Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove SmartService Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 iceotope

iceotope

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 September 2017 - 06:22 PM

Anytime I open MBAM or MBAR I get an error that resource is already in use.

What I have tried so far:

  • MBAM
  • MBAR
  • Symantec AV
  • SpyHunter
  • Kaspersky Rescue Disk 10- Completed most comprehensive scan. Took 1.5 hours, still no improvements

 

Used Farbar and received the following results

FRST:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2017

Ran by Home (administrator) on DESKTOP-HOME (12-09-2017 19:13:00)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\Windows\System32\msngduh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [svcvmx] => C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-12] ()
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\MountPoints2: {2ac403e3-a9c5-11e6-9db7-e840f2a7de5f} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\MountPoints2: {c9635434-98c1-11e6-9db7-e840f2a7de5f} - "E:\VZW_Software_upgrade_assistant.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{385cfd2b-3722-4f53-b5ed-d3f2d290dfc2}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6c8d8cd8-7f90-4629-8db6-106e868d28ac}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default [2017-09-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\OsbQi05I.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\OsbQi05I.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\OsbQi05I.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\OsbQi05I.default -> hxxps://www.google.com/search?q=
FF Extension: (User-Agent Switcher) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2017-06-21]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_1.xml [2017-04-12]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_2.xml [2017-05-02]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_3.xml [2017-05-25]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_4.xml [2017-07-31]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_5.xml [2017-08-02]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_6.xml [2017-08-06]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_7.xml [2017-08-06]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\Google_8.xml [2017-08-06]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\OsbQi05I.default\searchplugins\yahoo! powered.xml [2017-04-23]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon [2017-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4257984237-3910152571-1267917105-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-09] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-23]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-09-12]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-04]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2016-12-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-07-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-09]
CHR Extension: (Arabic) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-08-06]
CHR Extension: (The Great Suspender) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2016-09-13] (Coupons.com Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\N360.exe [326144 2017-07-14] (Symantec Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2016-05-19] (The OpenVPN Project)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8594800 2017-08-15] (Reimage®)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S2 EraserSvc11720; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\N360.exe" /h ccCommon [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
PCW (Start=4 -> Start=0) <==== restored successfully
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\BASHDefs\20170807.003\BHDrvx64.sys [1862816 2017-08-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\IPSDefs\20170811.001\IDSvia64.sys [1056920 2017-08-04] (Symantec Corporation)
R3 NetgearUDSMBus; C:\Windows\system32\drivers\netgearUDSMBus.sys [113888 2013-07-25] (Windows ® Codename Longhorn DDK provider)
R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\netgearUDSMBus.sys [92160 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 NetgearUDSTcpBus; C:\Windows\System32\drivers\netgearUDSTcpBus.sys [193248 2013-07-25] (Windows ® Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\netgearUDSTcpBus.sys [153600 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-07-07] (CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SRTSP; C:\Windows\system32\drivers\N360x64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-08-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [46584 2017-09-11] (Wellbia.com Co., Ltd.)
U3 dmwappushsvc; no ImagePath
S3 EraserUtilDrv11720; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11720.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 19:13 - 2017-09-12 19:13 - 000020364 _____ C:\Users\Home\Downloads\FRST.txt
2017-09-12 19:12 - 2017-09-12 19:13 - 000000000 ____D C:\FRST
2017-09-12 19:12 - 2017-09-12 19:12 - 002397184 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2017-09-12 19:07 - 2017-09-12 19:07 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Home\Downloads\mbar-1.09.3.1001 (1).exe
2017-09-12 15:45 - 2017-09-12 15:45 - 000387584 _____ C:\Users\Home\Downloads\rescue2usb.exe
2017-09-12 15:44 - 2017-09-12 15:45 - 332333056 _____ C:\Users\Home\Downloads\kav_rescue_10.iso
2017-09-12 15:30 - 2017-09-12 15:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2017-09-12 15:25 - 2017-09-12 15:26 - 000000000 ____D C:\rei
2017-09-12 15:25 - 2017-09-12 15:25 - 000004344 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-09-12 15:25 - 2017-09-12 15:25 - 000001984 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-09-12 15:25 - 2017-09-12 15:25 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-09-12 15:25 - 2017-09-12 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-09-12 15:25 - 2017-09-12 15:25 - 000000000 ____D C:\Program Files\Reimage
2017-09-12 15:24 - 2017-09-12 15:26 - 000000140 _____ C:\Windows\Reimage.ini
2017-09-12 15:24 - 2017-09-12 15:24 - 000604928 _____ (Reimage) C:\Users\Home\Downloads\ReimageRepair.exe
2017-09-12 15:22 - 2017-09-12 15:23 - 008182736 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.2.1.exe
2017-09-12 15:15 - 2017-09-12 15:36 - 000001378 _____ C:\Users\Home\Desktop\Rkill.txt
2017-09-12 15:12 - 2017-09-12 15:12 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Home\Downloads\iExplore.exe
2017-09-12 15:11 - 2017-09-12 15:11 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Home\Downloads\mbar-1.09.3.1001.exe
2017-09-12 15:01 - 2017-09-12 15:40 - 000000000 ____D C:\Windows\pss
2017-09-12 15:01 - 2017-09-12 15:37 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-12 14:56 - 2017-09-12 14:56 - 009826968 _____ (Piriform Ltd) C:\Users\Home\Downloads\ccsetup534.exe
2017-09-11 16:35 - 2017-09-11 18:57 - 000000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-08-30 20:06 - 2017-08-30 20:06 - 000000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2017-08-29 20:39 - 2017-09-11 23:49 - 000000066 _____ C:\Users\Home\Desktop\config.ini
2017-08-29 20:38 - 2017-08-29 20:38 - 000515584 _____ C:\Users\Home\Desktop\EH_3.9.1.exe
2017-08-16 19:27 - 2017-09-11 23:49 - 000001325 _____ C:\Users\Home\Desktop\CrossFire.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 19:11 - 2016-05-09 12:32 - 000879220 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-12 19:11 - 2015-10-30 03:21 - 000000000 ____D C:\Windows\INF
2017-09-12 19:10 - 2017-08-06 21:41 - 000000000 ____D C:\Users\Home\AppData\Local\ntuserlitelist
2017-09-12 19:04 - 2016-05-09 15:19 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2017-09-12 19:04 - 2016-02-13 09:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-12 17:26 - 2015-10-30 02:28 - 015990784 _____ C:\Windows\system32\config\HARDWARE
2017-09-12 17:26 - 2015-10-30 02:28 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-12 17:19 - 2016-05-21 11:12 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
2017-09-12 15:20 - 2016-11-13 21:26 - 000000000 ____D C:\Users\Home\AppData\Local\Samsung
2017-09-12 15:20 - 2016-11-13 21:25 - 000000000 ____D C:\Users\Home\AppData\Roaming\Samsung
2017-09-12 15:20 - 2016-11-13 21:23 - 000000000 ____D C:\ProgramData\Samsung
2017-09-12 15:20 - 2016-11-13 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-09-12 15:20 - 2016-11-13 21:23 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-09-12 15:20 - 2016-10-19 10:37 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-09-12 14:58 - 2016-05-09 12:27 - 000000000 ____D C:\Users\Home
2017-09-12 14:54 - 2017-07-25 18:13 - 000000000 ____D C:\CFLog
2017-09-12 14:49 - 2016-05-09 12:27 - 000000000 ____D C:\Users\Home\AppData\Local\Packages
2017-09-11 23:49 - 2017-07-25 18:13 - 000046584 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2017-09-11 21:18 - 2017-04-23 22:24 - 000001158 _____ C:\Users\Home\Desktop\Cheat Engine.lnk
2017-09-11 18:58 - 2017-05-04 20:09 - 000359424 ___SH C:\Users\Home\Desktop\Thumbs.db
2017-09-11 16:36 - 2016-05-09 16:13 - 000000248 _____ C:\Users\Home\AppData\LocalLow\rbxcsettings.rbx
2017-08-31 20:19 - 2017-05-31 18:02 - 000000000 ____D C:\Users\Home\AppData\LocalLow\Mozilla
2017-08-20 19:48 - 2016-08-13 21:07 - 000000000 ____D C:\Users\Home\Documents\AutomaticSolution Software
2017-08-14 23:03 - 2017-05-02 20:29 - 000031744 ___SH C:\Users\Home\Downloads\Thumbs.db
 
==================== Files in the root of some directories =======
 
2017-08-06 21:40 - 2017-08-06 21:40 - 000003072 _____ () C:\Users\Home\AppData\Local\uninstallce.exe
 
Some files in TEMP:
====================
2017-08-12 20:15 - 2017-09-12 00:49 - 000000000 _____ () C:\Users\Home\AppData\Local\Temp\19480092594194a127310869d618ccd6.dll
2017-08-12 20:15 - 2017-09-11 23:49 - 000790016 _____ () C:\Users\Home\AppData\Local\Temp\2288270668.exe
2017-09-12 15:25 - 2017-09-12 15:25 - 013482464 _____ (Reimage) C:\Users\Home\AppData\Local\Temp\ReimagePackage.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-05-09 15:22
 
==================== End of FRST.txt ============================

 

Additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017

Ran by Home (12-09-2017 19:14:48)
Running from C:\Users\Home\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-09 16:26:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4257984237-3910152571-1267917105-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4257984237-3910152571-1267917105-503 - Limited - Disabled)
Guest (S-1-5-21-4257984237-3910152571-1267917105-501 - Limited - Disabled)
Home (S-1-5-21-4257984237-3910152571-1267917105-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-4257984237-3910152571-1267917105-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catan Universe 'Early Access' (HKLM-x32\...\{46C2D7F2-20D8-4DBA-A10C-37C478EF5662}) (Version: 1.00.0000 - USM) Hidden
Catan Universe 'Early Access' (HKLM-x32\...\{BFC9C9F7-7E48-4CCB-8F1F-EE09B6114A23}) (Version: 1.00.15 - USM) Hidden
Catan Universe 'Early Access' (HKLM-x32\...\InstallShield_{46C2D7F2-20D8-4DBA-A10C-37C478EF5662}) (Version: 1.00.0000 - USM)
Catan Universe 'Early Access' (HKLM-x32\...\InstallShield_{BFC9C9F7-7E48-4CCB-8F1F-EE09B6114A23}) (Version: 1.00.15 - USM)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
CrossFire NA (HKLM-x32\...\CrossFire_is1) (Version:  - Z8Games.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
NETGEAR USB Control Center   (HKLM-x32\...\{A98ED5B6-8D40-4D1A-ADC5-86D45AD4F7AD}) (Version: 1.36 - NETGEAR)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.10.0.85 - Symantec Corporation)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 5.15.1.0 - PureVPN)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.6.7 - Reimage) <==== ATTENTION
Roblox Player for Home (HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Stellarium 0.15.2 (HKLM\...\Stellarium_is1) (Version: 0.15.2 - Stellarium team)
Unity Web Player (HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"{01C7C80F-DA6A-4698-BA70-4DA27991C5A9}" task was unlocked. <==== ATTENTION
"{08629A58-75ED-46AA-8646-8C7015698215}" task was unlocked. <==== ATTENTION
"{0A493256-4ADB-4CF2-8AB5-8CCBEFDFC5FE}" task was unlocked. <==== ATTENTION
"{0C20E8DB-DCF0-4C48-B9B9-482E02BD9F1F}" task was unlocked. <==== ATTENTION
Task: {0C67452C-C21D-436E-9309-28DAA7D03053} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
"{0CFE2E40-6A97-48C5-9F38-DE82315CF1B0}" task was unlocked. <==== ATTENTION
"{11406457-2C26-401D-B271-B7393CAD7F85}" task was unlocked. <==== ATTENTION
Task: {134CB63C-4778-40BA-95A8-5B36BC9A8E04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {15090C7C-954B-440E-AF23-6A5CA51CBB66} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
"{181EF958-CF2C-45C1-BFE2-0048458E3EFC}" task was unlocked. <==== ATTENTION
"{1A289232-BCB9-4599-A894-898D820255F8}" task was unlocked. <==== ATTENTION
"{1A438DBA-6F47-44D6-8207-124A92E1597E}" task was unlocked. <==== ATTENTION
"{1A8A1750-6B60-430B-A914-E01C395D222E}" task was unlocked. <==== ATTENTION
"{1D453F5E-124F-4C7E-B652-958F1A40ED1E}" task was unlocked. <==== ATTENTION
"{1F0B1B6D-6FB8-495E-8D1D-0B6BA27883EB}" task was unlocked. <==== ATTENTION
"{216D44FB-2DD3-4478-8395-49C0E0D2D767}" task was unlocked. <==== ATTENTION
"{22DF95EE-A3BC-4A00-8468-0FF46BF970FC}" task was unlocked. <==== ATTENTION
"{2300B6D1-D409-499E-92DF-030662B73A6B}" task was unlocked. <==== ATTENTION
Task: {234C1F07-CAC7-4C47-87D9-846DAD13713C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {24515CF3-B2E1-4937-B18A-CB35323DD491} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {26F8E74E-8FCC-42E9-A05A-9995C42764D4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-HOME-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
"{27A7ABEB-AF7C-40F4-BAD4-95630EB0C1FA}" task was unlocked. <==== ATTENTION
"{2B307AD0-33EA-4DB6-81B3-05FEADBE1140}" task was unlocked. <==== ATTENTION
Task: {2C363C19-D020-48A2-84DE-81D204DF2ABC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
"{2C389306-244A-4110-97CB-594D5A467287}" task was unlocked. <==== ATTENTION
"{2CCA2563-023C-4159-8011-59C6C9E1973A}" task was unlocked. <==== ATTENTION
"{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" task was unlocked. <==== ATTENTION
"{33046BDC-2974-457F-A198-055760713D46}" task was unlocked. <==== ATTENTION
"{330DDC8E-A32D-4363-9C85-527F2673DDF7}" task was unlocked. <==== ATTENTION
"{3627755F-6629-4D94-850A-FBE43D28BEB8}" task was unlocked. <==== ATTENTION
"{37307B43-41DC-4BBE-BF3B-9B1631BEE311}" task was unlocked. <==== ATTENTION
"{3788B008-08AE-42A1-AECB-404EE0EFEAA5}" task was unlocked. <==== ATTENTION
"{4208A7BF-D622-476E-A1A3-F9EB2719ECD4}" task was unlocked. <==== ATTENTION
"{43744BF4-03F7-4B73-87FC-2BA232F6D655}" task was unlocked. <==== ATTENTION
"{44AF46C9-4AA6-4851-959E-023D755ED880}" task was unlocked. <==== ATTENTION
"{44EA678F-7E08-4531-92E2-587CA13B5D2C}" task was unlocked. <==== ATTENTION
"{45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF}" task was unlocked. <==== ATTENTION
"{48A98229-5C8E-4DDD-8139-CF35F7262A95}" task was unlocked. <==== ATTENTION
"{48E4EF46-2962-499E-B496-FD87DEFA9D4D}" task was unlocked. <==== ATTENTION
"{4A944005-EAD7-4E3D-A0CB-E36A03948234}" task was unlocked. <==== ATTENTION
"{4ADD02F8-8A80-4037-93AF-01F0D391A8D4}" task was unlocked. <==== ATTENTION
"{4BC5D02D-368A-405A-B471-F9CAB6666731}" task was unlocked. <==== ATTENTION
"{4C5A8A03-2384-464F-AEAA-F58928D854D8}" task was unlocked. <==== ATTENTION
"{4E3CB8C2-8A0C-4570-A32E-7319C6E8E432}" task was unlocked. <==== ATTENTION
"{4E4954A6-C22F-4537-87FE-9A696B7BF9C4}" task was unlocked. <==== ATTENTION
"{511CB694-F6BB-49BA-AC20-E2916B05BD90}" task was unlocked. <==== ATTENTION
"{52362630-34B3-46AA-8508-9857D8B13B4F}" task was unlocked. <==== ATTENTION
Task: {52BB0827-2A72-4705-8273-E6F9169B04BE} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-08-15] (Reimage®) <==== ATTENTION
"{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" task was unlocked. <==== ATTENTION
"{57ED60D2-6B0B-4069-90B4-50B067491212}" task was unlocked. <==== ATTENTION
"{59CBDFB9-8D90-4443-9AF8-5C3B45220F5E}" task was unlocked. <==== ATTENTION
"{59CE74C9-886F-4121-8052-508A4B829DC6}" task was unlocked. <==== ATTENTION
Task: {59D91819-E931-4996-B9E3-7075726E9B43} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
"{5B4C02FF-5C7C-42FB-877E-4F57C6198A71}" task was unlocked. <==== ATTENTION
"{61E97BCB-528E-4B3C-A43A-CDFC978E48E7}" task was unlocked. <==== ATTENTION
"{62C6204C-B449-4C2C-B915-D8E513C8D2DC}" task was unlocked. <==== ATTENTION
"{64EFDCE4-067E-45AD-80B7-9ACADBA7145A}" task was unlocked. <==== ATTENTION
"{669B944E-926D-4382-AB83-710022AE3EA2}" task was unlocked. <==== ATTENTION
"{66FE0026-8E27-493D-BED2-EF4ACF50814C}" task was unlocked. <==== ATTENTION
"{679EB820-C80C-4B8C-81EB-D3B5A83C3BF3}" task was unlocked. <==== ATTENTION
"{697E18DD-943C-470A-B9E3-6E5DDCB42D05}" task was unlocked. <==== ATTENTION
Task: {6A3153BB-EDC0-4818-A81A-A6F7B0372DD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"{6B0D6754-588A-4B5C-95F7-7F39A9780F7E}" task was unlocked. <==== ATTENTION
"{6B696BCF-C866-41CA-B4E4-3D19FB1E9250}" task was unlocked. <==== ATTENTION
Task: {6C0A2847-03D2-4207-87B7-F3CEC865C5DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"{6CBA2464-1DAD-4F1D-919F-4E6DFC499277}" task was unlocked. <==== ATTENTION
"{6D88DE84-0813-4C51-99FC-12A9A98DD1D9}" task was unlocked. <==== ATTENTION
"{70CF17D8-ACB3-4DBF-B283-6A71C9BF3D0E}" task was unlocked. <==== ATTENTION
"{71E53243-3A2D-47EE-9DAB-6D71B2366657}" task was unlocked. <==== ATTENTION
"{73F84A2E-E267-44CD-AE43-26F5FADC07BC}" task was unlocked. <==== ATTENTION
"{7464E64D-F916-44C4-8B4D-8285C95325A1}" task was unlocked. <==== ATTENTION
"{7506EE3F-10D4-4FCF-9DDD-77B8FF1182D4}" task was unlocked. <==== ATTENTION
"{75336275-E3E0-4BC0-B373-3CFB8C1E4130}" task was unlocked. <==== ATTENTION
"{75EEC801-5298-41FE-BD51-F07E4178CA3E}" task was unlocked. <==== ATTENTION
"{7A6FA6EC-ED66-42B8-B9D7-06523FB6E039}" task was unlocked. <==== ATTENTION
"{7AE1BCAC-061D-4672-BACB-88BC74CE1D7A}" task was unlocked. <==== ATTENTION
"{7BC12C89-A012-46EA-B9EB-052EB5CD4326}" task was unlocked. <==== ATTENTION
"{7BD8F44E-530D-41CF-B1D0-B9BB0B0C1C73}" task was unlocked. <==== ATTENTION
"{7F64EAF9-FFE6-49DB-90DD-80D2B8774614}" task was unlocked. <==== ATTENTION
"{7FAF6FA5-8557-4C4D-9206-7460555EAB06}" task was unlocked. <==== ATTENTION
"{830038A6-9046-42E5-B03C-1455E6BDFBAF}" task was unlocked. <==== ATTENTION
"{84E4A8CF-CE13-47C4-ABC1-BC5DD42C6C83}" task was unlocked. <==== ATTENTION
"{860F596C-A1D8-4651-B747-D134041D80AD}" task was unlocked. <==== ATTENTION
Task: {87F60781-6FBB-4404-94EF-965AB810463F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-07-14] (Symantec Corporation)
"{8865CC07-3C24-475C-896D-8ABA96F2471A}" task was unlocked. <==== ATTENTION
Task: {8E93B064-D90D-4ECD-9326-A54721AE2F21} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
"{90D79106-3D12-40AF-A9BA-231F2327770C}" task was unlocked. <==== ATTENTION
"{94582C27-CA52-4593-9A48-A317C4D361E3}" task was unlocked. <==== ATTENTION
Task: {950B07E3-3070-4F20-A667-56794870C2F1} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION
"{955E8D5B-0718-411A-9D8F-83454788272B}" task was unlocked. <==== ATTENTION
"{97601E9E-9C9C-415D-B81D-9F86ACA7CDC5}" task was unlocked. <==== ATTENTION
"{9A58602B-2D48-4E55-BA94-672A29521C76}" task was unlocked. <==== ATTENTION
"{9B3A6CD7-4CDE-4432-BE99-B316D2296C86}" task was unlocked. <==== ATTENTION
"{9FFB29C5-38ED-47CB-B89B-EA84708EBA65}" task was unlocked. <==== ATTENTION
Task: {A103224C-D35E-4F30-BFD0-F9006AAB7B84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-13] (Adobe Systems Incorporated)
Task: {A10DED2C-B51C-4105-8A10-DE4CE75153E4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-13] (Adobe Systems Incorporated)
"{A483A62A-BEE2-43EF-B43D-C4B6555D6F1E}" task was unlocked. <==== ATTENTION
"{A4D1B478-9D9D-489F-98BF-846F21D1EA6C}" task was unlocked. <==== ATTENTION
"{A6D9FF76-0705-4B3D-9D8E-0BB183A7D3E9}" task was unlocked. <==== ATTENTION
Task: {A73B169B-35F9-41E8-B802-660CC574066D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {A9C9E78C-1A5B-4F41-B5B0-7D8D1225523E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
"{AA16BF37-4FF5-40A7-9EA1-AB56C8AF1CCE}" task was unlocked. <==== ATTENTION
"{AE229047-6634-45F4-A0F4-6A9522659F2D}" task was unlocked. <==== ATTENTION
"{AF8621E4-DD0A-4E22-AEBD-D252114A7D89}" task was unlocked. <==== ATTENTION
"{AFD4A8A3-508B-4785-8271-CDEBAEED3F46}" task was unlocked. <==== ATTENTION
"{B3DD4C81-C4AC-4263-806F-E5B540C1B26A}" task was unlocked. <==== ATTENTION
"{B4A5B97B-E0F1-4984-ADA4-432088751E1B}" task was unlocked. <==== ATTENTION
"{BA3388B9-C9D3-47A9-A9B5-E79B50DD0270}" task was unlocked. <==== ATTENTION
"{BB94B31D-4FE5-42FB-A144-A393F6C54A6F}" task was unlocked. <==== ATTENTION
"{BD62F7BB-7242-4904-A8A8-4E358ED75D6B}" task was unlocked. <==== ATTENTION
"{BF589992-F6BB-4FFC-8766-FB138C7DE18D}" task was unlocked. <==== ATTENTION
"{C0A4DF9B-B00D-4626-8994-BF17C88860B0}" task was unlocked. <==== ATTENTION
"{C1E1F555-5EEC-4D6B-98FB-9934616F00E9}" task was unlocked. <==== ATTENTION
"{C349BB67-3672-4975-AE02-517BAD9318EE}" task was unlocked. <==== ATTENTION
"{C4E89737-E6D8-4D86-B15E-50A93654BBC1}" task was unlocked. <==== ATTENTION
Task: {C50DEBFB-E516-4669-9879-18E16DCA7832} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
"{C7752DC6-148D-4AB0-93E1-D84AEB7AA014}" task was unlocked. <==== ATTENTION
"{C881A742-1A15-4EAC-96B9-9C6EA38AC7FA}" task was unlocked. <==== ATTENTION
"{C8DB9D2B-AB0A-4D3F-8409-427C806748D6}" task was unlocked. <==== ATTENTION
"{CA1E905A-B064-48AF-9F06-68C7E71498B9}" task was unlocked. <==== ATTENTION
"{CA4BE44E-107E-4B2D-91AF-FC3B077B02FC}" task was unlocked. <==== ATTENTION
"{CC8236FF-A055-4083-A37E-D0F85E135DE3}" task was unlocked. <==== ATTENTION
"{CFC77F13-E27C-4C44-8D9B-CB2163D27C89}" task was unlocked. <==== ATTENTION
Task: {D7A2EEA7-5086-4C00-B516-79117ACE95A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
"{D7F0F250-0978-4FFA-BA28-A14C0AB462FF}" task was unlocked. <==== ATTENTION
"{DAAFAEC3-BC03-44D7-A77D-05760FE578AD}" task was unlocked. <==== ATTENTION
"{DB458018-DEBA-4577-AB8B-EA1506110FB8}" task was unlocked. <==== ATTENTION
Task: {DC475E0D-2B0C-47AE-B6EE-0224C329EF3A} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
"{DE9EF05D-D131-41FC-87C9-ABF449872934}" task was unlocked. <==== ATTENTION
"{E03596C8-B2A4-4553-B379-B678F0EBCA95}" task was unlocked. <==== ATTENTION
"{E15B0834-C96C-40E1-8995-12FE38D52648}" task was unlocked. <==== ATTENTION
Task: {E3AB4C56-4632-4574-A047-41ED3E1892F3} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
"{E506F4C9-20BB-40AE-AD65-2304E5EF9B80}" task was unlocked. <==== ATTENTION
"{E5217668-D921-4907-8CE1-276EABA44515}" task was unlocked. <==== ATTENTION
"{E7D61507-58B7-44DC-8D1E-932F96FC2D62}" task was unlocked. <==== ATTENTION
"{EA5D5FA7-79F4-4BC8-8C91-CA1A24F86527}" task was unlocked. <==== ATTENTION
"{EC59CC4E-A8CB-476D-8421-92558446E9A3}" task was unlocked. <==== ATTENTION
"{EF3EC7C4-1CB5-43F1-A074-D1D74BB07D7A}" task was unlocked. <==== ATTENTION
"{EFB2C913-BFA0-4FB9-8130-48BEE6BD1B12}" task was unlocked. <==== ATTENTION
"{F120A436-C215-4927-87AA-934387AF5782}" task was unlocked. <==== ATTENTION
"{F2341244-5F02-41C5-BA40-4FBADCD67206}" task was unlocked. <==== ATTENTION
"{F35162BA-CDE7-4746-A368-D590640A3FA9}" task was unlocked. <==== ATTENTION
"{F4BF89A9-8488-4988-B163-F7F0341D521B}" task was unlocked. <==== ATTENTION
"{F6734075-627C-47CE-918F-B51866D629BB}" task was unlocked. <==== ATTENTION
"{F775C69D-FE09-4105-8F98-5DC6D956FA4E}" task was unlocked. <==== ATTENTION
"{F98BB314-575B-453F-A9F9-A13B9D088426}" task was unlocked. <==== ATTENTION
"{F98C81FF-D786-4067-AAFB-D67F2BA8542A}" task was unlocked. <==== ATTENTION
"{FA625267-66E0-464A-AE95-8754007E78AD}" task was unlocked. <==== ATTENTION
"{FB1868EE-5CA8-4DE9-A8B1-6171EB0EDB5A}" task was unlocked. <==== ATTENTION
"{FC52F032-45F0-4B04-99DA-5A5F43CB0392}" task was unlocked. <==== ATTENTION
"{FC5681F1-C930-414C-8049-16F7B32D0FEF}" task was unlocked. <==== ATTENTION
Task: {FCE751EB-4917-4382-B833-46FEF0BA6AA4} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
"{FEF85651-4DD3-461C-AB7B-44FC3276E219}" task was unlocked. <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 000185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-22 01:09 - 2015-08-22 01:09 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 10:08 - 2014-02-11 10:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 10:08 - 2014-02-11 10:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2016-05-09 12:38 - 2016-03-29 06:20 - 002656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 19:07 - 2016-04-12 19:07 - 008901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-08-06 21:41 - 2017-08-06 21:41 - 002768896 ____N () C:\WINDOWS\SYSTEM32\MSNGDUH.EXE
2016-02-13 08:54 - 2016-02-13 08:54 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 16:09 - 2016-04-23 00:25 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 16:09 - 2016-04-23 00:02 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 16:09 - 2016-04-22 23:58 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 16:09 - 2016-04-22 23:58 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 16:09 - 2016-04-23 00:01 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-06 17:09 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-06 17:09 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-09-12 19:10 - 2017-09-12 19:10 - 000914944 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-09-12 19:10 - 2017-09-12 19:10 - 001087488 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-08-02 21:40 - 2017-09-12 19:10 - 053460480 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2017-09-12 19:10 - 001976832 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2017-09-12 19:10 - 000075264 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2017-09-12 19:10 - 017599640 _____ () C:\Users\Home\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:d12cda9b9070302f4b8970565f1c7336 [214]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2017-04-03 18:34 - 000004452 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
 
There are 83 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\StartupApproved\StartupFolder: => "PureVPN.lnk"
HKU\S-1-5-21-4257984237-3910152571-1267917105-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{36A64742-F7E3-44D0-8A0E-D576D303E14E}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{46829CA9-B85B-42B9-937B-03BD718F1BE7}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{239D798F-25D9-4CBD-83CB-595BF305AA00}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{400B154E-7C76-468F-B56E-75580F8F6951}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{289DD585-A4C3-4D7D-A493-5424AFAD691D}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E2E14481-E9BB-48D1-A624-6F7E662C9DFE}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{144EAA3D-19C5-46CA-9262-A4EB232599B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{886AA8AF-B3D8-44B7-8053-12A3D5B89DF8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{35806EEB-A544-4A8E-9A41-EAAE555BF96B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A6711278-F087-4C86-A137-B4990964C405}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{BB1C58EF-C842-4460-AC3A-EAC526510194}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{43F71468-F0EC-48EC-802C-E11208F947ED}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{36C67E37-DF14-4DC8-B944-D2DBF11DF0FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{26856BD6-F46B-4FAB-83DB-ABFB92077137}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AF6268BB-5798-4DF2-9531-69D78D727B53}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{83FBA958-23E9-461D-A786-D9EB44B4284D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{3ACFF524-78CB-4319-A1F1-AF28BE14E954}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{625B5100-A1F5-4078-ABEB-7208203E1D14}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{5E8477AA-34A4-480A-ACEC-87ED857BDADB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C123D887-CC88-4103-875B-DFF2F78E6A43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{852082D0-9EC2-4854-8D68-B9186F132E82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{260D2CD2-B081-4EF0-ADEB-DCED348A090F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E909DB02-D9BB-4E7B-86FA-08828DE21395}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F971163-02DD-480C-BE88-960B90E1C2B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F2257AC-BCA4-46C4-86C9-1C2E892B4994}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43CAC6F7-2818-4739-B2D2-C73B0F7E47B7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{39B076CF-F867-431B-B011-3F605A57BB88}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{8885BCF3-A840-4FCF-AA01-7E72D0745D55}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{221A36A8-DD9D-4766-88EC-FB26E678D848}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{503169DB-8670-4850-B565-30F4AF8168C9}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{B7F2E42B-8DE3-47CA-8677-5C5F251D6C68}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{82FF95A0-9D3C-4A4B-9431-6A4D3A6F065C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{1CBBA420-808A-41AF-A817-D6ED0D07FF65}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4F58156C-F1ED-42EC-AC8F-C1365FC2CDC9}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{3E6BEE7E-59DB-4351-8AE9-9EF28604A1E0}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B447A32D-B4F9-418D-ABAE-5D914B11C4FC}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{0A4020B0-5E45-4472-AF87-7832B7295EA6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{07D92F5A-0E95-4743-9BDC-B55C005ABB88}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{77CED841-9B96-4128-90B0-1AC970302094}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{A28548E0-D74E-4BD0-9E33-22397E3CC07F}] => (Allow) LPort=7423
FirewallRules: [{0292C15C-DC5A-4C92-AE00-FD516113A9BC}] => (Block) %ProgramFiles% (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
FirewallRules: [{3222F2ED-95A5-417F-AB0D-5497AD1E3360}] => (Block) %ProgramFiles% (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
FirewallRules: [{B27C623A-AB62-496A-BF61-0411431F2519}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{213DC47C-28BB-4CC7-90D1-8F4FC4BB333B}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{91660B7E-BE56-4E1C-87C1-9A0D42A04DD0}] => (Allow) LPort=7423
FirewallRules: [{B6AD012E-C965-464F-9410-660323FF0408}] => (Allow) LPort=80
FirewallRules: [{104C970D-0049-473E-ACC1-F05326A15361}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AF76A0A3-5EED-4157-929D-00561340B93D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{16B9B7C3-34C3-446A-9708-B7746AA09990}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4EA296EF-3287-4812-BB37-6B4E29B24028}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9D2D8DC3-3FA9-4CC8-93DB-F27127D2E5FF}C:\users\home\desktop\drivers\sdi_x64_r1780.exe] => (Allow) C:\users\home\desktop\drivers\sdi_x64_r1780.exe
FirewallRules: [UDP Query User{FB62B3D3-86F2-46E3-AEA1-52685CBC764C}C:\users\home\desktop\drivers\sdi_x64_r1780.exe] => (Allow) C:\users\home\desktop\drivers\sdi_x64_r1780.exe
FirewallRules: [{8A829231-7DF7-41B3-A709-95DBFE939859}] => (Allow) C:\Windows\system32\rundll32.exe
 
==================== Restore Points =========================
 
11-06-2017 20:08:59 Installed Chrome Remote Desktop Host
03-07-2017 18:19:15 Windows Modules Installer
12-07-2017 23:38:17 Installed Samsung Kies
21-07-2017 20:28:02 Removed Chrome Remote Desktop Host
06-08-2017 18:11:58 JRT Pre-Junkware Removal
12-09-2017 15:19:33 Removed Samsung Kies
 
==================== Faulty Device Manager Devices =============
 
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2017 07:08:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T23:24:51Z. Error Code: 0x80070005.
 
Error: (09/12/2017 07:08:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T23:24:21Z. Error Code: 0x80070005.
 
Error: (09/12/2017 07:07:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T23:24:35Z. Error Code: 0x80070005.
 
Error: (09/12/2017 05:26:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T23:24:22Z. Error Code: 0x80070005.
 
Error: (09/12/2017 05:25:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T23:24:52Z. Error Code: 0x80070005.
 
Error: (09/12/2017 04:44:44 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T21:12:44Z. Error Code: 0x80070005.
 
Error: (09/12/2017 04:44:14 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T21:12:14Z. Error Code: 0x80070005.
 
Error: (09/12/2017 04:43:44 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T21:12:44Z. Error Code: 0x80070005.
 
Error: (09/12/2017 04:43:14 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T21:12:14Z. Error Code: 0x80070005.
 
Error: (09/12/2017 04:42:44 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-12T21:12:44Z. Error Code: 0x80070005.
 
 
System errors:
=============
Error: (09/12/2017 07:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/12/2017 07:07:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/12/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The N360 service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/12/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EraserSvc11720 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/12/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/12/2017 07:04:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error: 
%%2147944153 = There are no more endpoints available from the endpoint mapper.
 
Error: (09/12/2017 07:04:55 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942405.
 
Error: (09/12/2017 07:04:55 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942405.
 
Error: (09/12/2017 07:04:55 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942405.
 
Error: (09/12/2017 07:04:55 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-02 13:13:41.262
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:41.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:41.036
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:41.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:40.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:40.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:04.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:04.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:04.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 13:13:04.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 40%
Total physical RAM: 5609.94 MB
Available physical RAM: 3322.78 MB
Total Virtual: 6505.94 MB
Available Virtual: 4118.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:157.17 GB) NTFS
Drive d: (Spare Drive 450) (Fixed) (Total:448.69 GB) (Free:410.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 30EA79F1)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 278657B6)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

What are my next steps?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 12 September 2017 - 06:26 PM

Hi iceotope :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 15 September 2017 - 10:30 AM

Hi iceotope,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 17 September 2017 - 01:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users