Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uncertain of infection/odd issues keep occurring


  • This topic is locked This topic is locked
7 replies to this topic

#1 Slats347xrp6v

Slats347xrp6v

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 16 June 2017 - 05:56 PM

I am running Windows 10 64 bit OS. Due to the extent of issues I am considering formatting and reinstalling OS.

1. Windows edge does not open any longer.

2. I have extreme problems with different directories not allow access, even when I use Admin rights.

3. When I left click the start button in the lower left hand corner the menu does not come up.

4. Cannot open more than one File Explorer at a time.

5. Windows has not updated in several months and I cannot enable it to do so.

I know this is a short list, things that work or quit working change constantly. I have run SFC that seemed to help for a short while. Now when I run SFC it tells me everything is OK. 

I have Norton Internet Security, Malware bytes, SuperAntispyware. I run these regular, seems to not find anything. My backups with Acronis are failing, certain directories are being restricted. I go in and change the privileges, and grant access to everyone, still it does not work.

Please take a look and see if you can find anything. This is driving me nuts. Do not want to format and reinstall but at this rate will have to. I get no error messages when things don't work anymore, just nothing happens.

Thank you for your time and help in this issue.

 

LOGS:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by gcboshers (administrator) on DESKTOP-JKSA8FD (16-06-2017 18:16:49)
Running from C:\Users\gcboshers\Desktop
Loaded Profiles: gcboshers (Available Profiles: defaultuser0 & gcboshers & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(SUPERAntiSpyware.com) D:\Prog\SUPERAntiSpyware\SASCORE64.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Disc Soft Ltd.) D:\DAEMON Tools iSCSI Target\DTTargetService.exe
(Hagel Technologies Ltd.) D:\DU Meter\DUMeterSvc.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
() C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe
() C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\nis.exe
() C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe
() C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe
() C:\Program Files\Alienware\Command Center\MSIControlService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) D:\Prog\Malwarebytes\Anti-Malware\MBAMService.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\nis.exe
(Hagel Technologies Ltd.) D:\DU Meter\DUMeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(2BrightSparks Pte. Ltd.) D:\Prog\2BrightSparks\SyncBackPro\SyncBackPro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Malwarebytes) D:\Prog\Malwarebytes\Anti-Malware\mbamtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(BitTorrent Inc.) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(BitTorrent Inc.) C:\Users\gcboshers\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe
(SUPERAntiSpyware) D:\Prog\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BitTorrent Inc.) C:\Users\gcboshers\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe
(Disc Soft Ltd) D:\DAEMON Tools Pro\DiscSoftBusServicePro.exe
(RedFox) D:\Prog\RedFox\AnyDVD\AnyDVDtray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files (x86)\Intel Corporation\Intel® Turbo Boost Max Technology 3.0\ITBM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
() C:\Program Files\WindowsApps\Weather.TheWeatherChannel_2016.614.87.0_x64__t3yemqpq4kp7p\TWC.WindowsUniversal.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() D:\Prog\RedFox\AnyDVD\ADvdDiscHlp64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Disc Soft Ltd) D:\DAEMON Tools Pro\DTShellHlp.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
(Dell) C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13856 2016-05-25] (Alienware)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585240 2016-09-13] ()
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROG\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [rfagent] => D:\Prog\RFA 11\rfagent64.exe [3506192 2017-02-07] (RoseCitySoftware)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1967328 2017-06-01] ()
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425352 2016-06-03] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4654664 2016-09-13] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-03-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-03-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [DU Meter] => D:\DU Meter\DUMeter.exe [9796776 2016-11-07] (Hagel Technologies Ltd.)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [DAEMON Tools Pro Agent] => D:\DAEMON Tools Pro\DTAgent.exe [4248768 2016-10-25] (Disc Soft Ltd)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [uTorrent] => C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [SUPERAntiSpyware] => D:\Prog\SUPERAntiSpyware\SUPERAntiSpyware.exe [7956384 2017-06-01] (SUPERAntiSpyware)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [AnyDVD] => D:\Prog\RedFox\AnyDVD\AnyDVDtray.exe [10956800 2017-04-03] (RedFox)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-24] (Siber Systems)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intel TBMT 3.0 Control Panel.lnk [2016-10-31]
ShortcutTarget: Intel TBMT 3.0 Control Panel.lnk -> C:\Program Files (x86)\Intel Corporation\Intel® Turbo Boost Max Technology 3.0\ITBM.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 13.lnk [2016-11-18]
ShortcutTarget: Snagit 13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\gcboshers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Weather Channel.lnk [2016-12-03]
ShortcutTarget: The Weather Channel.lnk ->  (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{c361ec01-52c4-4060-8313-1db3f4020510}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{ccda0f41-d35f-4419-bec5-f0fd34688d93}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{e77ba7b2-51ee-4c5b-8119-d1322af48bbc}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> DefaultScope {BCAF31E3-F30E-4901-9C69-B6E8215AB93D} URL = 
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=26E50E64-43A1-430D-B18A-988D0A05FC38&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> {BCAF31E3-F30E-4901-9C69-B6E8215AB93D} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-16] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-06-01] (Wondershare)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-24] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-24] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.0.50\coFFAddon [2017-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.0.50\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-06-07]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]
CHR Extension: (Google Slides) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-11]
CHR Extension: (Google Docs) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-11]
CHR Extension: (Google Drive) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-11]
CHR Extension: (Adguard AdBlocker) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-22]
CHR Extension: (YouTube) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-11]
CHR Extension: (Adblock Plus) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-11]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-11]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Norton Security) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfbnibmoolhgbfipkfleejeebdhpmecl [2016-12-15]
CHR Extension: (Gmail) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR Extension: (RoboForm Password Manager) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-14]
CHR Profile: C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-16]
CHR Extension: (Google Slides) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08]
CHR Extension: (Google Docs) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Google Drive) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-06]
CHR Extension: (Fair AdBlocker App) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-05-21]
CHR Extension: (Google Sheets) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08]
CHR Extension: (Fair Ads) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Norton Identity Safe) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-03-08]
CHR Extension: (Popper Stopper Pro) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmjbmlfmmendpkpiggcfpjcpbbpedhha [2017-03-08]
CHR Extension: (Fair AdBlocker) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
CHR Extension: (RoboForm Password Manager) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-05-20]
CHR Profile: C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-11-12]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-11-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; D:\Prog\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2016-09-13] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2016-12-19] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S2 CLKMSVC10_3CD7F304; C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Common\NavFilter\KmSvc.exe [312088 2016-05-09] (CyberLink)
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-06-28] (Creative Technology Ltd)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [229376 2016-05-02] (Dell Inc.)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-09] (Disc Soft Ltd)
R3 Disc Soft Pro Bus Service; D:\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1391808 2016-10-25] (Disc Soft Ltd)
R2 DTTargetService; D:\DAEMON Tools iSCSI Target\DTTargetService.exe [3680600 2015-06-09] (Disc Soft Ltd.)
R2 DUMeterSvc; D:\DU Meter\DUMeterSvc.exe [5832872 2016-11-07] (Hagel Technologies Ltd.)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMService; D:\Prog\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
R2 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
R2 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2016-09-13] ()
S3 MSIBIOSData_CC; C:\Program Files\Alienware\Command Center\BIOSData\MSIBIOSDataService.exe [2109776 2014-08-01] (MSI)
R2 MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe [4033632 2016-05-17] ()
S3 MSICOMM_CC; C:\Program Files\Alienware\Command Center\MSICommService.exe [2128720 2014-08-18] ()
R2 MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe [4179552 2016-05-23] ()
R2 MSICTL_CC; C:\Program Files\Alienware\Command Center\MSIControlService.exe [2026080 2016-05-17] ()
R2 MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe [2257232 2014-10-22] ()
S3 MSISaveLoad_CC; C:\Program Files\Alienware\Command Center\MSISaveLoadService.exe [3966288 2014-08-01] ()
R2 MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe [2067792 2014-08-01] ()
S3 MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\MSISuperIOService.exe [549200 2014-08-01] ()
S3 MSIWMI_CC; C:\Program Files\Alienware\Command Center\MSIWMIService.exe [191312 2014-09-12] ()
R2 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [83952 2014-01-13] (Micro-Star Int'l Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\NIS.exe [326160 2017-05-26] (Symantec Corporation)
R2 NMSAccess; C:\Windows\SysWoW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-07] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-07] (NVIDIA Corporation)
R2 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [14368 2016-05-25] (Alienware)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [472800 2017-03-21] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170614.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1067304 2015-06-28] (Creative Technology Ltd)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-11-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-11-12] (Disc Soft Ltd)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2016-11-12] (Disc Soft Ltd)
R2 DTUsbMon; D:\DAEMON Tools iSCSI Target\dtusbmon.sys [152216 2016-11-12] (Disc Soft Ltd)
R3 DUMeterDrv; D:\DU Meter\DUMETR64.SYS [31368 2016-11-07] (Hagel Technologies Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-12] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [375136 2016-12-19] (Acronis International GmbH)
S3 GenericMount; C:\Windows\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [255728 2015-06-09] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170615.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
R3 IntelTurboBoostMax; C:\Windows\system32\DRIVERS\IntelNit.sys [127480 2016-04-19] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [133192 2015-10-01] (Qualcomm Atheros, Inc.)
R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-06-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-06-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-06-16] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NTIOLib_MSICEN; C:\Program Files\Alienware\Command Center\NTIOLib_Thermals_X64.sys [13808 2013-12-03] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files\Alienware\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files\Alienware\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files\Alienware\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2014-01-13] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_f5b1c35e5751f8d4\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-12-09] (Sysinternals - www.sysinternals.com)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [419576 2016-03-10] (Realsil Semiconductor Corporation)
R1 SASDIFSV; D:\Prog\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Prog\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1609040.008\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267544 2016-12-19] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [212320 2016-12-19] (Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [687968 2016-12-19] (Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331104 2016-12-19] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161113.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20161113.001\EX64.SYS [X]
S3 NTIOLib_Flash; \??\C:\Users\GCBOSH~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X] <==== ATTENTION
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
U2 V2iMount; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 18:16 - 2017-06-16 18:16 - 00045022 _____ C:\Users\gcboshers\Desktop\FRST.txt
2017-06-16 18:15 - 2017-06-16 18:16 - 00000000 ____D C:\FRST
2017-06-16 18:13 - 2017-06-16 18:12 - 02438656 _____ (Farbar) C:\Users\gcboshers\Desktop\FRST64.exe
2017-06-16 17:15 - 2017-06-16 17:15 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-06-09 18:51 - 2017-06-09 18:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-09 18:51 - 2017-06-07 19:38 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-06-09 18:51 - 2017-03-10 17:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-06-09 18:51 - 2017-03-10 17:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-06-09 18:51 - 2017-03-10 17:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-06-09 18:51 - 2017-03-10 17:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-06-09 18:49 - 2017-06-07 21:45 - 40201664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 35390584 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 35281344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 28624320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 11028664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 10551256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 09248144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 03796928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 03256440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438253.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 01606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438253.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 01278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 01275944 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 01056888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00994240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00993360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00964216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00775864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00725112 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00612088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00584128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-06-09 18:49 - 2017-06-07 21:45 - 00045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-06-09 17:54 - 2017-06-16 16:44 - 00015360 ___SH C:\Users\gcboshers\Desktop\Thumbs.db
2017-06-08 08:58 - 2017-06-08 08:58 - 00000000 ____D C:\Users\gcboshers\AppData\Local\MKVCleaver
2017-06-07 17:56 - 2017-06-07 17:56 - 00001581 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2017-06-07 17:56 - 2017-06-07 17:56 - 00001581 _____ C:\ProgramData\Desktop\Wondershare Video Converter Ultimate.lnk
2017-06-07 17:56 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-06-07 17:56 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2017-06-06 22:16 - 2017-06-06 22:16 - 00002778 _____ C:\Users\gcboshers\AppData\Local\recently-used.xbel
2017-06-06 19:57 - 2017-06-06 19:57 - 00003402 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-06-06 19:14 - 2017-06-06 22:16 - 00000000 ____D C:\Users\gcboshers\AppData\Local\gtk-2.0
2017-06-06 19:14 - 2017-06-06 19:14 - 00000000 ____D C:\Users\gcboshers\.thumbnails
2017-06-06 18:59 - 2017-06-06 22:16 - 00000000 ____D C:\Users\gcboshers\.gimp-2.8
2017-06-06 18:59 - 2017-06-06 18:59 - 00000000 ____D C:\Users\gcboshers\AppData\Local\gegl-0.2
2017-06-06 18:59 - 2017-06-06 18:59 - 00000000 ____D C:\Users\gcboshers\AppData\Local\fontconfig
2017-06-05 17:36 - 2017-06-05 17:36 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2017-05-31 19:51 - 2017-06-16 16:48 - 00000000 ____D C:\Users\gcboshers\AppData\LocalLow\uTorrent
2017-05-23 16:18 - 2017-06-16 16:53 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-05-22 18:44 - 2017-05-18 03:35 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438233.dll
2017-05-22 18:44 - 2017-05-18 03:35 - 01606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438233.dll
2017-05-19 19:29 - 2017-06-12 18:20 - 00000000 ____D C:\Users\gcboshers\Desktop\Movie Posters
2017-05-17 18:38 - 2017-05-17 18:38 - 00004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-06-09 18:51 - 00000000 ____D C:\Windows\LastGood
2017-05-17 18:37 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-17 18:37 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-17 12:11 - 2017-05-17 12:11 - 00000894 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-05-17 12:11 - 2017-05-17 12:11 - 00000894 _____ C:\ProgramData\Desktop\Speccy.lnk
2017-05-17 12:11 - 2017-05-17 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-05-17 12:11 - 2017-05-17 12:11 - 00000000 ____D C:\Program Files\Speccy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 18:16 - 2016-11-16 17:45 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\uTorrent
2017-06-16 18:03 - 2016-11-18 13:22 - 00000000 ____D C:\Users\gcboshers\AppData\Local\CrashDumps
2017-06-16 17:52 - 2016-11-14 18:39 - 00000000 ____D C:\Users\gcboshers\Desktop\NOTES
2017-06-16 17:11 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-16 17:09 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF
2017-06-16 17:08 - 2016-10-31 16:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-16 17:00 - 2016-10-31 15:53 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-16 16:52 - 2016-10-31 16:03 - 03770550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-16 16:48 - 2017-02-09 11:52 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 16:48 - 2017-02-09 11:52 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-16 16:48 - 2017-02-09 11:52 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-16 16:48 - 2017-02-09 11:52 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-16 16:48 - 2016-11-27 18:41 - 00000000 ____D C:\MSI
2017-06-16 16:48 - 2016-10-31 16:10 - 00190664 ____N (CyberLink Corp.) C:\Windows\system32\Drivers\rikvm_3CD7F304.sys
2017-06-16 16:48 - 2016-10-31 16:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-16 16:48 - 2016-10-31 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-16 16:46 - 2016-07-16 02:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-06-16 16:44 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-06-16 13:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 19:34 - 2016-11-12 20:39 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\vlc
2017-06-15 19:12 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-14 15:30 - 2016-11-11 16:53 - 00000000 ____D C:\Users\gcboshers\AppData\Local\Packages
2017-06-13 20:00 - 2016-11-12 14:36 - 00000000 ____D C:\Program Files\CCleaner
2017-06-11 17:52 - 2016-11-15 21:24 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-06-09 18:52 - 2016-10-31 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-09 18:52 - 2016-10-31 16:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-08 08:58 - 2016-11-14 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVCleaver x64
2017-06-08 08:52 - 2016-11-14 20:52 - 00001598 _____ C:\Users\Public\Desktop\MKVCleaver x64.lnk
2017-06-08 08:52 - 2016-11-14 20:52 - 00001598 _____ C:\ProgramData\Desktop\MKVCleaver x64.lnk
2017-06-07 21:45 - 2017-05-07 18:44 - 01615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-06-07 21:45 - 2017-05-07 17:45 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-07 21:45 - 2016-10-31 16:05 - 04115112 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-06-07 21:45 - 2016-10-31 16:05 - 03625992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-06-07 21:45 - 2016-10-31 16:05 - 00218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-06-07 21:45 - 2016-10-31 16:05 - 00045163 _____ C:\Windows\system32\nvinfo.pb
2017-06-07 20:01 - 2017-05-07 17:45 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-07 19:55 - 2016-10-31 16:06 - 06467008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 02479552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 00549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 00082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-06-07 19:55 - 2016-10-31 16:06 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-06-07 18:23 - 2017-01-24 12:08 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-06-07 18:23 - 2016-10-31 16:07 - 00000000 ____D C:\Program Files (x86)\Alienware Update
2017-06-07 08:42 - 2016-10-31 16:06 - 08075477 _____ C:\Windows\system32\nvcoproc.bin
2017-06-06 20:23 - 2016-11-11 20:01 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-06 19:57 - 2016-11-12 15:20 - 00002523 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-06-06 19:57 - 2016-11-12 15:20 - 00002523 _____ C:\ProgramData\Desktop\Norton Internet Security.lnk
2017-06-06 19:57 - 2016-11-12 15:20 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2017-06-06 19:20 - 2016-12-09 18:08 - 00000000 ____D C:\Users\gcboshers\AppData\Local\ElevatedDiagnostics
2017-06-06 19:14 - 2016-11-11 16:49 - 00000000 ____D C:\Users\gcboshers
2017-06-05 21:08 - 2016-11-12 21:46 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\DAEMON Tools Pro
2017-06-05 17:36 - 2017-01-01 20:22 - 00000666 _____ C:\Users\gcboshers\Desktop\MakeMKV.lnk
2017-06-01 14:00 - 2017-05-06 18:31 - 00002129 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-06-01 14:00 - 2017-05-06 18:31 - 00002129 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2017-06-01 09:13 - 2016-11-12 20:39 - 00000650 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-01 09:13 - 2016-11-12 20:39 - 00000650 _____ C:\ProgramData\Desktop\VLC media player.lnk
2017-05-30 17:28 - 2017-04-13 14:04 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\5kplayer
2017-05-26 21:22 - 2016-10-31 15:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-23 16:29 - 2017-03-11 21:34 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-22 18:40 - 2017-05-07 17:48 - 00000000 ____D C:\Users\gcboshers\AppData\Local\NVIDIA Corporation
2017-05-21 15:58 - 2017-03-04 18:47 - 00000000 ____D C:\Users\gcboshers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-05-21 06:06 - 2016-11-12 15:20 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-05-21 06:06 - 2016-11-12 15:20 - 00008339 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-05-18 03:35 - 2017-05-07 17:44 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-05-17 20:57 - 2016-11-14 19:04 - 00000000 ____D C:\Program Files\Defraggler
2017-05-17 18:38 - 2017-05-07 17:48 - 00001533 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-17 18:38 - 2017-05-07 17:48 - 00001533 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2017-05-17 18:38 - 2017-05-07 17:45 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2017-05-07 17:45 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-17 18:37 - 2016-10-31 16:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-17 18:37 - 2016-10-31 16:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-17 12:19 - 2016-11-14 19:06 - 00000000 ____D C:\Program Files\Recuva
2017-05-17 12:11 - 2016-11-14 19:06 - 00001756 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-05-17 12:11 - 2016-11-14 19:06 - 00001756 _____ C:\ProgramData\Desktop\Recuva.lnk
2017-05-17 12:10 - 2016-11-14 19:04 - 00001822 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-05-17 12:10 - 2016-11-14 19:04 - 00001822 _____ C:\ProgramData\Desktop\Defraggler.lnk
2017-05-17 12:08 - 2016-11-16 17:41 - 00000920 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-17 12:08 - 2016-11-16 17:41 - 00000920 _____ C:\ProgramData\Desktop\CCleaner.lnk
 
==================== Files in the root of some directories =======
 
2016-11-14 18:51 - 2016-11-14 18:51 - 0001059 _____ () C:\Users\gcboshers\AppData\Roaming\vso_ts_preview.xml
2017-04-26 20:58 - 2017-04-26 20:59 - 518239952 _____ () C:\Users\gcboshers\AppData\Local\AcronisTrueImage2017_is_8053.exe
2017-01-13 14:19 - 2017-01-13 14:22 - 0000000 _____ () C:\Users\gcboshers\AppData\Local\Driver_LOM_8161Present.flag
2017-06-06 22:16 - 2017-06-06 22:16 - 0002778 _____ () C:\Users\gcboshers\AppData\Local\recently-used.xbel
2016-12-15 21:11 - 2016-12-15 21:11 - 0002761 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2016-10-31 16:08 - 2016-10-31 16:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-10-31 16:10 - 2016-10-31 16:10 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log
2016-10-31 16:09 - 2016-10-31 16:09 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log
2016-10-31 16:10 - 2016-10-31 16:10 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-09 18:29
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by gcboshers (16-06-2017 18:17:21)
Running from C:\Users\gcboshers\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-11 20:48:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-425089530-3975823602-1963991744-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-425089530-3975823602-1963991744-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-425089530-3975823602-1963991744-1000 - Limited - Disabled) => C:\Users\defaultuser0
gcboshers (S-1-5-21-425089530-3975823602-1963991744-1001 - Administrator - Enabled) => C:\Users\gcboshers
Guest (S-1-5-21-425089530-3975823602-1963991744-501 - Limited - Disabled)
Home Users (S-1-5-21-425089530-3975823602-1963991744-1002 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-425089530-3975823602-1963991744-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
5KPlayer 4.3 (HKLM-x32\...\5KPlayer_is1) (Version:  - DearMob, Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}Visible) (Version: 20.0.5554 - Acronis)
Acronis True Image (x32 Version: 20.0.5554 - Acronis) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{46A1CBAA-A43F-4E52-BF75-E11D19BB0C73}) (Version: 4.0.59.0 - Dell Inc.)
Alienware Command Center (Version: 4.0.59.0 - Dell Inc.) Hidden
Alienware Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Alienware Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Alienware Update (HKLM-x32\...\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}) (Version: 1.9.4.0 - Dell Inc.)
Ansel (Version: 382.53 - NVIDIA Corporation) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.1.1.0 - RedFox)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.14.160917 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
ConvertXtoDVD 4.2.0.0 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
DAEMON Tools iSCSI Target (HKLM-x32\...\DAEMON Tools iSCSI Target) (Version: 2.1.0.0072 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.0.0.0634 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 7.20 - Hagel Technologies Ltd.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.04.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-7620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-7620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
iDealshare VideoGo 6.0.8.5809 (HKLM-x32\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD850}_is1) (Version:  - iDealshare Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.1.2.77 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Turbo Boost Max Technology 3.0 (HKLM-x32\...\5E689C1A-19C0-482B-B2C8-A9DA37AA011D) (Version: 1.0.0.1024 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4544164b-edf0-455c-b150-bed7109d751e}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
K-Lite Codec Pack 13.0.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.0.0 - KLCP)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
MakeMKV v1.10.6 (HKLM-x32\...\MakeMKV) (Version: v1.10.6 - GuinpinSoft inc)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVCleaver x64 (HKLM\...\{EE4FBCD4-BAB6-405A-8AFF-5FEF41B841B4}) (Version: 7.0.2 - Ilia Bakhmoutski)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.4.8 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Product Registration (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry First Aid 11 (HKLM\...\RFA11_is1) (Version: 11.0.1 - RoseCitySoftware)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)
Snagit 13 (x32 Version: 13.0.3 - TechSmith Corporation) Hidden
SoftPerfect WiFi Guard version 1.0.7 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.7 - SoftPerfect)
Sound Blaster Recon3Di (HKLM-x32\...\{A3DF88A7-3E53-4A8F-AD68-4C8AF98931AE}) (Version: 1.01.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version: 7.6.74.0 - 2BrightSparks)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WinX HD Video Converter Deluxe 5.9.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Wondershare Video Converter Ultimate(Build 9.0.4.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.4.0 - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {067072CC-40CE-45F4-AE56-DBB91EB355C9} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\gcboshers\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {0D545208-35FE-4851-9346-EC67E1BCBEFE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {18D76276-CCDC-492A-9A88-D79F08D1EA5F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
Task: {190E9F6D-BBAA-49B4-8278-B7FE4AA102F5} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {1A3EE726-0BC9-4FC8-9DB0-98E807373F9A} - System32\Tasks\SUPERAntiSpyware Scheduled Task e3cde070-e331-4dc8-bb00-4d6ca10c1539 => D:\Prog\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {1C62BD9B-26EA-4E3F-A150-3CEB512C5ECD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {1C77F761-26A2-49FE-BBAE-EC50443DB6FE} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {24279823-88DA-4676-8C7C-41F1A2530168} - System32\Tasks\2BrightSparks\SyncBackPro\DESKTOP-JKSA8FD-gcboshers\SyncBackPro => D:\Prog\2BrightSparks\SyncBackPro\SyncBackPro.exe [2017-05-15] (2BrightSparks Pte. Ltd.)
Task: {278971AB-81AF-4E4A-A94D-68AE84893DDA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {301D9182-D76B-4C70-9591-C21F75F8DCA7} - \WiseCleaner\WRCSkipUAC -> No File <==== ATTENTION
Task: {365F31FB-26AE-42BD-A747-7819CBDC9251} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {3AA81C06-985F-47F8-AAC6-7A67CBFDF4C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {431353E3-4A69-4087-B307-1B4A3654EC42} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
Task: {462A91C6-C2A2-4193-BDC1-A98FF604BE07} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {495B5508-7E9A-4AA8-BC33-C369683EEA5E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {4A171480-D653-4D5A-BCA8-C380DB06FA65} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {5553F159-7534-4EAF-A2CD-210AC3A9AFE4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {5DAF7EBA-15F3-418F-A8DE-897FAFE6F6CD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-16] ()
Task: {5DCB812F-75B1-446C-A36A-B9A16F3870EA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {602A12A7-313C-469F-A237-28027B48FBAA} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {663ED51A-7DC7-402E-81FD-408E4D12CAF0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {6BBF558D-7A75-409C-88B1-CF579B3066E2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {6E337216-2852-443F-9E02-97A0ACC244A8} - System32\Tasks\EPSON WF-7620 Series Update {618F9572-DCCE-42BE-989A-44F76F0F19EB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {7A4E6486-E1F8-42DC-AA21-8BF0904F6835} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {7E670086-BD3A-4718-A107-0F883280E990} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {7F71A26B-BFE3-40F6-B182-750DFAC2609C} - System32\Tasks\EPSON WF-7620 Series Invitation {618F9572-DCCE-42BE-989A-44F76F0F19EB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {95ED7965-C5E6-419C-8802-0FA278E47ABE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {9928149F-D88A-430A-BCD0-C0E32F8F7C9A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {99A0F54E-7E6D-4E95-AA44-6E8C43E8C1D2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-05-26] (Symantec Corporation)
Task: {A6A89BC0-2127-4DA1-A751-EC8235737C90} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {B3CAD83C-E491-4DE5-B96E-3327580DE8FA} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
Task: {BBDF9009-3714-4425-ACA3-1C5EBDF638FD} - System32\Tasks\Norton Security Scan for gcboshers => C:\PROGRA~2\NORTON~2\Engine\461~1.80\Nss.exe
Task: {C913AC48-E020-4210-BBCF-53AFEB0795EC} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-24] (Siber Systems)
Task: {C9D58E1C-F615-4EDC-BF9C-07D18E360241} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMOMHMOMPMLMMMMJOJCNNMKMJMIMCNLMMJLJLMCNOJMJHMNMCNNMJJLMIMMMKMLJKMNMMJHMJMJNJICMIMCNGMCNNMHMFMOMOMCNLMLMIMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMOMPMLMJNHICMEKMICNJJCKJNBJCMIJMJNJAJMIHJKJNIMIJNKJCMJNNICMJND (the data entry has 62 more characters).
Task: {CCC4D312-D740-4FE1-A2F3-EA404E8D35B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-16] ()
Task: {D2EE1965-E488-4379-91C3-79F6E4623B4D} - System32\Tasks\{04F86658-D39D-4C7F-A0C8-441DB9DE8D4A} => pcalua.exe -a D:\Downloads\MKVExtractGUI\auxsetup.exe -d D:\Downloads\MKVExtractGUI
Task: {D8E22C17-086F-42F2-AED2-9C0CDBF93871} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {DBC644B7-6963-4AA8-8455-72CDE2587D27} - System32\Tasks\2BrightSparks\SyncBackPro\DESKTOP-JKSA8FD-gcboshers\SyncBackPro Drive D Files => D:\Prog\2BrightSparks\SyncBackPro\SyncBackPro.exe [2017-05-15] (2BrightSparks Pte. Ltd.)
Task: {DBF962C9-6AFE-4683-97BD-610B39E4C5D5} - System32\Tasks\2BrightSparks\SyncBackPro\DESKTOP-JKSA8FD-gcboshers\SyncBackPro Drive C Files => D:\Prog\2BrightSparks\SyncBackPro\SyncBackPro.exe [2017-05-15] (2BrightSparks Pte. Ltd.)
Task: {DE90D763-9932-4ED5-A6CF-12999F2F5A0E} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {E1B69069-562E-4E7D-97A9-E20603C3A967} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {E7808083-C369-45C2-9738-3D28FEAF5D85} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {ED8FEE0A-F608-4698-96B0-39398581514A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-03-13] ()
Task: {F146B5E5-3D1E-4082-8B27-97A8319E15A9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81da42fe-3074-4b55-82ca-42dfb509ff4b => D:\Prog\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {F365D4E4-D548-4263-99BE-4C11071649EC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EPSON WF-7620 Series Invitation {618F9572-DCCE-42BE-989A-44F76F0F19EB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE
Task: C:\Windows\Tasks\EPSON WF-7620 Series Update {618F9572-DCCE-42BE-989A-44F76F0F19EB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE :/EXE:{618F9572-DCCE-42BE-989A-44F76F0F19EB} /F:Update  WORKGROUP\DESKTOP-JKSA8FD$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 81da42fe-3074-4b55-82ca-42dfb509ff4b.job => D:\Prog\SUPERAntiSpyware\SASTask.exe D:\Prog\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3cde070-e331-4dc8-bb00-4d6ca10c1539.job => D:\Prog\SUPERAntiSpyware\SASTask.exe D:\Prog\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\gcboshers\Desktop\Junior.Fuller.2000 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\gcboshers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App (by STANDS).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\gcboshers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-11-11 19:17 - 2016-09-15 13:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-13 18:36 - 2016-09-13 18:36 - 01276216 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-12-19 18:39 - 2016-12-19 18:39 - 06086232 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-12-23 14:15 - 2009-01-12 08:15 - 00071096 _____ () C:\Windows\SysWoW64\NMSAccessU.exe
2016-05-23 18:59 - 2016-05-23 18:59 - 04179552 _____ () C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe
2016-05-17 20:14 - 2016-05-17 20:14 - 04033632 _____ () C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe
2014-10-22 16:32 - 2014-10-22 16:32 - 02257232 _____ () C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe
2014-08-01 16:42 - 2014-08-01 16:42 - 02067792 _____ () C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe
2016-05-17 20:14 - 2016-05-17 20:14 - 02026080 _____ () C:\Program Files\Alienware\Command Center\MSIControlService.exe
2017-05-07 17:45 - 2017-05-03 16:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-09 11:51 - 2017-04-12 10:37 - 02271520 _____ () D:\PROG\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-09 11:51 - 2017-04-12 10:37 - 02267600 _____ () D:\PROG\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-31 16:12 - 2017-06-16 17:07 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-06-07 17:56 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWoW64\WSCM64.dll
2016-09-13 18:18 - 2016-09-13 18:18 - 00585240 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2017-04-07 03:41 - 2017-04-07 03:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-09 02:11 - 2017-06-09 02:11 - 00015872 _____ () C:\Program Files\WindowsApps\Weather.TheWeatherChannel_2016.614.87.0_x64__t3yemqpq4kp7p\TWC.WindowsUniversal.exe
2017-06-09 02:11 - 2017-06-09 02:11 - 15904256 _____ () C:\Program Files\WindowsApps\Weather.TheWeatherChannel_2016.614.87.0_x64__t3yemqpq4kp7p\TWC.WindowsUniversal.dll
2016-09-13 19:12 - 2016-09-13 19:12 - 04654664 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2014-09-29 20:51 - 2014-09-29 20:51 - 00074664 _____ () D:\Prog\RedFox\AnyDVD\ADvdDiscHlp64.exe
2016-09-13 18:33 - 2016-09-13 18:33 - 01510712 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
2016-08-11 15:29 - 2016-08-11 15:29 - 09729272 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-04-10 16:15 - 2017-03-29 04:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-10 16:15 - 2017-03-29 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2016-11-12 19:10 - 2016-11-07 17:57 - 00847528 _____ () D:\DU Meter\libeay32.dll
2016-11-12 19:10 - 2016-11-07 17:57 - 00167592 _____ () D:\DU Meter\ssleay32.dll
2016-09-13 19:10 - 2016-09-13 19:10 - 03846808 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2016-08-03 16:47 - 2016-08-03 16:47 - 00685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2016-09-13 19:07 - 2016-09-13 19:07 - 20652632 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2016-09-13 18:18 - 2016-09-13 18:18 - 00390576 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-15 12:28 - 2016-08-15 12:28 - 00129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-08-11 15:14 - 2016-08-11 15:14 - 00248752 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-06-14 18:24 - 2016-06-14 18:24 - 00444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-06-22 10:16 - 2016-06-22 10:16 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2014-08-13 16:56 - 2014-08-13 16:56 - 00102736 _____ () C:\Program Files\Alienware\Command Center\ClockGen\IccLibDll.dll
2017-05-07 17:45 - 2017-05-03 16:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-07 17:45 - 2017-05-03 16:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-09-13 18:17 - 2016-09-13 18:17 - 06068656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2016-09-13 18:17 - 2016-09-13 18:17 - 00048560 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-10-31 16:08 - 2014-12-08 03:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 18:28 - 2014-12-08 18:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 17:52 - 2016-05-02 17:52 - 00134144 _____ () C:\Program Files (x86)\Alienware Update\ServiceTagPlusPlus.dll
2016-03-16 04:54 - 2016-03-16 04:54 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-22 12:27 - 2016-06-22 12:27 - 00217008 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\pcs_io.dll
2016-03-09 11:28 - 2016-03-09 11:28 - 00042416 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\winpthreads4.dll
2016-07-02 22:30 - 2016-07-02 22:30 - 00376240 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\archive3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2016-11-18 00:11 - 00453368 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15556 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Alienware\AW-CO3.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Snagit 13.lnk"
HKLM\...\StartupApproved\Run: => "rfagent"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6DCDB600-9436-471C-9864-630BC861FFFC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{15BFB231-904D-4B7B-8EDA-3D52720CA114}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A4E7FA5-C17E-4ABC-8E5D-E1E99D1730FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{283F0E60-EC2D-4C04-97D0-EDE7B66E6938}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{0E95E6D1-2AB6-46A7-B612-A0305578EF3B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{FB95F251-32BE-48F4-8DFD-0BBC258E08FE}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{7145D34C-0FA4-42C3-B20C-2B6D7010768D}] => (Allow) D:\DAEMON Tools iSCSI Target\DTTargetService.exe
FirewallRules: [{D694E042-2077-4B68-895D-E5C5CB0A3B34}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63A6E6FF-24B2-4F9D-B2CE-18D4C647E2F0}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6BAB3985-A345-4179-8F9E-B4795DDFE62B}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3F0E37C-31DF-4199-BCCD-579FF2A74738}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63107853-02AD-450B-B366-89FA294EED1E}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A19ED1DE-A1C9-4883-86CE-731103423F79}] => (Allow) C:\Users\gcboshers\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{569E5498-B0B3-4A76-BC99-6E2A164E325D}] => (Allow) LPort=8298
FirewallRules: [{8BE0721E-6362-4383-BEDA-0DC3F628291A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F3F3AD8F-8119-4C5F-A73C-41DE6A851C5A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{CD16CAC8-FB95-4DF5-AADF-86C906D040AB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{F56A9A7F-3652-4263-AEA2-B25D0B680FFA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{865434F1-9EC2-486D-8FDF-04790D52206C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF45FFEE-2C40-4BB6-AC74-529065236BDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C056AE3-9399-44DE-AE1B-7130D0C64B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F628E451-BDA6-4AA8-ABDD-5B09C7F9A5E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BFE3FAA-95D5-4213-95B3-D65E313DD30D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{6011F756-2BD1-4513-B5B9-88EAAC67EE0B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4B59963F-F1D1-400F-A078-2BA4B0190DE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48632928-4EA3-4D0B-9D2F-7CC9BCF85E8E}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS2DA0\HPDiagnosticCoreUI.exe
FirewallRules: [{20FF65F2-B4E5-48C7-897C-FDCFA1986FD5}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS2DA0\HPDiagnosticCoreUI.exe
FirewallRules: [{90487CF6-0AB5-4686-B4B5-44E57D4AAC7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B04725F2-90E2-42AA-BB73-DE67BBDE955D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2F091964-1603-440B-A51F-7C71766EA21B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4A6D6410-AC0B-4B19-A397-0A43558968BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7C54E868-95B5-4B88-953B-E37BD6CFD247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{078AD073-3C0C-436C-B2AA-9B5677BDFF9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3A1AE428-440E-40B0-8A8C-FC28EBC96A27}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS76FF\HPDiagnosticCoreUI.exe
FirewallRules: [{696F5DBA-B8FB-46C2-8DCC-3FA375581498}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS76FF\HPDiagnosticCoreUI.exe
FirewallRules: [{7D5AA1C3-9DB4-4D62-9522-1AA5F6D8A021}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS4BAE\HPDiagnosticCoreUI.exe
FirewallRules: [{89EBAC82-E118-4589-B55A-C113BC8CCAF5}] => (Allow) C:\Users\gcboshers\AppData\Local\Temp\7zS4BAE\HPDiagnosticCoreUI.exe
 
==================== Restore Points =========================
 
25-05-2017 17:11:39 Scheduled Checkpoint
04-06-2017 01:00:25 Scheduled Checkpoint
08-06-2017 08:52:05 Installed MKVCleaver x64
15-06-2017 19:12:16 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2017 06:03:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-JKSA8FD)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe5
 
Error: (06/16/2017 06:03:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-JKSA8FD)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe5
 
Error: (06/16/2017 06:03:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899bb2
Faulting module name: TimeBackground.dll, version: 10.1705.1705.10003, time stamp: 0x59138a40
Exception code: 0x80000003
Fault offset: 0x000000000000912f
Faulting process id: 0x19e0
Faulting application start time: 0x01d2e6ec595b5d9a
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1705.1303.0_x64__8wekyb3d8bbwe\TimeBackground.dll
Report Id: 3b4f68ee-7d96-4250-931f-694abaf3a934
Faulting package full name: Microsoft.WindowsAlarms_10.1705.1303.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (06/16/2017 06:01:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JKSA8FD)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 06:01:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Faulting module name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Exception code: 0xc000027b
Fault offset: 0x0000000000022e27
Faulting process id: 0x3f0c
Faulting application start time: 0x01d2e6ec0f76aded
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: b882c892-9489-4eef-a375-82ad5bfc0e08
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (06/16/2017 05:54:09 PM) (Source: ESENT) (EventID: 439) (User: )
Description: svchost (3972) TILEREPOSITORYS-1-5-21-425089530-3975823602-1963991744-1001: Unable to write a shadowed header for file C:\Users\gcboshers\AppData\Local\TileDataLayer\Database\EDB.chk. Error -1032.
 
Error: (06/16/2017 05:54:09 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (3972) TILEREPOSITORYS-1-5-21-425089530-3975823602-1963991744-1001: An attempt to open the file "C:\Users\gcboshers\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/16/2017 05:48:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-JKSA8FD)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe5
 
Error: (06/16/2017 05:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899bb2
Faulting module name: TimeBackground.dll, version: 10.1705.1705.10003, time stamp: 0x59138a40
Exception code: 0x80000003
Fault offset: 0x000000000000912f
Faulting process id: 0x2b38
Faulting application start time: 0x01d2e6ea40e6b555
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1705.1303.0_x64__8wekyb3d8bbwe\TimeBackground.dll
Report Id: 985788d3-6acf-4e5d-8205-efa28fe57e62
Faulting package full name: Microsoft.WindowsAlarms_10.1705.1303.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (06/16/2017 05:33:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-JKSA8FD)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe5
 
 
System errors:
=============
Error: (06/16/2017 06:01:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 05:29:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 05:23:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 05:18:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 05:10:46 PM) (Source: HTTP) (EventID: 15006) (User: )
Description: Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
 
Error: (06/16/2017 04:51:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server CortanaUI did not register with DCOM within the required timeout.
 
Error: (06/16/2017 04:51:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 04:51:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server CortanaUI did not register with DCOM within the required timeout.
 
Error: (06/16/2017 04:51:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server App did not register with DCOM within the required timeout.
 
Error: (06/16/2017 04:50:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JKSA8FD)
Description: The server CortanaUI did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-18 10:51:14.898
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-18 10:51:12.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-09 17:15:46.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-09 15:33:17.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-03 11:08:06.885
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-03 10:06:45.076
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-03 09:38:32.121
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-01 13:41:02.309
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-27 18:53:31.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-26 10:11:44.821
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6800K CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 32661.79 MB
Available physical RAM: 25853.45 MB
Total Virtual: 65429.79 MB
Available Virtual: 58660.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:463.08 GB) (Free:356.71 GB) NTFS
Drive d: (DATA) (Fixed) (Total:3725.9 GB) (Free:3687.23 GB) NTFS
Drive f: (WD Int 6TB) (Fixed) (Total:5589 GB) (Free:2057.1 GB) exFAT ==>[system with boot components (obtained from drive)]
Drive g: (WD Int 6TB) (Fixed) (Total:5589 GB) (Free:2055.72 GB) exFAT
Drive i: (WD Ext 6TB) (Fixed) (Total:5589 GB) (Free:1613.39 GB) NTFS
Drive j: (WD Ext 5TB) (Fixed) (Total:4657.49 GB) (Free:934.87 GB) NTFS
Drive k: (WD Ext 8TB) (Fixed) (Total:7452 GB) (Free:3157.78 GB) exFAT
Drive l: (WD Ext 8TB) (Fixed) (Total:7452 GB) (Free:3041.37 GB) exFAT
Drive m: (WD Ext 6TB) (Fixed) (Total:5589 GB) (Free:2309.27 GB) NTFS
Drive n: (WD Ext 5TB) (Fixed) (Total:4657.49 GB) (Free:2068.56 GB) NTFS
Drive o: (WD Ext 4TB) (Fixed) (Total:3725.99 GB) (Free:1216.4 GB) NTFS
Drive p: (WD Ext 4TB) (Fixed) (Total:3725.99 GB) (Free:704.07 GB) NTFS
Drive q: (WD Ext 4TB) (Fixed) (Total:3725.99 GB) (Free:897.73 GB) NTFS
Drive r: (WD Ext 6TB) (Fixed) (Total:5589 GB) (Free:1578.32 GB) NTFS
Drive s: (WD Ext 4TB) (Fixed) (Total:3725.99 GB) (Free:1639.38 GB) NTFS
Drive t: (WD Ext 4TB) (Fixed) (Total:3725.99 GB) (Free:492.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 66ABD691)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 66ABD55E)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 5589 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 5589 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 4 (Size: 7452 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 9.
 
========================================================
Disk: 10 (Size: 7452 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 11.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 12.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 13.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 14.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 15.
 
==================== End of Addition.txt ============================
 
 
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 AM

Posted 17 June 2017 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start with this cleaning.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: The Weather Channel.lnk ->  (No File)
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=26E50E64-43A1-430D-B18A-988D0A05FC38&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NTIOLib_Flash; \??\C:\Users\GCBOSH~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X] <==== ATTENTION
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
U2 V2iMount; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 AM

Posted 17 June 2017 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start with this cleaning.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: The Weather Channel.lnk ->  (No File)
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=26E50E64-43A1-430D-B18A-988D0A05FC38&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NTIOLib_Flash; \??\C:\Users\GCBOSH~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X] <==== ATTENTION
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
U2 V2iMount; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#4 Slats347xrp6v

Slats347xrp6v
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 17 June 2017 - 03:40 PM

First Clean:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by gcboshers (17-06-2017 16:14:16) Run:1
Running from C:\Users\gcboshers\Desktop
Loaded Profiles: gcboshers (Available Profiles: defaultuser0 & gcboshers & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [4673304 2016-11-02] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: The Weather Channel.lnk ->  (No File)
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=26E50E64-43A1-430D-B18A-988D0A05FC38&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-425089530-3975823602-1963991744-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-06]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NTIOLib_Flash; \??\C:\Users\GCBOSH~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X] <==== ATTENTION
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
U2 V2iMount; no ImagePath
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
ShortcutTarget: The Weather Channel.lnk ->  (No File) => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&guid=26E50E64-43A1-430D-B18A-988D0A05FC38&doi=2016-09-01&gct=kwd&qsrc=2869 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-425089530-3975823602-1963991744-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully
C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
CHR Extension: (Chrome Web Store Payments) - => not found
"C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]" => not found.
C:\Users\gcboshers\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\AGSService => key removed successfully
AGSService => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_Flash => key removed successfully
NTIOLib_Flash => service removed successfully
HKLM\System\CurrentControlSet\Services\RtlWlanu => key removed successfully
RtlWlanu => service removed successfully
HKLM\System\CurrentControlSet\Services\V2iMount => key removed successfully
V2iMount => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 182629175 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 976260 B
Edge => 0 B
Chrome => 1175552 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3410 B
NetworkService => 0 B
defaultuser0 => 128 B
gcboshers => 5212729 B
Administrator => 62837 B
 
RecycleBin => 0 B
EmptyTemp: => 181.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:14:38 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 AM

Posted 18 June 2017 - 06:57 AM

Please let me know what problem persists with this computer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 AM

Posted 24 June 2017 - 08:19 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Slats347xrp6v

Slats347xrp6v
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 June 2017 - 05:55 PM

Nothing new has happened since our our conversation. Edge has started working. Looking up a lot of my issues, seems like I am not the only one having the same issues with Windows 10 Pro. Thank you for your time. Probably will be reloading OS in a week. Will read the guide you posted. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 AM

Posted 25 June 2017 - 07:47 AM

Before re-installing Windows you should try this.

Repair these services.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users