Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrbtproxy.dll is missing


  • Please log in to reply
19 replies to this topic

#1 ElectricYouth

ElectricYouth

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 21 August 2017 - 02:28 AM

Ever since yesterday, it sometimes occurs that when I reboot my laptop, it hangs in the restarting phase. After waiting for 5 minutes, nothing happens so I just reboot manually by holding the power button.

Today, most applications wouldn't start, so I clicked on restart and it said "this application is preventing you from restarting", however it did not mention which app.

 

After manually restarting it, things worked fine, however, I suddenly got this error:

ServiceStartMenuIndexer.exe - system error

The program can't start because CsrBtProxy.DLL is missing from your computer. Try reinstalling the program to fix this problem.

 

I scanned with Malwarebytes 3.1.2 and there were 0 threats.

 

I read online that this error could happen by improperly shutting down PC, which I did. But it doesn't explain why the restarting screen hangs sometimes when I try to reboot.

 

Does anyone have a clue? Thanks.



BC AdBot (Login to Remove)

 


m

#2 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 22 August 2017 - 11:23 AM

Maybe this is related or not. But today, during startup I got this error:

"The group policy client service failed to sign-in.
The universal unique identified (UUID) type is not supported"

 

Couldn't start some apps, so restarted again and then followed these steps to fix it:

There are two places to look in the registry:

  1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain gpsvc key (a folder), which is responsible for service parameters and configuration.  I found that the key was intact, so, you do not touch anything here - just check that the key exists.
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1.  Below are descriptions what must be present there.
  • There must be Multi-String value called GPSvcGroup. My laptop was missing it.  So, you should create multi-string value named GPSvcGroup and assign it value GPSvc.
  • Next, you must create a key (a folder) and name it GPSvcGroup - this key normally should be there, but, again, it was missin on my laptop.
  • Then open newly-created GPSvcGroup folder and create 2 DWORD values:
  1. First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
  2. Second is called CoInitializeSecurityParam and it must have value of 1.

 

Here is a walkthrough on youtube:

 

I just failed to change the data on the imagepath explained at 2:30. It's -k netsvcs instead of GPSvcGroup. When I try to modify it, there's the following error: "cannot edit imagepath: error writing the value's new contents."

 

I don't know what I am doing at all.... editing registry is so weird, can someone please help?



#3 sikntired

sikntired

  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:08 PM

Posted 22 August 2017 - 01:42 PM

Sadly, I cannot provide a possible resolution. However be patient as someone will come along with a solution.

In the meantime, if I were you, I would abstain from trying to modify the REGISTRY as you may do more harm than good.

By no means am I a computer wizard but one thing I might try is to run sfc /scannow. You can do this by opening a command prompt and run as Administrator. You may have to do this several times.

http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista

Hopes this helps.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:08 PM

Posted 23 August 2017 - 01:29 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#5 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 September 2017 - 06:56 AM

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis

 

Sorry for the late reply, was very busy. I performed the steps you lined out.

Here's the link to speccy: http://speccy.piriform.com/results/w72yYJq5UHNkxLnvrIdEejw

Thanks for help.

 

And the notepad:
MiniToolBox by Farbar  Version: 17-06-2016
Ran by CensoredName (administrator) on 18-09-2017 at 10:12:02
Running from "C:\Users\CensoredName\Downloads"
Microsoft Windows 8.1  (X64)
Model: Aspire V3-772G Manufacturer: Acer

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2017 08:50:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version= "16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.  Component identity found in manifest does not match the identity of the component requested.  Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".  Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2017 08:50:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecb e86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df _6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.  A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6 .0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/16/2017 11:10:44 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 883313

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 883313

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 867922

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 867922

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 12:36:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1739891

System errors:
=============
Error: (09/18/2017 08:49:41 AM) (Source: Service Control Manager) (User: )
Description: The following service has repeatedly stopped responding to service control requests: CSR Bluetooth Service
Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.  You may have to restart the computer in safe mode before you can disable the service.

Error: (09/18/2017 08:49:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/18/2017 08:48:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/18/2017 08:48:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/18/2017 08:47:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/17/2017 11:35:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/17/2017 11:34:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CsrBtService service.

Error: (09/17/2017 11:34:25 PM) (Source: DCOM) (User: FLASH)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (09/17/2017 11:34:25 PM) (Source: DCOM) (User: FLASH)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (09/17/2017 11:34:24 PM) (Source: DCOM) (User: FLASH)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Microsoft Office Sessions:
=========================
Error: (09/18/2017 08:50:39 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type=" win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

Error: (09/18/2017 08:50:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600. 18006_none_623f33d3ecbe86e8.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifestC:\Program Files (x86)\Audacity\audacity.exe

Error: (09/16/2017 11:10:44 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 883313

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 883313

Error: (09/16/2017 02:51:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 867922

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 867922

Error: (09/16/2017 02:50:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 12:36:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1739891

=========================== Installed Programs ============================
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.22)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-3709efc5-5fef-477a-bbc7-18036009379f) (Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-c1e41e34-aa82-4d21-b10b-ea95ce0ba721) (Version: 2.2.0.110 - WildTangent) Hidden
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-5d43c571-d01e-4d41-b589-dd7c2fb18019) (Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKCU\...\SweetLabs_AP) (Version: 0.269.8.135 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Kaspersky Password Manager (HKLM-x32\...\{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-2ca776d0-7df4-49c3-ad99-d905d71006d2) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-8cb10c4b-d256-475b-afa9-f56cbcde394f) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-73604cda-effc-4a0e-8680-4376e0afcbc5) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-29adcc55-3046-4a34-ad10-ba599d8c239f) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKCU\...\SweetLabs_Start_Menu) (Version: 0.269.8.135 - Pokki)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.28148 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.2.11.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.2.11.0 - 2BrightSparks)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-05e9de94-4402-46f9-901a-34504a0f3b1e) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-d7467e94-4236-4fb7-8556-26bfa11455eb) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WhatsApp (HKCU\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden

========================= Memory info: ===================================
Percentage of memory in use: 28%
Total physical RAM: 16264.27 MB
Available physical RAM: 11710.01 MB
Total Virtual: 18696.27 MB
Available Virtual: 13965.75 MB

========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:47.8 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:914.51 GB) (Free:910.41 GB) NTFS
3 Drive e: (CSR4.0 Harmony) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS
4 Drive h: () (Removable) (Total:57.82 GB) (Free:0.02 GB) FAT32

========================= Users: ========================================
User accounts for \\FLASH

Administrator            Guest                    CensoredName                   
UpdatusUser              


**** End of log ****
 

 

@ sikntired, couldn't follow the steps in your link, it was a bit too complex but thanks for providing it!


Edited by hamluis, 24 October 2017 - 05:05 PM.


#6 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 24 October 2017 - 02:39 AM

Could someone please get back to this thread? The problem is getting worse. Thanks.



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 54,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:08 PM

Posted 24 October 2017 - 05:46 PM

Appears to me that you have damaged/corrupt bluetooth drivers, at the minimum.

 

I would uninstall the current bluetooth drivers, then reboot and allow them to reinstall.

 

Average and peak memory usage for Firefox is 5-6 times what I would expect.

 

Moving topic to Am I Infected forum for a malware check.

 

Louis



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:08 PM

Posted 25 October 2017 - 11:03 AM

Hello, please run these next.. You can skip the TDSSKiller scan.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 November 2017 - 07:59 AM

Thanks for the help. I have included the reports below.

 

Note:

-I have been using Kaspersky Total Security and the paid version of Malwarebytes 3 for a few months now

-For some reason malwarebytes 3's "web protection" turns off by itself sometimes

-Junkware Removal Tool was discontinued 1 day after your post so couldn't use that one

-Adwcleaner generated 2 documents for some reason, so I included them both.

 

 

MiniToolBox report:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by CensoredName (administrator) on 02-11-2017 at 10:45:44
Running from "C:\Users\CensoredName\Downloads"
Microsoft Windows 8.1  (X64)
Model: Aspire V3-772G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Connected)
Broadcom 802.11n Network Adapter = Wi-Fi (Connected)
Kaspersky Security Data Escort Adapter = Ethernet 2 (Media disconnected)
TAP-NordVPN Windows Adapter V9 = Ethernet 3 (Media disconnected)
Bluetooth Personal Area Network Device = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_5 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Flash
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Personal Area Network Device
   Physical Address. . . . . . . . . : 00-1A-7D-DA-71-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-NordVPN Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-A1-3E-13-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter
   Physical Address. . . . . . . . . : 00-FF-E4-31-7A-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 08-3E-8E-EE-8D-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 0A-3E-8E-EE-8D-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 08-3E-8E-EE-8D-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a959:9b12:e71c:2bea%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : donderdag 2 november 2017 10:39:41
   Lease Expires . . . . . . . . . . : donderdag 2 november 2017 12:39:40
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 67649166
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3A-31-CD-60-02-92-2D-B0-00
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 60-02-92-2D-B0-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d1d:beea:77c8:628f%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.107(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : donderdag 2 november 2017 10:40:11
   Lease Expires . . . . . . . . . . : donderdag 2 november 2017 12:40:10
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 56623762
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3A-31-CD-60-02-92-2D-B0-00
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{34D9EC41-CEEA-4F19-9352-19F0163D8C42}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C405594E-A5AE-4571-9EC0-2B0865EF48DE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:400e:807::200e
      172.217.17.142


Pinging google.com [172.217.20.110] with 32 bytes of data:
Reply from 172.217.20.110: bytes=32 time=46ms TTL=54
Reply from 172.217.20.110: bytes=32 time=13ms TTL=54

Ping statistics for 172.217.20.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 46ms, Average = 29ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.180.149
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=154ms TTL=51
Reply from 98.138.253.109: bytes=32 time=147ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 147ms, Maximum = 154ms, Average = 150ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 22...00 1a 7d da 71 13 ......Bluetooth Personal Area Network Device
 21...00 ff a1 3e 13 49 ......TAP-NordVPN Windows Adapter V9
 10...00 ff e4 31 7a 81 ......Kaspersky Security Data Escort Adapter
  7...08 3e 8e ee 8d 63 ......Microsoft Hosted Network Virtual Adapter
  5...0a 3e 8e ee 8d 63 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...08 3e 8e ee 8d 63 ......Broadcom 802.11n Network Adapter
  3...60 02 92 2d b0 00 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.106     25
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.107     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.106    281
      192.168.0.0    255.255.255.0         On-link     192.168.0.107    266
    192.168.0.106  255.255.255.255         On-link     192.168.0.106    281
    192.168.0.107  255.255.255.255         On-link     192.168.0.107    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.106    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.107    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.107    266
        224.0.0.0        240.0.0.0         On-link     192.168.0.106    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.107    266
  255.255.255.255  255.255.255.255         On-link     192.168.0.106    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    266 fe80::/64                On-link
  4    281 fe80::/64                On-link
  3    266 fe80::1d1d:beea:77c8:628f/128
                                    On-link
  4    281 fe80::a959:9b12:e71c:2bea/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/02/2017 06:14:46 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1725671

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1725671

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2937

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2937

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1781

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1781

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/01/2017 11:10:44 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (11/01/2017 11:10:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 17:41:12 on ‎1-‎11-‎2017 was unexpected.

Error: (11/01/2017 11:09:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Error: (11/01/2017 08:16:58 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (11/01/2017 08:16:55 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:33:29 on ‎31-‎10-‎2017 was unexpected.

Error: (10/31/2017 09:46:01 PM) (Source: Service Control Manager) (User: )
Description: The CSR OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/31/2017 09:45:58 PM) (Source: DCOM) (User: FLASH)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/31/2017 09:57:15 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (10/31/2017 09:57:12 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 09:42:59 on ‎31-‎10-‎2017 was unexpected.

Error: (10/31/2017 09:54:57 AM) (Source: Service Control Manager) (User: )
Description: The CSR OBEX Service service terminated unexpectedly.  It has done this 2 time(s).


Microsoft Office Sessions:
=========================
Error: (11/02/2017 06:14:46 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1725671

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1725671

Error: (11/02/2017 06:11:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2937

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2937

Error: (11/02/2017 05:42:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1781

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1781

Error: (11/02/2017 05:42:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.22)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-3709efc5-5fef-477a-bbc7-18036009379f) (Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-c1e41e34-aa82-4d21-b10b-ea95ce0ba721) (Version: 2.2.0.110 - WildTangent) Hidden
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-5d43c571-d01e-4d41-b589-dd7c2fb18019) (Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKCU\...\SweetLabs_AP) (Version: 0.269.8.272 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Kaspersky Password Manager (HKLM-x32\...\{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-2ca776d0-7df4-49c3-ad99-d905d71006d2) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-8cb10c4b-d256-475b-afa9-f56cbcde394f) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-73604cda-effc-4a0e-8680-4376e0afcbc5) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-29adcc55-3046-4a34-ad10-ba599d8c239f) (Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Pokki Start Menu (HKCU\...\SweetLabs_Start_Menu) (Version: 0.269.8.272 - Pokki)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.28148 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.2.11.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.2.11.0 - 2BrightSparks)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-05e9de94-4402-46f9-901a-34504a0f3b1e) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-d7467e94-4236-4fb7-8556-26bfa11455eb) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WhatsApp (HKCU\...\WhatsApp) (Version: 0.2.6426 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 16264.27 MB
Available physical RAM: 12920.14 MB
Total Virtual: 18696.27 MB
Available Virtual: 15277.54 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:44.57 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:914.51 GB) (Free:910.41 GB) NTFS
3 Drive e: (CSR4.0 Harmony) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\FLASH

Administrator            Guest                    CensoredName                   
UpdatusUser              


**** End of log ****

 

 

 

 

 

 

 

 

 

 

 

AdwCleaner report 1:

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 02 09:53:15 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-02-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\CensoredName\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\Pokki
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\Pokki
PUP.Optional.Legacy, C:\Users\Public\Pokki


***** [ Files ] *****

PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
PUP.Optional.Legacy, C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
PUP.Optional.PCAppStore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
PUP.Optional.PCAppStore, C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, SweetLabs App Platform


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Directory\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Drive\shell\pokki
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Adware.pokki, [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\SweetLabs App Platform
Adware.pokki, [Key] - HKCU\Software\SweetLabs App Platform


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

 

 

 

AdwCleaner report 2:

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 02 09:58:10 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\CensoredName\AppData\Local\SweetLabs App Platform
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki


***** [ Files ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted: C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted: C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: SweetLabs App Platform


***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted: [Value] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted: [Key] - HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\SweetLabs App Platform
Deleted: [Key] - HKCU\Software\SweetLabs App Platform


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2954 B] - [2017/11/2 9:53:15]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

 

 

 

 

ESET Online Scan:

C:\Users\CensoredName\AppData\Local\Microsoft\Windows\INetCache\IE\BOT0YVRT\cctrialsetup[1].exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\CensoredName\Downloads\FreemakeYouTubeToMP3BoomSetup(1).exe    a variant of Win32/FusionCore.I potentially unwanted application    
C:\Users\CensoredName\Downloads\FreemakeYouTubeToMP3BoomSetup.exe    a variant of Win32/FusionCore.I potentially unwanted application    
C:\Users\CensoredName\Downloads\spsetup131.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
 

 

Thanks in advance.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:08 PM

Posted 02 November 2017 - 01:54 PM

It appears to longer be a malware issue.. I suggest running All in One Repair and see..

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 04 November 2017 - 07:13 AM

Thanks for your reply.

What do you mean by:

 

It appears to longer be a malware issue..

 

I performed step 2. Not sure if I should perform repair reparse point OR repair environment variable. This is what came out:

 

 Tweaking.com - Windows Repair 2018 (v4.0.9) - Pre-Scan
│ Computer: FLASH (Windows 8.1 6.3.9600.18822 ) (64-bit)
│ [Started Scan - 4-11-2017 18:25:51]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (4-11-2017 18:25:51)

│ No problems were found with the Packages Files.

│ Files Checked & Verified: 11.473

│ Done Scanning Windows Packages Files.(4-11-2017 18:27:28)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (4-11-2017 18:27:28)

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream32.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream32.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll) (Creation Time: 9-8-2017 17:58:43)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream64.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll) (Creation Time: 9-8-2017 18:01:28)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream32.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream32.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll) (Creation Time: 9-8-2017 17:58:22)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll) (Creation Time: 9-8-2017 18:00:13)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream32.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll) (Creation Time: 9-8-2017 17:59:03)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream32.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AppvIsvStream32.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll) (Creation Time: 9-8-2017 17:58:56)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppvIsvStream64.dll) (Target Path: \\?\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll) (Creation Time: 9-8-2017 18:00:13)
Target Path doesn't exist!

│ Missing Default Reparse Point: (Original Path: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.

│ Files & Folders Searched: 352.314
│ Reparse Points Found: 89

│ Done Scanning Reparse Points.(4-11-2017 18:27:45)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (4-11-2017 18:27:45)

│ This folder in the 'Path' variable doesn't exist:

│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.

│ Done Checking Environment Variables. (4-11-2017 18:27:45)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 4-11-2017 18:27:45]

│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
└────────────────────────────────────────────────────────────────────────────────┘


Edited by ElectricYouth, 04 November 2017 - 02:24 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:08 PM

Posted 05 November 2017 - 05:52 PM

Repair ...
I believe any malware is gone and there is file corruption from it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 November 2017 - 03:21 AM

Repair ...
I believe any malware is gone and there is file corruption from it.

 

Yes but which one?

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly.

 

 

Should I pick repair reparse point or should I pick repair environment variable?



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:08 PM

Posted 07 November 2017 - 04:49 PM

Do the Reparse points
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 09 November 2017 - 07:38 AM

I forgot to turn off my malwarebytes 3.0 and kaspersky total security while doing the steps.

When I did the very final step "Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.". I went to take a nap. When I woke up, it had finished, and there was a popup of Kaspersky saying that it detected a trojan and that I had to disinfect it before restarting laptop, so I did that. Than, before it finished (i think), it restarted laptop by itself.

I don't know what to do now.

 

When I click on the folder logs, there are these files:

-chkdsk_full_log (text)
-chkdsk_log (text)

-9-11-2017_11.34.58 (folder

 

When I open this latter folder, there are these text documents in it:

-_Windows_Repair_Log
-Remove_Temp_Files
-Rrepair_component_store
-Repair_hosts_file
-repair_icons
-Repair_MSI_windows_installer
-Repair_network

-Repair_performance_couners
-Repair_volume_shadow_copy_service
-Repair_Windows_Firewall
-Repair_windows_updates
-Repair_WMI

 

Let me know which logs I should post in my next reply.

 

:(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users