 2019-01-10 17:46 - 000000000 ____D C:\Users\julie\AppData\LocalLow\Mozilla
2019-03-23 00:58 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-03-23 00:25 - 2019-01-10 17:44 - 000000000 ___RD C:\Users\julie\OneDrive
2019-03-23 00:03 - 2018-04-12 00:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-03-23 00:02 - 2019-01-10 17:58 - 000000000 ____D C:\Users\julie\AppData\Local\Comms
2019-03-21 10:41 - 2019-01-11 15:43 - 000166792 _ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-03-07 14:37 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-03-06 11:04 - 2019-01-11 15:49 - 000002088 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk
2019-03-06 11:04 - 2019-01-11 15:49 - 000002076 _ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
2019-03-06 09:47 - 2019-01-10 23:00 - 000000000 _ C:\Recovery.txt
2019-03-03 17:54 - 2018-04-12 00:41 - 000835480 _ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-03 17:54 - 2018-04-12 00:41 - 000179608 _ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-10 16:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by julie (25-03-2019 05:19:22)
Running from C:\Users\julie\Desktop
Windows 10 Home Version 1803 17134.1 (X64) (2019-01-10 15:22:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-1547822664-3201803625-392272246-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1547822664-3201803625-392272246-503 - Limited - Disabled)
Invité (S-1-5-21-1547822664-3201803625-392272246-501 - Limited - Disabled)
julie (S-1-5-21-1547822664-3201803625-392272246-1001 - Administrator - Enabled) => C:\Users\julie
WDAGUtilityAccount (S-1-5-21-1547822664-3201803625-392272246-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mozilla Firefox 64.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 64.0.2 (x64 fr)) (Version: 64.0.2 - Mozilla)
NVIDIA Pilote graphique 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Panneau de configuration NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {25DF64A3-9A69-4633-8C21-484367CD4076} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (Microsoft Windows -> Microsoft Corporation)
Task: {8B7848AC-6A4E-40A9-8153-91A8C9AA7D2A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {B16193DC-9081-4B33-96E1-0C9B18E3A727} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C31ECBA8-281F-404C-B91B-BB204B700966} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D94CB62A-E7FA-472F-BB0B-009D7D693AD3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-03-23 02:00 - 2019-03-13 09:22 - 000438272 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 003084800 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 005139968 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 004571648 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 002950144 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 005010944 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 002234880 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 001181184 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000124928 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000026112 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000020992 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000259584 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000014848 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000729088 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000073216 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000179712 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000014848 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000014848 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000101888 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-23 02:00 - 2019-03-13 09:22 - 000035328 _ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03252019040905553\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03252019040908335\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03252019040906131\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03252019040908729\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1547822664-3201803625-392272246-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D827F42E-9187-4291-AA71-6BF5D57290F3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{AEE0B647-E7A1-4331-B214-C79288319689}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

11-01-2019 15:50:41 beforeAvastAnalyse
11-01-2019 15:56:41 beforeWindowsUpdate
23-03-2019 00:25:43 Supprimé Update for Windows 10 for x64-based Systems (KB4023057)
23-03-2019 01:12:51 withoutPowershell
23-03-2019 01:58:03 beforeMalwarebytes
23-03-2019 02:15:17 beforeConnectionToInternet
23-03-2019 11:11:48 duringWindowsUpdate
23-03-2019 15:43:37 duringWindowsUpdateVersion1809amd64
23-03-2019 16:17:31 beforeForceUpdate
24-03-2019 01:25:19 duringWindowsUpdate1
24-03-2019 05:58:08 afterWindowsDefenderAnalysis
24-03-2019 09:18:31 beforeInstallWindowsUpdates

==================== Faulty Device Manager Devices =============

Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2019 04:40:22 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-RMHG9C4)
Description: httphttp-2147467263

Error: (03/25/2019 04:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante utilman.exe, version : 10.0.17134.1, horodatage : 0x9ee9301c
Nom du module défaillant : DUI70.dll, version : 10.0.17134.1, horodatage : 0xf092ae31
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000034a81
ID du processus défaillant : 0x4e0
Heure de début de l’application défaillante : 0x01d4e2b802cac2d2
Chemin d’accès de l’application défaillante : C:\Windows\system32\utilman.exe
Chemin d’accès du module défaillant: C:\Windows\system32\DUI70.dll
ID de rapport : cfb6f493-a0cb-4ed0-aac2-28a3b9041909
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (03/24/2019 11:49:29 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-RMHG9C4)
Description: httphttp-2147467263

Error: (03/24/2019 11:23:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme SkypeApp.exe version 8.41.0.54 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 2920

Heure de début : 01d4e226db6a53e8

Heure de fin : 4294967295

Chemin d'accès de l'application : C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe

ID de rapport : e46b1c56-f477-42f4-becb-4ad3eacce858

Nom complet du package défaillant : Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c

ID de l'application relative au package défaillant : App

Error: (03/24/2019 09:03:13 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-RMHG9C4)
Description: httphttp-2147467263

Error: (03/24/2019 08:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante svchost.exe_WpnUserService, version : 10.0.17134.1, horodatage : 0xa38b9ab2
Nom du module défaillant : NotificationController.dll, version : 10.0.17134.1, horodatage : 0x498118f8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000007c636
ID du processus défaillant : 0x202c
Heure de début de l’application défaillante : 0x01d4e2150ef845a0
Chemin d’accès de l’application défaillante : C:\Windows\system32\svchost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\NotificationController.dll
ID de rapport : 7b2315b0-0f22-4c2a-a586-e7e4bb11f0a9
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (03/24/2019 08:28:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme mmc.exe version 10.0.17134.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 5b8

Heure de début : 01d4e2117c9baddf

Heure de fin : 89

Chemin d'accès de l'application : C:\Windows\System32\mmc.exe

ID de rapport : 4756e422-e239-44f9-8e7d-d5b278ba1b5e

Nom complet du package défaillant :

ID de l'application relative au package défaillant :

Error: (03/24/2019 07:03:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme SkypeApp.exe version 8.41.0.54 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 1680

Heure de début : 01d4e206e9704482

Heure de fin : 4294967295

Chemin d'accès de l'application : C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe

ID de rapport : c8bde7ea-6968-41a6-a18c-7ee75782573c

Nom complet du package défaillant : Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c

ID de l'application relative au package défaillant : App


System errors:
=============
Error: (03/25/2019 05:05:42 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Service utilisateur de notifications Push Windows_656a3, mais cette action a échoué en raison de l’erreur suivante :
Une instance du service s’exécute déjà.

Error: (03/25/2019 05:05:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service utilisateur de notifications Push Windows_656a3 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.

Error: (03/25/2019 04:56:18 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2019 04:51:08 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2019 04:11:09 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2019 04:09:29 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2019 04:09:29 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2019 04:09:26 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.


Windows Defender:
===================================
Date: 2019-03-25 04:18:13.950
Description:
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature :
Version précédente de la signature : 1.291.218.0
Source de mise à jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\Système
Version actuelle du moteur :
Version précédente du moteur : 1.1.15800.1
Code d’erreur : 0x8024402c
Description de l’erreur : Un problème inattendu s’est produit lors de la vérification des mises à jour. Pour plus d’informations sur l’installation ou la résolution des problèmes de mise à jour, voir Aide et support.

Date: 2019-03-24 01:44:20.240
Description:
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature :
Version précédente de la signature : 1.291.153.0
Source de mise à jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\Système
Version actuelle du moteur :
Version précédente du moteur : 1.1.15800.1
Code d’erreur : 0x80080005
Description de l’erreur : Échec de l’exécution du serveur

Date: 2019-03-23 15:12:33.580
Description:
Le moteur Antivirus Windows Defender s’est arrêté en raison d’une erreur inattendue.
Type d’échec : Incident
Code d’exception : 0xc0000005
Ressource :

Date: 2019-03-23 15:10:58.712
Description:
Le moteur Antivirus Windows Defender s’est arrêté en raison d’une erreur inattendue.
Type d’échec : Incident
Code d’exception : 0xc0000005
Ressource :

Date: 2019-03-23 15:06:19.343
Description:
Le moteur Antivirus Windows Defender s’est arrêté en raison d’une erreur inattendue.
Type d’échec : Incident
Code d’exception : 0xc0000005
Ressource :

CodeIntegrity:
===================================

Date: 2019-03-23 15:12:39.158
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:38.697
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:37.836
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:37.436
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:36.996
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:36.525
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:35.718
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dbgeng.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-23 15:12:35.120
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 8073.7 MB
Available physical RAM: 4279.94 MB
Total Virtual: 9353.7 MB
Available Virtual: 5708.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.91 GB) (Free:884.1 GB) NTFS
Drive e: () (Removable) (Total:7.52 GB) (Free:6.43 GB) NTFS

\\?\Volume{48e7514d-89a8-4087-b40e-3d946419a5b7}\ (Récupération) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{a7d979df-e2ad-46ba-90ad-bc05cedd9678}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A7FA96C0)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Last edited by a moderator:
Hi, Hortiks. Welcome to Sysnative.

I have a concern in the logs provided. The PC has an unsigned version of Malwarebytes installed. Before doing anything else, I suggest uninstalling Malwarebytes and installing it from the link in the following instructions:

Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The log is available from the History tab. Please post it contents in your next reply.
 
Hi again, and thx for the help.
All is clear, like avast analyse and windows defender.
The .txt of MB
Code: 
Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 25/03/2019
Heure de l'analyse: 22:56
Fichier journal: dfaf6eca-4f48-11e9-bbf1-2c600c2fa0f4.json

-Informations du logiciel-
Version: 3.7.1.2839
Version de composants: 1.0.563
Version de pack de mise à jour: 1.0.9800
Licence: Gratuit

-Informations système-
Système d'exploitation: Windows 10 (Build 17134.1)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: DESKTOP-RMHG9C4\julie

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 261422
Menaces détectées: 0
Menaces mises en quarantaine: 0
Temps écoulé: 2 min, 50 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 0
(Aucun élément malveillant détecté)

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 0
(Aucun élément malveillant détecté)

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)
 
Excellent! It isn't a good idea to obtain programs from sites other than the vendor, particularly a security software program.

Although SFCFix.exe does not require malware analysis prior to getting help in the Windows Update forum, there are a couple "file missing" items that can be taken care of.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File 
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
So, this is the logfile
PS: step 1 on 6 failed (idk what is it, but i prefer inform you).

Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by julie (26-03-2019 08:56:04) Run:2
Running from C:\Users\julie\Desktop
Loaded Profiles: julie (Available Profiles: julie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1547822664-3201803625-392272246-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21099492 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 44940907 B
Edge => 278369377 B
Chrome => 339968 B
Firefox => 33255256 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 849459052 B
systemprofile32 => 0 B
LocalService => 19196 B
LocalService => 0 B
NetworkService => -458 B
NetworkService => 0 B
julie => 354311151 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:32:35 ====
 
That is fine. Please do the following to Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.

Since you indicated your issue is with Windows Updates, if you are still having issues, please follow the instructions in this topic: Windows Update Forum Posting Instructions.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top