Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SCHEDULED TASKS AND COM HANDLER HIJACKING


  • This topic is locked This topic is locked
20 replies to this topic

#1 Cli7nt

Cli7nt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 17 September 2017 - 09:58 PM

I have months trying to clean my laptop. I have reinstalled over 50 times, every time I reinstall, the viruses come right back. 13 infections. They were as follows: Gen. Variant. Strictor ( multiples), Gen. Variant. Graftor (multiples) and Gen. Varient. Symmi (multiples). I run Bitdefender rescue cd right after an install and they are already detected and it seems to delete theme but my pc is still connected sending and receiving files who knows where? 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017
Ran by clint (administrator) on PC-CR75H3R (17-09-2017 12:50:08)
Running from C:\Users\clint\Desktop
Loaded Profiles: clint (Available Profiles: clint)
Platform: Windows 10 Pro Insider Preview Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\IntelCpHDCPSvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.1.10\NS.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.1.10\NS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [625488 2017-07-22] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{273e7fa2-3c40-4093-8143-b44ef3d71336}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
 
Edge: 
======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions [2017-07-22]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions [2017-07-22]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.10.1.10\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.10.1.10\coFFAddon => not found
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2017-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2017-09-17] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.bleepingcomputer.com/download/windows/
CHR Profile: C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Google Drive) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-17]
CHR Extension: (YouTube) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-17]
CHR Extension: (Avast Online Security) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-17]
CHR Extension: (Norton Identity Safe) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-17]
CHR Extension: (Gmail) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-17]
CHR Profile: C:\Users\clint\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1592064 2016-05-18] (Intel Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.10.1.10\NS.exe [326144 2017-08-24] (Symantec Corporation)
R4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4156880 2017-09-17] (Microsoft Corporation)
R4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [340920 2017-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [90920 2017-07-22] (Microsoft Corporation)
R4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.10.1.10\Definitions\BASHDefs\20170518.001\BHDrvx64.sys [1862784 2017-08-24] (Symantec Corporation)
S3 bthl2cap; C:\Windows\system32\DRIVERS\bthl2cap.sys [83968 2017-07-22] (Microsoft Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A010.00A\ccSetx64.sys [187520 2017-08-24] (Symantec Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-18] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-18] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-09-16] (Symantec Corporation)
U3 EraserUtilDrv11720; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11720.sys [158336 2017-09-16] (Symantec Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-18] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [347912 2016-07-13] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.10.1.10\Definitions\IPSDefs\20170810.100\IDSVia64.sys [1056920 2017-08-24] (Symantec Corporation)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2017-07-22] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_8b5e4d3ae5587a71\nvlddmkm.sys [14456944 2017-07-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-07-22] (Realtek )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [786680 2016-11-16] (Realsil Semiconductor Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-17] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NSx64\160A010.00A\SRTSP64.SYS [810136 2017-08-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A010.00A\SRTSPX64.SYS [49304 2017-08-24] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-08-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\160A010.00A\SymELAM.sys [24608 2017-08-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A010.00A\Ironx64.SYS [301288 2017-08-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\160A010.00A\SYMNETS.SYS [566912 2017-08-24] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [40832 2017-07-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [304976 2017-07-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117584 2017-07-22] (Microsoft Corporation)
==================== Files in the root of some directories =======
 
2017-09-17 09:47 - 2017-09-17 09:47 - 000000000 _____ () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017
Ran by clint (17-09-2017 12:52:36)
Running from C:\Users\clint\Desktop
Windows 10 Pro Insider Preview Version 1703 (X64) (2017-09-17 16:21:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2513592406-1520254525-3710401149-500 - Administrator - Disabled)
clint (S-1-5-21-2513592406-1520254525-3710401149-1001 - Administrator - Enabled) => C:\Users\clint
DefaultAccount (S-1-5-21-2513592406-1520254525-3710401149-503 - Limited - Disabled)
Guest (S-1-5-21-2513592406-1520254525-3710401149-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2513592406-1520254525-3710401149-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.91 - Google Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.10.1.10 - Symantec Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2513592406-1520254525-3710401149-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\clint\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2513592406-1520254525-3710401149-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\clint\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2513592406-1520254525-3710401149-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\clint\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxDTCM.dll [2017-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1965013D-7291-463A-A5BA-0E912F1AEECC} - System32\Tasks\Microsoft\Windows\Printing\EduPrintProv => C:\Windows\system32\eduprintprov.exe [2017-07-22] (Microsoft Corporation)
Task: {40429FD3-5103-44CD-9078-EDFE9EEBC3BE} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {4773FA27-EFDD-420A-8AA1-90B9D4703DFA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {4B18D4D9-0AB4-4126-BE5B-D1A3FBB06061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-17] (Google Inc.)
Task: {5AF4E2AE-F3A6-4375-8A7E-312B8D9396AB} - System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair => C:\Windows\system32\bcdboot.exe [2017-07-22] (Microsoft Corporation)
Task: {6601BFB2-1169-472D-9167-C87721100D3D} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation => C:\Windows\System32\WaaSMedic.exe [2017-07-22] (Microsoft Corporation)
Task: {71FE98F9-E2F6-4DED-B39A-B113205C5CA8} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {745A08F0-C1D9-43B8-958C-2D46FD22C409} - System32\Tasks\Microsoft\Windows\USB\Usb-Notifications
Task: {949B8EB7-7FB2-4BEA-B732-4DC58B52107F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {D471159C-0291-47CF-9BF8-77D4A2F10794} - System32\Tasks\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
Task: {E864C35A-3A33-4FB7-AA8F-137B2410E5FD} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {F15A39C2-182F-4433-8263-4D5F400F6FB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-17] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-22 01:03 - 2017-07-22 01:03 - 000178728 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-07-22 01:04 - 2017-07-22 02:04 - 011091456 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-07-22 01:04 - 2017-07-22 02:04 - 001767424 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-17 10:55 - 2017-09-14 00:30 - 002116440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.91\swiftshader\libglesv2.dll
2017-09-17 10:55 - 2017-09-14 00:30 - 000112472 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.91\swiftshader\libegl.dll
2017-09-17 11:02 - 2017-09-01 11:38 - 017822720 _____ () C:\Users\clint\AppData\Local\Google\Chrome\User Data\PepperFlash\27.0.0.130\pepflashplayer.dll
2017-04-07 00:41 - 2017-04-07 00:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-22 01:09 - 2017-07-22 01:07 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2513592406-1520254525-3710401149-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\clint\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img7.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 2
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 3
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 2
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
HKU\S-1-5-21-2513592406-1520254525-3710401149-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [DeliveryOptimization-UDP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [DeliveryOptimization-TCP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [Microsoft-Windows-PeerDist-WSD-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [FPS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [FPS-SpoolSvc-In-TCP] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [FPS-SpoolSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [RemoteDesktop-UserMode-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Block) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Block) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP-Teredo] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Block) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Block) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMP-In-UDP] => (Block) %ProgramFiles%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Block) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-In-TCP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-In-TCP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-QWave-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-QWave-In-UDP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Netlogon-TCP-RPC-In] => (Block) %SystemRoot%\System32\lsass.exe
FirewallRules: [Microsoft-Windows-PeerDist-WSD-Out] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-Out-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-Out-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [FPS-LLMNR-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-Out-TCP-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-RAServer-Out-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-Out-TCP] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [{2908A6E1-9EFA-4D8C-B113-5A8B639DB251}] => (Block) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Airplane Mode Switch Collection
Description: Airplane Mode Switch Collection
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Dell Inc
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Input Configuration Device
Description: Microsoft Input Configuration Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: MTConfig
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Dual Band Wireless-AC 3165
Description: Intel® Dual Band Wireless-AC 3165
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® HD Graphics 530
Description: Intel® HD Graphics 530
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2017 12:52:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (09/17/2017 12:52:42 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server


System errors:
=============

CodeIntegrity:
===================================
Date: 2017-09-17 12:49:47.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\clint\Desktop\FRST64.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 12:40:22.453
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 12:36:07.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\CCleaner\CCleaner.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 11:59:33.607
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.1.10\InstStub.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 11:48:15.089
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\clint\Downloads\NSDeluxeDownloader.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 11:46:52.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\clint\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\NSDeluxeDownloader.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 11:04:10.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\clint\Downloads\RevoUninProSetup.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 11:02:52.636
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 10:55:08.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\clint\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ccsetup534pro.exe that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 12130.46 MB
Available physical RAM: 8683.7 MB
Total Virtual: 12130.46 MB
Available Virtual: 8759.18 MB

==================== Drives ================================

Drive c: (Win10Pro) (Fixed) (Total:465.21 GB) (Free:428.44 GB) NTFS
Drive d: (WIN10) (Removable) (Total:14.65 GB) (Free:14.65 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0F812350)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 500A0DFF)
No partition Table on disk 1.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 21 September 2017 - 09:02 AM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 21 September 2017 - 09:04 AM

Greetings Cli7nt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

Do you have a Bitdefender log you can post showing exactly what was identified?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 24 September 2017 - 05:41 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 25 September 2017 - 11:10 PM

I'm so sorry for the delayed and will be most considerate moving forward. My computer got hit with the stopcode aka Blue Screen of Death on the 20th and I'm finally got back up and running after having to do a reinstall once again. 

 

As to your question I don't have one but to be exact it was Gen. Variant. Strictor ( multiples), Gen. Variant. Graftor (multiples) and Gen. Varient. Symmi (multiples), and in the winsxs folder files deleted included urlmon.dll, bthudtask.exe, proquota.exe, cttune.exe, iexpress.exe and kernelbase.dll. 

 

The big problem when trying to remove is that the boot folder is also infected with a ton of folders for hackers in multiple languages like  ar-SA, cs-CZ, sl-SI, en-US, en-GB, es-ES etc...and they each have tons of files and then also a lot of other files outside the folders in the boot folder itself. When I try to replace boot folder with the one from microsoft install disc i get blue screen stopcode and then it starts all over again due to not being able to boot up. :smash: 

 

Since I reinstalled I also did a new FRST scan so here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01

Ran by ABC7me (administrator) on DESKTOP-CR75H3R (25-09-2017 21:32:25)

Running from C:\Users\ABC7me\Desktop

Loaded Profiles: ABC7me (Available Profiles: ABC7me)

Platform: Windows 10 Home Single Language Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\IntelCpHDCPSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe

(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{3f5aad25-c9d7-44e6-994e-5d66630d81a0}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{d7b50774-edb7-4199-bbd2-fad9c1cac4f0}: [NameServer] 8.8.8.8,8.8.4.4

 

Internet Explorer:

==================

 

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://www.bleepingcomputer.com/download/windows/

CHR StartupUrls: Default -> "hxxps://www.bleepingcomputer.com/download/windows/"

CHR DefaultSearchKeyword: Default -> lp

CHR Profile: C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default [2017-09-25]

CHR Extension: (Google Drive) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-25]

CHR Extension: (YouTube) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-25]

CHR Extension: (Avast Online Security) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-25]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-25]

CHR Extension: (Chrome Web Store Payments) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-25]

CHR Extension: (Gmail) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-25]

CHR Extension: (Chrome Media Router) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R4 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1592064 2016-05-18] (Intel Corporation)

R4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)

R4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

R4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)

R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-18] (Intel Corporation)

R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-18] (Intel Corporation)

R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-18] (Intel Corporation)

S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [347912 2016-07-13] (Intel Corporation)

S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7626488 2017-03-09] (Intel Corporation)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [786680 2016-11-16] (Realsil Semiconductor Corporation)

S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-26 02:13 - 2017-09-26 01:37 - 000000000 ____D C:\Windows\Panther

2017-09-26 01:59 - 2017-09-25 18:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ElevatedDiagnostics

2017-09-26 01:45 - 2017-09-26 01:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Publishers

2017-09-26 01:44 - 2017-09-26 01:44 - 000000020 ___SH C:\Users\ABC7me\ntuser.ini

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Adobe

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VirtualStore

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Local\TileDataLayer

2017-09-26 01:44 - 2017-09-25 20:33 - 000922034 _____ C:\Windows\system32\PerfStringBackup.INI

2017-09-26 01:44 - 2017-09-25 20:10 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Packages

2017-09-26 01:44 - 2017-09-25 18:55 - 000000000 ___RD C:\Users\ABC7me\AccountPictures

2017-09-26 01:44 - 2017-09-25 18:55 - 000000000 ____D C:\Users\ABC7me

2017-09-26 01:44 - 2017-09-25 18:32 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ConnectedDevicesPlatform

2017-09-26 01:42 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2017-09-26 01:34 - 2017-09-25 20:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-09-26 01:33 - 2017-09-26 01:34 - 000000000 ____D C:\Windows\system32\SleepStudy

2017-09-26 01:33 - 2017-09-26 01:34 - 000000000 ____D C:\Windows\ServiceProfiles

2017-09-26 01:33 - 2017-09-25 20:15 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT

2017-09-25 21:32 - 2017-09-25 21:32 - 000007781 _____ C:\Users\ABC7me\Desktop\FRST.txt

2017-09-25 21:32 - 2017-09-25 21:32 - 000000000 ____D C:\FRST

2017-09-25 21:31 - 2017-09-25 21:31 - 002399744 _____ (Farbar) C:\Users\ABC7me\Desktop\FRST64.exe

2017-09-25 21:28 - 2017-09-25 21:28 - 009214024 _____ C:\Users\ABC7me\Downloads\RogueKillerCMD.exe

2017-09-25 20:38 - 2017-09-25 20:38 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Google

2017-09-25 20:34 - 2017-09-25 20:34 - 000379392 _____ C:\Users\ABC7me\Downloads\subinacl.msi

2017-09-25 20:29 - 2017-09-25 20:29 - 000000000 ____D C:\Users\ABC7me\AppData\Local\DBG

2017-09-25 20:15 - 2017-09-25 20:15 - 000000000 ____D C:\Intel

2017-09-25 20:06 - 2017-09-25 20:06 - 000001428 _____ C:\Users\ABC7me\Desktop\CCleaner.lnk

2017-09-25 20:04 - 2017-09-25 20:32 - 000002336 _____ C:\Users\ABC7me\Desktop\Google Chrome.lnk

2017-09-25 19:39 - 2017-09-25 19:39 - 000001183 _____ C:\Users\ABC7me\Desktop\Revo Uninstaller Pro.lnk

2017-09-25 19:24 - 2015-07-13 10:37 - 006873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 003493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 002558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 000937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2017-09-25 19:24 - 2015-07-13 10:37 - 000385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 000062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-09-25 19:24 - 2015-07-13 09:28 - 005096627 _____ C:\Windows\system32\nvcoproc.bin

2017-09-25 18:47 - 2017-09-25 18:47 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VS Revo Group

2017-09-25 18:47 - 2017-09-25 18:47 - 000000000 ____D C:\Program Files\VS Revo Group

2017-09-25 18:47 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2017-09-25 18:42 - 2017-09-25 20:06 - 000000000 ____D C:\Program Files\CCleaner

2017-09-25 18:42 - 2017-09-25 19:38 - 000000000 ____D C:\Program Files (x86)\Google

2017-09-25 18:42 - 2017-09-25 18:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Google

2017-09-25 18:42 - 2017-09-25 18:42 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2017-09-25 18:41 - 2017-09-25 18:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2017-09-25 18:35 - 2017-03-18 19:52 - 3662785343 _____ C:\Users\ABC7me\Desktop\install.wim

2017-09-25 18:27 - 2017-09-25 18:05 - 000544424 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2017-09-25 18:23 - 2017-09-25 18:24 - 000000000 ____D C:\Windows\system32\MRT

2017-09-25 18:23 - 2017-09-25 18:23 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Windows\system32\RTCOM

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Program Files\Waves

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Program Files (x86)\Realtek

2017-09-25 18:22 - 2017-09-25 18:23 - 000000000 ____D C:\Windows\SysWOW64\RTCOM

2017-09-25 18:22 - 2017-09-25 18:22 - 000000000 ____D C:\Windows\system32\SRSLabs

2017-09-25 18:22 - 2017-09-25 18:22 - 000000000 ____D C:\Program Files\Realtek

2017-09-25 18:20 - 2017-09-25 18:20 - 000000000 ____D C:\Windows\SysWOW64\sda

2017-09-25 18:19 - 2017-09-25 18:20 - 000000000 ____D C:\Users\ABC7me\AppData\Local\MicrosoftEdge

2017-09-25 18:16 - 2017-09-25 18:16 - 000000000 ____D C:\Users\ABC7me\AppData\Local\NVIDIA

2017-09-25 18:12 - 2017-09-25 19:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2017-09-25 18:12 - 2017-09-25 19:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-09-25 18:11 - 2017-09-25 18:11 - 000000000 ____D C:\Windows\system32\Intel

2017-09-25 18:09 - 2017-09-25 18:23 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin

2017-09-25 18:09 - 2017-09-25 18:09 - 000000000 ____D C:\Program Files\Intel

2017-09-25 18:09 - 2017-05-03 03:26 - 000113664 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL

2017-09-25 18:09 - 2017-05-03 03:26 - 000104448 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL

2017-09-25 18:02 - 2017-09-25 18:02 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Macromedia

2017-09-25 18:02 - 2017-09-25 18:02 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Comms

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-26 02:13 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\FxsTmp

2017-09-26 01:37 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep

2017-09-26 01:35 - 2017-03-18 19:32 - 000000000 ____D C:\Windows\HoloShell

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2017-09-26 01:34 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM

2017-09-25 20:32 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\setup

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\PolicyDefinitions

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\addins

2017-09-25 20:15 - 2017-03-18 04:40 - 000262144 _____ C:\Windows\system32\config\BBI

2017-09-25 20:10 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness

2017-09-25 19:28 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\rescache

2017-09-25 19:28 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp

2017-09-25 19:24 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help

2017-09-25 18:02 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-09-25 17:59 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF

 

==================== Files in the root of some directories =======

 

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-09-25 20:26

 

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01

Ran by ABC7me (administrator) on DESKTOP-CR75H3R (25-09-2017 21:32:25)

Running from C:\Users\ABC7me\Desktop

Loaded Profiles: ABC7me (Available Profiles: ABC7me)

Platform: Windows 10 Home Single Language Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\IntelCpHDCPSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe

(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{3f5aad25-c9d7-44e6-994e-5d66630d81a0}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{d7b50774-edb7-4199-bbd2-fad9c1cac4f0}: [NameServer] 8.8.8.8,8.8.4.4

 

Internet Explorer:

==================

 

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://www.bleepingcomputer.com/download/windows/

CHR StartupUrls: Default -> "hxxps://www.bleepingcomputer.com/download/windows/"

CHR DefaultSearchKeyword: Default -> lp

CHR Profile: C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default [2017-09-25]

CHR Extension: (Google Drive) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-25]

CHR Extension: (YouTube) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-25]

CHR Extension: (Avast Online Security) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-25]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-25]

CHR Extension: (Chrome Web Store Payments) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-25]

CHR Extension: (Gmail) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-25]

CHR Extension: (Chrome Media Router) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R4 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1592064 2016-05-18] (Intel Corporation)

R4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)

R4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

R4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)

R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-18] (Intel Corporation)

R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-18] (Intel Corporation)

R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-18] (Intel Corporation)

S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [347912 2016-07-13] (Intel Corporation)

S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7626488 2017-03-09] (Intel Corporation)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [786680 2016-11-16] (Realsil Semiconductor Corporation)

S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-26 02:13 - 2017-09-26 01:37 - 000000000 ____D C:\Windows\Panther

2017-09-26 01:59 - 2017-09-25 18:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ElevatedDiagnostics

2017-09-26 01:45 - 2017-09-26 01:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Publishers

2017-09-26 01:44 - 2017-09-26 01:44 - 000000020 ___SH C:\Users\ABC7me\ntuser.ini

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Adobe

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VirtualStore

2017-09-26 01:44 - 2017-09-26 01:44 - 000000000 ____D C:\Users\ABC7me\AppData\Local\TileDataLayer

2017-09-26 01:44 - 2017-09-25 20:33 - 000922034 _____ C:\Windows\system32\PerfStringBackup.INI

2017-09-26 01:44 - 2017-09-25 20:10 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Packages

2017-09-26 01:44 - 2017-09-25 18:55 - 000000000 ___RD C:\Users\ABC7me\AccountPictures

2017-09-26 01:44 - 2017-09-25 18:55 - 000000000 ____D C:\Users\ABC7me

2017-09-26 01:44 - 2017-09-25 18:32 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ConnectedDevicesPlatform

2017-09-26 01:42 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2017-09-26 01:34 - 2017-09-25 20:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-09-26 01:33 - 2017-09-26 01:34 - 000000000 ____D C:\Windows\system32\SleepStudy

2017-09-26 01:33 - 2017-09-26 01:34 - 000000000 ____D C:\Windows\ServiceProfiles

2017-09-26 01:33 - 2017-09-25 20:15 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT

2017-09-25 21:32 - 2017-09-25 21:32 - 000007781 _____ C:\Users\ABC7me\Desktop\FRST.txt

2017-09-25 21:32 - 2017-09-25 21:32 - 000000000 ____D C:\FRST

2017-09-25 21:31 - 2017-09-25 21:31 - 002399744 _____ (Farbar) C:\Users\ABC7me\Desktop\FRST64.exe

2017-09-25 21:28 - 2017-09-25 21:28 - 009214024 _____ C:\Users\ABC7me\Downloads\RogueKillerCMD.exe

2017-09-25 20:38 - 2017-09-25 20:38 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Google

2017-09-25 20:34 - 2017-09-25 20:34 - 000379392 _____ C:\Users\ABC7me\Downloads\subinacl.msi

2017-09-25 20:29 - 2017-09-25 20:29 - 000000000 ____D C:\Users\ABC7me\AppData\Local\DBG

2017-09-25 20:15 - 2017-09-25 20:15 - 000000000 ____D C:\Intel

2017-09-25 20:06 - 2017-09-25 20:06 - 000001428 _____ C:\Users\ABC7me\Desktop\CCleaner.lnk

2017-09-25 20:04 - 2017-09-25 20:32 - 000002336 _____ C:\Users\ABC7me\Desktop\Google Chrome.lnk

2017-09-25 19:39 - 2017-09-25 19:39 - 000001183 _____ C:\Users\ABC7me\Desktop\Revo Uninstaller Pro.lnk

2017-09-25 19:24 - 2015-07-13 10:37 - 006873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 003493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 002558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 000937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2017-09-25 19:24 - 2015-07-13 10:37 - 000385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-09-25 19:24 - 2015-07-13 10:37 - 000062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-09-25 19:24 - 2015-07-13 09:28 - 005096627 _____ C:\Windows\system32\nvcoproc.bin

2017-09-25 18:47 - 2017-09-25 18:47 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VS Revo Group

2017-09-25 18:47 - 2017-09-25 18:47 - 000000000 ____D C:\Program Files\VS Revo Group

2017-09-25 18:47 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2017-09-25 18:42 - 2017-09-25 20:06 - 000000000 ____D C:\Program Files\CCleaner

2017-09-25 18:42 - 2017-09-25 19:38 - 000000000 ____D C:\Program Files (x86)\Google

2017-09-25 18:42 - 2017-09-25 18:45 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Google

2017-09-25 18:42 - 2017-09-25 18:42 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2017-09-25 18:41 - 2017-09-25 18:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2017-09-25 18:35 - 2017-03-18 19:52 - 3662785343 _____ C:\Users\ABC7me\Desktop\install.wim

2017-09-25 18:27 - 2017-09-25 18:05 - 000544424 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2017-09-25 18:23 - 2017-09-25 18:24 - 000000000 ____D C:\Windows\system32\MRT

2017-09-25 18:23 - 2017-09-25 18:23 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Windows\system32\RTCOM

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Program Files\Waves

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____D C:\Program Files (x86)\Realtek

2017-09-25 18:22 - 2017-09-25 18:23 - 000000000 ____D C:\Windows\SysWOW64\RTCOM

2017-09-25 18:22 - 2017-09-25 18:22 - 000000000 ____D C:\Windows\system32\SRSLabs

2017-09-25 18:22 - 2017-09-25 18:22 - 000000000 ____D C:\Program Files\Realtek

2017-09-25 18:20 - 2017-09-25 18:20 - 000000000 ____D C:\Windows\SysWOW64\sda

2017-09-25 18:19 - 2017-09-25 18:20 - 000000000 ____D C:\Users\ABC7me\AppData\Local\MicrosoftEdge

2017-09-25 18:16 - 2017-09-25 18:16 - 000000000 ____D C:\Users\ABC7me\AppData\Local\NVIDIA

2017-09-25 18:12 - 2017-09-25 19:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2017-09-25 18:12 - 2017-09-25 19:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-09-25 18:11 - 2017-09-25 18:11 - 000000000 ____D C:\Windows\system32\Intel

2017-09-25 18:09 - 2017-09-25 18:23 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin

2017-09-25 18:09 - 2017-09-25 18:09 - 000000000 ____D C:\Program Files\Intel

2017-09-25 18:09 - 2017-05-03 03:26 - 000113664 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL

2017-09-25 18:09 - 2017-05-03 03:26 - 000104448 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL

2017-09-25 18:02 - 2017-09-25 18:02 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Macromedia

2017-09-25 18:02 - 2017-09-25 18:02 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Comms

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-26 02:13 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool

2017-09-26 01:42 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\FxsTmp

2017-09-26 01:37 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep

2017-09-26 01:35 - 2017-03-18 19:32 - 000000000 ____D C:\Windows\HoloShell

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView

2017-09-26 01:35 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2017-09-26 01:34 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM

2017-09-25 20:32 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\setup

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\PolicyDefinitions

2017-09-25 20:15 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\addins

2017-09-25 20:15 - 2017-03-18 04:40 - 000262144 _____ C:\Windows\system32\config\BBI

2017-09-25 20:10 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness

2017-09-25 19:28 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\rescache

2017-09-25 19:28 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp

2017-09-25 19:24 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help

2017-09-25 18:02 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-09-25 17:59 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF

 

==================== Files in the root of some directories =======

 

2017-09-25 18:23 - 2017-09-25 18:23 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-09-25 20:26

 

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01

Ran by ABC7me (25-09-2017 21:33:14)

Running from C:\Users\ABC7me\Desktop

Windows 10 Home Single Language Version 1703 (X64) (2017-09-26 08:40:39)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

ABC7me (S-1-5-21-2305249498-4186968921-2790479869-1001 - Administrator - Enabled) => C:\Users\ABC7me

Administrator (S-1-5-21-2305249498-4186968921-2790479869-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2305249498-4186968921-2790479869-503 - Limited - Disabled)

Guest (S-1-5-21-2305249498-4186968921-2790479869-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxDTCM.dll [2017-05-03] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-13] (NVIDIA Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll

2017-09-25 18:42 - 2017-09-20 21:57 - 002116440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libglesv2.dll

2017-09-25 18:42 - 2017-09-20 21:57 - 000112472 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2305249498-4186968921-2790479869-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ABC7me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\Services: AJRouter => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppReadiness => 3

MSCONFIG\Services: AudioEndpointBuilder => 2

MSCONFIG\Services: Audiosrv => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BFE => 2

MSCONFIG\Services: BITS => 2

MSCONFIG\Services: Browser => 3

MSCONFIG\Services: BthHFSrv => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: CDPSvc => 2

MSCONFIG\Services: CertPropSvc => 3

MSCONFIG\Services: COMSysApp => 3

MSCONFIG\Services: cphs => 3

MSCONFIG\Services: cplspcon => 2

MSCONFIG\Services: CryptSvc => 3

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: DeviceAssociationService => 3

MSCONFIG\Services: DeviceInstall => 3

MSCONFIG\Services: DevQueryBroker => 3

MSCONFIG\Services: Dhcp => 2

MSCONFIG\Services: diagnosticshub.standardcollector.service => 3

MSCONFIG\Services: DiagTrack => 2

MSCONFIG\Services: DmEnrollmentSvc => 3

MSCONFIG\Services: dmwappushservice => 3

MSCONFIG\Services: Dnscache => 2

MSCONFIG\Services: DoSvc => 2

MSCONFIG\Services: dot3svc => 3

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: DsmSvc => 3

MSCONFIG\Services: DsSvc => 3

MSCONFIG\Services: DusmSvc => 2

MSCONFIG\Services: EapHost => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: esifsvc => 2

MSCONFIG\Services: EventLog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 3

MSCONFIG\Services: fhsvc => 3

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: FrameServer => 3

MSCONFIG\Services: hidserv => 3

MSCONFIG\Services: HomeGroupListener => 3

MSCONFIG\Services: HomeGroupProvider => 3

MSCONFIG\Services: HvHost => 3

MSCONFIG\Services: ibtsiva => 2

MSCONFIG\Services: icssvc => 3

MSCONFIG\Services: igfxCUIService2.0.0.0 => 2

MSCONFIG\Services: IKEEXT => 3

MSCONFIG\Services: iphlpsvc => 2

MSCONFIG\Services: IpxlatCfgSvc => 3

MSCONFIG\Services: irmon => 3

MSCONFIG\Services: KeyIso => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LanmanServer => 2

MSCONFIG\Services: LanmanWorkstation => 2

MSCONFIG\Services: lfsvc => 3

MSCONFIG\Services: LicenseManager => 3

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: lmhosts => 3

MSCONFIG\Services: MapsBroker => 2

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: NaturalAuthentication => 3

MSCONFIG\Services: NcaSvc => 3

MSCONFIG\Services: NcbService => 3

MSCONFIG\Services: NcdAutoSetup => 3

MSCONFIG\Services: Netlogon => 3

MSCONFIG\Services: Netman => 3

MSCONFIG\Services: netprofm => 3

MSCONFIG\Services: NetSetupSvc => 3

MSCONFIG\Services: NlaSvc => 2

MSCONFIG\Services: nsi => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PcaSvc => 2

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: PhoneSvc => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: PlugPlay => 3

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: PolicyAgent => 3

MSCONFIG\Services: Power => 2

MSCONFIG\Services: PrintNotify => 3

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 3

MSCONFIG\Services: RetailDemo => 3

MSCONFIG\Services: RmSvc => 3

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: RtkAudioService => 2

MSCONFIG\Services: SamSs => 2

MSCONFIG\Services: ScDeviceEnum => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SEMgrSvc => 3

MSCONFIG\Services: SENS => 2

MSCONFIG\Services: SensorDataService => 3

MSCONFIG\Services: SensorService => 3

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SharedAccess => 3

MSCONFIG\Services: ShellHWDetection => 2

MSCONFIG\Services: smphost => 3

MSCONFIG\Services: SmsRouter => 3

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: spectrum => 3

MSCONFIG\Services: Spooler => 2

MSCONFIG\Services: SSDPSRV => 3

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: stisvc => 3

MSCONFIG\Services: StorSvc => 3

MSCONFIG\Services: svsvc => 3

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: Themes => 2

MSCONFIG\Services: TieringEngineService => 3

MSCONFIG\Services: TokenBroker => 3

MSCONFIG\Services: TrkWks => 2

MSCONFIG\Services: TrustedInstaller => 3

MSCONFIG\Services: UI0Detect => 3

MSCONFIG\Services: UmRdpService => 3

MSCONFIG\Services: upnphost => 3

MSCONFIG\Services: UsoSvc => 3

MSCONFIG\Services: VaultSvc => 3

MSCONFIG\Services: vds => 3

MSCONFIG\Services: vmicguestinterface => 3

MSCONFIG\Services: vmicheartbeat => 3

MSCONFIG\Services: vmickvpexchange => 3

MSCONFIG\Services: vmicrdv => 3

MSCONFIG\Services: vmicshutdown => 3

MSCONFIG\Services: vmictimesync => 3

MSCONFIG\Services: vmicvmsession => 3

MSCONFIG\Services: vmicvss => 3

MSCONFIG\Services: VSS => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WalletService => 3

MSCONFIG\Services: WavesSysSvc => 2

MSCONFIG\Services: wbengine => 3

MSCONFIG\Services: WbioSrvc => 3

MSCONFIG\Services: Wcmsvc => 2

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: WebClient => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: WEPHOSTSVC => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WFDSConMgrSvc => 3

MSCONFIG\Services: WiaRpc => 3

MSCONFIG\Services: WinHttpAutoProxySvc => 3

MSCONFIG\Services: Winmgmt => 2

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: wisvc => 3

MSCONFIG\Services: WlanSvc => 2

MSCONFIG\Services: wlidsvc => 3

MSCONFIG\Services: wlpasvc => 3

MSCONFIG\Services: wmiApSrv => 3

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: workfolderssvc => 3

MSCONFIG\Services: WPDBusEnum => 3

MSCONFIG\Services: WpnService => 2

MSCONFIG\Services: wscsvc => 2

MSCONFIG\Services: WSearch => 2

MSCONFIG\Services: wuauserv => 3

MSCONFIG\Services: wudfsvc => 3

MSCONFIG\Services: WwanSvc => 3

MSCONFIG\Services: XblAuthManager => 3

MSCONFIG\Services: XblGameSave => 3

MSCONFIG\Services: XboxGipSvc => 3

MSCONFIG\Services: XboxNetApiSvc => 3

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKU\S-1-5-21-2305249498-4186968921-2790479869-1001\...\StartupApproved\Run: => "OneDriveSetup"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe

FirewallRules: [DeliveryOptimization-UDP-In] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [DeliveryOptimization-TCP-In] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [FPS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [FPS-SpoolSvc-In-TCP] => (Block) %SystemRoot%\system32\spoolsv.exe

FirewallRules: [FPS-SpoolSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\spoolsv.exe

FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-DAS-In-UDP] => (Block) %SystemRoot%\system32\dashost.exe

FirewallRules: [NETDIS-FDPHOST-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-SSDPSrv-In-UDP-Teredo] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-LLMNR-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Block) %SystemRoot%\system32\dashost.exe

FirewallRules: [NETDIS-FDPHOST-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [NETDIS-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe

FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe

FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe

FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe

FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe

FirewallRules: [WMP-In-UDP] => (Block) %ProgramFiles%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-In-UDP-x86] => (Block) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-In-TCP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [WMPNSS-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [WMPNSS-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [WMPNSS-In-TCP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-QWave-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [WMPNSS-QWave-In-UDP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteFwAdmin-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [RemoteFwAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [{4F0173BA-F4C8-41B6-845E-2999FEE1F95A}] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [{62F78A58-E53A-4908-8ECE-8E9FB7E0D54D}] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [{0746C33D-D7EE-42AE-AB4E-06F780EC795F}] => (Block) %SystemRoot%\system32\dashost.exe

FirewallRules: [{83D47052-CA59-4F01-9572-9D2640F1C2A7}] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [{6B20F175-526B-40FC-B0E8-E7D399A6A565}] => (Block) %SystemRoot%\system32\svchost.exe

FirewallRules: [{4D28BE1E-9160-45BE-8C1E-0695AA9CFFB4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

Check "winmgmt" service or repair WMI.

 

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft ACPI-Compliant Control Method Battery

Description: Microsoft ACPI-Compliant Control Method Battery

Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}

Manufacturer: Microsoft

Service: CmBatt

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Wireless Bluetooth®

Description: Intel® Wireless Bluetooth®

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Intel Corporation

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Root Print Queue

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family Thermal subsystem - A131

Description: Intel® 100 Series/C230 Series Chipset Family Thermal subsystem - A131

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: High Definition Audio Controller

Description: High Definition Audio Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HDAudBus

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Management Engine Interface 

Description: Intel® Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: NVIDIA GeForce GTX 960M

Description: NVIDIA GeForce GTX 960M

Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}

Manufacturer: NVIDIA

Service: nvlddmkm

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft Kernel Debug Network Adapter

Description: Microsoft Kernel Debug Network Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: kdnic

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Programmable interrupt controller

Description: Programmable interrupt controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft AC Adapter

Description: Microsoft AC Adapter

Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}

Manufacturer: Microsoft

Service: CmBatt

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Generic PnP Monitor

Description: Generic PnP Monitor

Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard monitor types)

Service: monitor

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family PMC - A121

Description: Intel® 100 Series/C230 Series Chipset Family PMC - A121

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Serial IO I2C Host Controller - A160

Description: Intel® Serial IO I2C Host Controller - A160

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: iaLPSS2i_I2C

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft GS Wavetable Synth

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: NDIS Virtual Network Adapter Enumerator

Description: NDIS Virtual Network Adapter Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisVirtualBus

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Legacy device

Description: Legacy device

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: System Firmware

Description: System Firmware

Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}

Manufacturer: Microsoft

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Integrated Webcam

Description: USB Video Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft System Management BIOS Driver

Description: Microsoft System Management BIOS Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: mssmbios

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Dual Band Wireless-AC 3165

Description: Intel® Dual Band Wireless-AC 3165

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: Netwtw04

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Remote Desktop Device Redirector Bus

Description: Remote Desktop Device Redirector Bus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: rdpbus

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family SMBus - A123

Description: Intel® 100 Series/C230 Series Chipset Family SMBus - A123

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® HD Graphics 530

Description: Intel® HD Graphics 530

Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: igfx

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/25/2017 09:33:25 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

 

Operation:

   Instantiating VSS server

 

Error: (09/25/2017 09:33:25 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

 

Operation:

   Instantiating VSS server

 

Error: (09/25/2017 09:30:06 PM) (Source: ESENT) (EventID: 454) (User: )

Description: qmgr.dll (1028) QmgrDatabaseInstance: Database recovery/restore failed with unexpected error -1032.

 

Error: (09/25/2017 09:30:06 PM) (Source: ESENT) (EventID: 490) (User: )

Description: qmgr.dll (1028) QmgrDatabaseInstance: An attempt to open the file "C:\ProgramData\Microsoft\Network\Downloader\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/25/2017 09:29:56 PM) (Source: ESENT) (EventID: 490) (User: )

Description: qmgr.dll (1028) QmgrDatabaseInstance: An attempt to open the file "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/25/2017 09:29:46 PM) (Source: ESENT) (EventID: 490) (User: )

Description: qmgr.dll (1028) QmgrDatabaseInstance: An attempt to open the file "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/25/2017 09:29:45 PM) (Source: ESENT) (EventID: 454) (User: )

Description: SearchIndexer (6504) Windows: Database recovery/restore failed with unexpected error -1032.

 

Error: (09/25/2017 09:29:45 PM) (Source: ESENT) (EventID: 490) (User: )

Description: SearchIndexer (6504) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/25/2017 09:29:36 PM) (Source: ESENT) (EventID: 490) (User: )

Description: qmgr.dll (1028) QmgrDatabaseInstance: An attempt to open the file "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/25/2017 09:29:35 PM) (Source: ESENT) (EventID: 490) (User: )

Description: SearchIndexer (6504) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

 

System errors:

=============

Error: (09/25/2017 09:31:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

 

Error: (09/25/2017 09:30:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CR75H3R)

Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

 

Error: (09/25/2017 09:30:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 

%%2388526088

 

Error: (09/25/2017 09:30:08 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)

Description: The BITS service failed to start.  Error 2388526088.

 

Error: (09/25/2017 09:29:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 50 time(s).

 

Error: (09/25/2017 09:29:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with the following service-specific error: 

%%2147749126

 

Error: (09/25/2017 09:29:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Diagnostic Policy Service service terminated with the following error: 

Access is denied.

 

Error: (09/25/2017 09:29:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

 

Error: (09/25/2017 09:28:37 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CR75H3R)

Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/25/2017 09:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz

Percentage of memory in use: 21%

Total physical RAM: 12130.46 MB

Available physical RAM: 9476.64 MB

Total Virtual: 12130.46 MB

Available Virtual: 9416.48 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.21 GB) (Free:442.82 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 16AC7F19)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


Edited by Cli7nt, 25 September 2017 - 11:37 PM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 26 September 2017 - 04:44 PM

Hi Clint.

 

All of those folders are legitimate. There are quite a number of disabled devices. Do you disable those?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 26 September 2017 - 11:27 PM

I disable as many devices related to remote users as I can but due to many of them not allowing me to disable or uninstall.  If you think I disabled quite a number of devices you'll be shocked to know there are 582 in total.


Music Is The Reason,

Clint Crisher
Los Angeles, CA

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 27 September 2017 - 09:03 AM

I am not concerned about the disabled devices as long as you are the one who did that.

I am not seeing any malware on your system.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 28 September 2017 - 02:32 PM

Well I did another scan in safe mode please take another look.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01

Ran by ABC7me (administrator) on PC-CR75H3R (28-09-2017 12:21:01)

Running from C:\Users\ABC7me\Downloads

Loaded Profiles: ABC7me (Available Profiles: ABC7me)

Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Safe Mode (minimal)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)

HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{43526c94-2ec6-475f-9599-4464f9a8bf1e}: [NameServer] 8.8.8.8,8.8.4.4

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

 

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [No File]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://www.bleepingcomputer.com/download/windows/

CHR StartupUrls: Default -> "hxxps://www.bleepingcomputer.com/download/windows/"

CHR DefaultSearchKeyword: Default -> lp

CHR Profile: C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]

CHR Extension: (Google Drive) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-28]

CHR Extension: (YouTube) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-28]

CHR Extension: (Avast Online Security) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-28]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]

CHR Extension: (Gmail) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-28]

CHR Extension: (Chrome Media Router) - C:\Users\ABC7me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

S2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1592064 2016-05-18] (Intel Corporation)

S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)

S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-09-28] (Microsoft Corporation)

S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)

S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-18] (Intel Corporation)

S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-18] (Intel Corporation)

S3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-18] (Intel Corporation)

S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [347912 2016-07-13] (Intel Corporation)

S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7626488 2017-03-09] (Intel Corporation)

S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_8b5e4d3ae5587a71\nvlddmkm.sys [14456944 2017-07-13] (NVIDIA Corporation)

S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [786680 2016-11-16] (Realsil Semiconductor Corporation)

S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-28 12:18 - 2017-09-28 12:18 - 000014063 _____ C:\Users\ABC7me\Downloads\Shortcut.txt

2017-09-28 12:16 - 2017-09-28 12:16 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job

2017-09-28 12:08 - 2017-09-28 12:08 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Google

2017-09-28 11:50 - 2017-09-28 11:50 - 000000000 __SHD C:\Users\ABC7me\IntelGraphicsProfiles

2017-09-28 11:50 - 2017-09-28 11:50 - 000000000 ____D C:\Users\ABC7me\AppData\Local\NVIDIA

2017-09-28 11:46 - 2017-09-02 08:15 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-09-28 11:46 - 2017-09-02 08:15 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-09-28 11:44 - 2017-09-28 11:44 - 000000000 ____D C:\Intel

2017-09-28 11:43 - 2017-09-28 11:49 - 000000000 ____D C:\Windows\CSC

2017-09-28 11:43 - 2017-09-28 11:43 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2017-09-28 11:43 - 2017-09-28 11:43 - 000000000 ___SD C:\Windows\system32\AppV

2017-09-28 11:43 - 2017-09-28 11:43 - 000000000 ____D C:\Windows\system32\MRT

2017-09-28 11:43 - 2017-09-28 11:43 - 000000000 ____D C:\Windows\RemotePackages

2017-09-28 11:43 - 2017-09-28 11:43 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2017-09-28 11:43 - 2017-09-28 10:47 - 000000000 ____D C:\Windows\Panther

2017-09-28 11:42 - 2017-09-28 11:42 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-09-28 11:40 - 2017-09-28 11:40 - 000018749 _____ C:\Users\ABC7me\Downloads\fixlist.txt

2017-09-28 11:39 - 2017-09-28 12:18 - 000025502 _____ C:\Users\ABC7me\Downloads\Addition.txt

2017-09-28 11:38 - 2017-09-28 12:21 - 000007603 _____ C:\Users\ABC7me\Downloads\FRST.txt

2017-09-28 11:38 - 2017-09-28 12:21 - 000000000 ____D C:\FRST

2017-09-28 11:38 - 2017-09-28 12:18 - 000077297 _____ C:\Users\ABC7me\Downloads\FRST-full.txt

2017-09-28 11:37 - 2017-09-28 11:37 - 002399744 _____ (Farbar) C:\Users\ABC7me\Downloads\FRST64.exe

2017-09-28 11:35 - 2017-09-28 11:35 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2017-09-28 11:35 - 2017-09-28 11:35 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VS Revo Group

2017-09-28 11:35 - 2017-09-28 11:35 - 000000000 ____D C:\Program Files\VS Revo Group

2017-09-28 11:35 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2017-09-28 11:30 - 2017-09-28 11:30 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-09-28 11:30 - 2017-03-18 13:59 - 000034774 _____ C:\Windows\Professional.xml

2017-09-28 11:28 - 2017-09-28 11:28 - 000002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2017-09-28 11:27 - 2017-09-28 11:50 - 000002372 _____ C:\Users\ABC7me\Desktop\Google Chrome.lnk

2017-09-28 11:27 - 2017-09-28 11:45 - 000000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2017-09-28 11:27 - 2017-09-28 11:45 - 000000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2017-09-28 11:27 - 2017-09-28 11:35 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Google

2017-09-28 11:27 - 2017-09-28 11:29 - 000000000 ____D C:\Program Files (x86)\Google

2017-09-28 11:27 - 2017-09-28 11:27 - 000003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-09-28 11:27 - 2017-09-28 11:27 - 000003756 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-09-28 11:27 - 2017-09-28 11:27 - 000000863 _____ C:\Users\ABC7me\Desktop\CCleaner.lnk

2017-09-28 11:27 - 2017-09-28 11:27 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2017-09-28 11:27 - 2017-09-28 11:27 - 000000000 ____D C:\Program Files\CCleaner

2017-09-28 11:25 - 2017-09-28 11:26 - 000000000 ____D C:\Users\ABC7me\AppData\Local\MicrosoftEdge

2017-09-28 11:16 - 2017-09-28 11:16 - 000000000 ____D C:\Windows\system32\RTCOM

2017-09-28 11:16 - 2017-09-28 11:16 - 000000000 ____D C:\Program Files (x86)\Realtek

2017-09-28 11:15 - 2017-09-28 11:16 - 000000000 ____D C:\Windows\SysWOW64\RTCOM

2017-09-28 11:15 - 2017-09-28 11:15 - 000000000 ____D C:\Windows\system32\SRSLabs

2017-09-28 11:15 - 2017-09-28 11:15 - 000000000 ____D C:\Program Files\Waves

2017-09-28 11:15 - 2017-09-28 11:15 - 000000000 ____D C:\Program Files\Realtek

2017-09-28 11:14 - 2017-09-28 11:14 - 000000000 ____D C:\Windows\SysWOW64\sda

2017-09-28 11:14 - 2017-05-01 13:51 - 000548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2017-09-28 11:14 - 2017-05-01 13:51 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2017-09-28 11:13 - 2017-05-01 13:52 - 000001951 _____ C:\Windows\NvContainerRecovery.bat

2017-09-28 11:11 - 2017-09-28 11:11 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Comms

2017-09-28 11:10 - 2017-05-01 13:51 - 006437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-09-28 11:10 - 2017-05-01 13:51 - 002479552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-09-28 11:10 - 2017-05-01 13:51 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-09-28 11:10 - 2017-05-01 13:51 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-09-28 11:10 - 2017-05-01 13:51 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-09-28 11:10 - 2017-04-25 14:11 - 007944687 _____ C:\Windows\system32\nvcoproc.bin

2017-09-28 11:09 - 2017-09-28 11:14 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2017-09-28 11:09 - 2017-09-28 11:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-09-28 11:08 - 2017-09-28 11:08 - 000000000 ____D C:\Windows\system32\Intel

2017-09-28 11:05 - 2017-09-28 11:30 - 000027136 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll

2017-09-28 11:05 - 2017-09-28 11:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT

2017-09-28 11:05 - 2017-09-28 11:07 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin

2017-09-28 11:05 - 2017-09-28 11:05 - 000000000 ____D C:\Program Files\Intel

2017-09-28 11:05 - 2017-09-28 11:05 - 000000000 ____D C:\Program Files (x86)\Intel

2017-09-28 11:05 - 2017-05-03 03:26 - 000113664 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL

2017-09-28 11:05 - 2016-11-22 17:23 - 000271648 _____ C:\Windows\SysWOW64\vulkan-1.dll

2017-09-28 11:05 - 2016-11-22 17:23 - 000110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2017-09-28 11:05 - 2016-11-22 17:22 - 000265504 _____ C:\Windows\system32\vulkan-1.dll

2017-09-28 11:05 - 2016-11-22 17:22 - 000125216 _____ C:\Windows\system32\vulkaninfo.exe

2017-09-28 11:04 - 2017-09-28 11:04 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Macromedia

2017-09-28 11:01 - 2017-09-28 11:01 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ElevatedDiagnostics

2017-09-28 10:54 - 2017-09-28 12:19 - 000923962 _____ C:\Windows\system32\PerfStringBackup.INI

2017-09-28 10:54 - 2017-09-28 10:54 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Publishers

2017-09-28 10:53 - 2017-09-28 11:50 - 000000000 ____D C:\Users\ABC7me\AppData\Local\Packages

2017-09-28 10:53 - 2017-09-28 11:50 - 000000000 ____D C:\Users\ABC7me

2017-09-28 10:53 - 2017-09-28 11:30 - 000000000 __RHD C:\Users\ABC7me\AccountPictures

2017-09-28 10:53 - 2017-09-28 11:10 - 000000000 ____D C:\Users\ABC7me\AppData\Local\ConnectedDevicesPlatform

2017-09-28 10:53 - 2017-09-28 10:53 - 000000020 ___SH C:\Users\ABC7me\ntuser.ini

2017-09-28 10:53 - 2017-09-28 10:53 - 000000000 ____D C:\Users\ABC7me\AppData\Roaming\Adobe

2017-09-28 10:53 - 2017-09-28 10:53 - 000000000 ____D C:\Users\ABC7me\AppData\Local\VirtualStore

2017-09-28 10:53 - 2017-09-28 10:53 - 000000000 ____D C:\Users\ABC7me\AppData\Local\TileDataLayer

2017-09-28 10:52 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2017-09-28 10:44 - 2017-09-28 12:15 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT

2017-09-28 10:44 - 2017-09-28 12:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-09-28 10:44 - 2017-09-28 10:44 - 000000000 ____D C:\Windows\system32\SleepStudy

2017-09-28 10:44 - 2017-09-28 10:44 - 000000000 ____D C:\Windows\ServiceProfiles

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-09-28 12:14 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-09-28 12:14 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness

2017-09-28 12:14 - 2017-03-18 04:40 - 000262144 _____ C:\Windows\system32\config\BBI

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\SystemApps

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\setup

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\security

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\schemas

2017-09-28 11:43 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\PolicyDefinitions

2017-09-28 11:43 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF

2017-09-28 11:43 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp

2017-09-28 11:42 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2017-09-28 11:29 - 2017-03-18 13:59 - 002194944 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 001317888 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 001197056 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 001141760 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000804864 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000793600 _____ (Microsoft Corporation) C:\Windows\system32\pwcreator.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000785920 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000751616 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000664576 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000637440 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000548864 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000546304 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000325120 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ConfigWrapper.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000287744 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ManagedEventLogging.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000282112 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000280064 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\srmstormod.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000230816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys

2017-09-28 11:29 - 2017-03-18 13:59 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\appvetwsharedperformance.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\AppvClientEventLog.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CmUtil.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\srmshell.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000147439 _____ C:\Windows\system32\gpedit.msc

2017-09-28 11:29 - 2017-03-18 13:59 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\IoTAssignedAccessLockFramework.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000106496 _____ C:\Windows\system32\RDVGHelper.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizardElev.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizard.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessCsp.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000091136 _____ C:\Windows\system32\hvsigpext.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\PackageInspector.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncController.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mssecuser.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppCore.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditPolicyGPInterop.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CabUtil.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.EventLogMessages.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000043566 _____ C:\Windows\system32\rsop.msc

2017-09-28 11:29 - 2017-03-18 13:59 - 000042400 _____ (Microsoft Corporation) C:\Windows\system32\EmbeddedAppLauncherConfig.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\UevAgentPolicyGenerator.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000040344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UevAgentDriver.sys

2017-09-28 11:29 - 2017-03-18 13:59 - 000037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000030720 _____ C:\Windows\system32\LockdownUtil.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\lstelemetry.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Win32_DeviceGuard.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.WmiAccess.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppData.WinRT.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncCommon.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.WinRT.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.LocalSyncProvider.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\change.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\query.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernSync.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateBaselineGenerator.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AgentDriverEvents.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateConfigItemGenerator.exe

2017-09-28 11:29 - 2017-03-18 13:59 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SmbSyncProvider.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.MonitorSyncProvider.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncConditions.dll

2017-09-28 11:29 - 2017-03-18 13:59 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.SecureAssessment.Diagnostics.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000800256 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000718848 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000413184 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe

2017-09-28 11:28 - 2017-03-18 13:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe

2017-09-28 11:28 - 2017-03-18 13:59 - 000289280 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\ddpchunk.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000196096 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgmts.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000147439 _____ C:\Windows\SysWOW64\gpedit.msc

2017-09-28 11:28 - 2017-03-18 13:59 - 000146389 _____ C:\Windows\system32\printmanagement.msc

2017-09-28 11:28 - 2017-03-18 13:59 - 000139264 ____R (Microsoft Corporation) C:\Windows\system32\SecureAssessmentHandlers.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe

2017-09-28 11:28 - 2017-03-18 13:59 - 000120458 _____ C:\Windows\system32\secpol.msc

2017-09-28 11:28 - 2017-03-18 13:59 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000096256 ____R (Microsoft Corporation) C:\Windows\system32\Windows.Management.SecureAssessment.CfgProvider.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000090112 _____ C:\Windows\system32\hvsievaluator.exe

2017-09-28 11:28 - 2017-03-18 13:59 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppVMgmtCSP.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\dggpext.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\windowsdefenderapplicationguardcsp.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe

2017-09-28 11:28 - 2017-03-18 13:59 - 000043566 _____ C:\Windows\SysWOW64\rsop.msc

2017-09-28 11:28 - 2017-03-18 13:59 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\CIWmi.dll

2017-09-28 11:28 - 2017-03-18 13:59 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\TSErrRedir.dll

2017-09-28 11:28 - 2017-03-18 13:56 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys

2017-09-28 11:27 - 2017-03-18 13:59 - 002376096 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 001955328 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 001624480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgogl32.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys

2017-09-28 11:27 - 2017-03-18 13:59 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000457216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000222720 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgocl32.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe

2017-09-28 11:27 - 2017-03-18 13:59 - 000154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgu1132.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\AppManagementConfiguration.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000143264 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppManagementConfiguration.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgumd32.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe

2017-09-28 11:27 - 2017-03-18 13:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2010CustomActions.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistAD.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000040864 _____ (Microsoft Corporation) C:\Windows\system32\EmbeddedAppLauncherConfig.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll

2017-09-28 11:27 - 2017-03-18 13:59 - 000024992 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe

2017-09-28 11:27 - 2017-03-18 13:59 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll

2017-09-28 11:14 - 2017-03-18 13:59 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\PrintBrmUi.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 002228128 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 001839520 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 001693600 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 001516448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 001452960 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 001100704 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000992672 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000846752 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000844704 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000844192 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000774560 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000699296 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000672672 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000506784 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000399264 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000264608 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000235424 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000232352 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000203672 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000186272 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000184224 _____ (Microsoft Corporation) C:\Windows\system32\mavinject.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000173984 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000161696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppvVemgr.sys

2017-09-28 11:11 - 2017-03-18 13:59 - 000149920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mavinject.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000143776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppvVfs.sys

2017-09-28 11:11 - 2017-03-18 13:59 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\appvetwclientres.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000127904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppVStrm.sys

2017-09-28 11:11 - 2017-03-18 13:59 - 000077216 _____ (Microsoft Corporation) C:\Windows\system32\SyncAppvPublishingServer.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000041376 _____ (Microsoft Corporation) C:\Windows\system32\AppVClientPS.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000027040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVClientPS.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000021920 _____ (Microsoft Corporation) C:\Windows\system32\ScriptRunner.exe

2017-09-28 11:11 - 2017-03-18 13:59 - 000019872 _____ (Microsoft Corporation) C:\Windows\system32\AppVTerminator.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000018336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVTerminator.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000015264 _____ (Microsoft Corporation) C:\Windows\system32\AppVSentinel.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\appvetwstreamingux.dll

2017-09-28 11:11 - 2017-03-18 13:59 - 000013728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVSentinel.dll

2017-09-28 11:10 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help

2017-09-28 11:01 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF

2017-09-28 10:52 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase

2017-09-28 10:52 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\rescache

2017-09-28 10:47 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep

2017-09-28 10:45 - 2017-03-18 19:32 - 000000000 ____D C:\Windows\HoloShell

2017-09-28 10:45 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog

2017-09-28 10:45 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView

2017-09-28 10:45 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2017-09-28 10:45 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys

[2017-03-18 13:57] - [2017-03-18 13:57] - 000397216 _____ (Microsoft Corporation) E3429DBBEA3965BB96E24B16EF4A2551

 

 

LastRegBack: 2017-09-28 10:44

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01

Ran by ABC7me (28-09-2017 12:21:17)

Running from C:\Users\ABC7me\Downloads

Windows 10 Pro Version 1703 (X64) (2017-09-28 17:50:44)

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

==================== Accounts: =============================

 

ABC7me (S-1-5-21-841547472-933736063-1421431403-1001 - Administrator - Enabled) => C:\Users\ABC7me

Administrator (S-1-5-21-841547472-933736063-1421431403-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-841547472-933736063-1421431403-503 - Limited - Disabled)

Guest (S-1-5-21-841547472-933736063-1421431403-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden

NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\k121794.inf_amd64_77ca52d6d16e3dc0\igfxDTCM.dll [2017-05-03] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {2CB2DD26-0335-4799-A3BB-AF04BA46B770} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)

Task: {733A276C-0421-4120-BD1F-ABC293D35C74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {88611D46-CDE2-4C63-BD36-AB8C989519AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll

2017-03-18 13:59 - 2017-03-18 19:32 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-841547472-933736063-1421431403-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ABC7me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\Services: lfsvc => 3

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"

HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"

HKLM\...\StartupApproved\Run: => "NvBackend"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run: => "WavesSvc"

HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"

HKU\S-1-5-21-841547472-933736063-1421431403-1001\...\StartupApproved\Run: => "OneDriveSetup"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{70E9EE61-BCD3-4FF0-9C97-4FE4AA699D44}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

28-09-2017 11:34:52 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft ACPI-Compliant Control Method Battery

Description: Microsoft ACPI-Compliant Control Method Battery

Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}

Manufacturer: Microsoft

Service: CmBatt

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family Thermal subsystem - A131

Description: Intel® 100 Series/C230 Series Chipset Family Thermal subsystem - A131

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Management Engine Interface 

Description: Intel® Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Airplane Mode Switch Collection

Description: Airplane Mode Switch Collection

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: Dell Inc

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft Input Configuration Device

Description: Microsoft Input Configuration Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: Microsoft

Service: MTConfig

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HID-compliant mouse

Description: HID-compliant mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: mouhid

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft Kernel Debug Network Adapter

Description: Microsoft Kernel Debug Network Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: kdnic

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Programmable interrupt controller

Description: Programmable interrupt controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Microsoft AC Adapter

Description: Microsoft AC Adapter

Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}

Manufacturer: Microsoft

Service: CmBatt

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Realtek PCIE CardReader

Description: Realtek PCIE CardReader

Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek Semiconduct Corp.

Service: RTSPER

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family PMC - A121

Description: Intel® 100 Series/C230 Series Chipset Family PMC - A121

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: System Firmware

Description: System Firmware

Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}

Manufacturer: Microsoft

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Integrated Webcam

Description: USB Video Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Remote Desktop Device Redirector Bus

Description: Remote Desktop Device Redirector Bus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: rdpbus

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® 100 Series/C230 Series Chipset Family SMBus - A123

Description: Intel® 100 Series/C230 Series Chipset Family SMBus - A123

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/28/2017 12:14:31 PM) (Source: ESENT) (EventID: 104) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: The database engine stopped the instance (0) with error (-1032).

 

 

 

Internal Timing Sequence: 

[1] 0.000001 +J(0)

[2] 0.000003 +J(0)

[3] 0.000001 +J(0)

[4] 0.000001 +J(0)

[5] 10.011111 +J(0) +M(C:0K, Fs:16, WS:-32K # 0K, PF:-48K # 0K, P:-48K)

[6] 0.000010 +J(0)

[7] -

[8] 0.000003 +J(0)

[9] 0.000032 +J(0)

[10] -

[11] 0.000005 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)

[12] -

[13] 0.000036 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)

[14] 0.000527 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)

[15] 0.000010 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-12K # 0K, P:-12K)

[16] 0.000002 +J(0).

 

Error: (09/28/2017 12:14:31 PM) (Source: ESENT) (EventID: 439) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: Unable to write a shadowed header for file C:\Users\ABC7me\AppData\Local\TileDataLayer\Database\EDB.chk. Error -1032.

 

Error: (09/28/2017 12:14:31 PM) (Source: ESENT) (EventID: 490) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: An attempt to open the file "C:\Users\ABC7me\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/28/2017 12:13:35 PM) (Source: ESENT) (EventID: 439) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: Unable to write a shadowed header for file C:\Users\ABC7me\AppData\Local\TileDataLayer\Database\EDB.chk. Error -1032.

 

Error: (09/28/2017 12:13:35 PM) (Source: ESENT) (EventID: 490) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: An attempt to open the file "C:\Users\ABC7me\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (09/28/2017 12:11:42 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 1482065 ms

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\WIPolicyActiveRelationshipTableChanged.cpp @ line 52

Executing Function:  WIPolicyActiveRelationshipTableChanged::execute

Message:  Unhandled exception caught during execution of work item

Framework Event:  PolicyActiveRelationshipTableChanged [44]

Policy:  Active Policy [0]

Exception Function:  Policy::executePolicyActiveRelationshipTableChanged

Exception Text:  

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457

Executing Function:  EsifServices::primitiveExecuteGet

Message:  Error returned from ESIF services interface function call

Participant:  NoParticipant

Domain:  NoDomain

ESIF Primitive:  GET_ACTIVE_RELATIONSHIP_TABLE [89]

ESIF Instance:  255

ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

 

Error: (09/28/2017 12:11:42 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 1482061 ms

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\WIPolicyActiveRelationshipTableChanged.cpp @ line 52

Executing Function:  WIPolicyActiveRelationshipTableChanged::execute

Message:  Unhandled exception caught during execution of work item

Framework Event:  PolicyActiveRelationshipTableChanged [44]

Policy:  Active Policy [0]

Exception Function:  Policy::executePolicyActiveRelationshipTableChanged

Exception Text:  

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457

Executing Function:  EsifServices::primitiveExecuteGet

Message:  Error returned from ESIF services interface function call

Participant:  NoParticipant

Domain:  NoDomain

ESIF Primitive:  GET_ACTIVE_RELATIONSHIP_TABLE [89]

ESIF Instance:  255

ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

 

Error: (09/28/2017 12:11:41 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 1481104 ms

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\WIPolicyActiveRelationshipTableChanged.cpp @ line 52

Executing Function:  WIPolicyActiveRelationshipTableChanged::execute

Message:  Unhandled exception caught during execution of work item

Framework Event:  PolicyActiveRelationshipTableChanged [44]

Policy:  Active Policy [0]

Exception Function:  Policy::executePolicyActiveRelationshipTableChanged

Exception Text:  

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457

Executing Function:  EsifServices::primitiveExecuteGet

Message:  Error returned from ESIF services interface function call

Participant:  NoParticipant

Domain:  NoDomain

ESIF Primitive:  GET_ACTIVE_RELATIONSHIP_TABLE [89]

ESIF Instance:  255

ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

 

Error: (09/28/2017 12:11:41 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 1481100 ms

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\WIPolicyActiveRelationshipTableChanged.cpp @ line 52

Executing Function:  WIPolicyActiveRelationshipTableChanged::execute

Message:  Unhandled exception caught during execution of work item

Framework Event:  PolicyActiveRelationshipTableChanged [44]

Policy:  Active Policy [0]

Exception Function:  Policy::executePolicyActiveRelationshipTableChanged

Exception Text:  

 

DPTF Build Version:  8.2.10900.330

DPTF Build Date:  May 16 2016 11:32:37

Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457

Executing Function:  EsifServices::primitiveExecuteGet

Message:  Error returned from ESIF services interface function call

Participant:  NoParticipant

Domain:  NoDomain

ESIF Primitive:  GET_ACTIVE_RELATIONSHIP_TABLE [89]

ESIF Instance:  255

ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

 

Error: (09/28/2017 12:07:13 PM) (Source: ESENT) (EventID: 439) (User: )

Description: svchost (2972) TILEREPOSITORYS-1-5-21-841547472-933736063-1421431403-1001: Unable to write a shadowed header for file C:\Users\ABC7me\AppData\Local\TileDataLayer\Database\EDB.chk. Error -1032.

 

 

System errors:

=============

Error: (09/28/2017 12:21:17 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:17 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:17 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:17 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:17 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (09/28/2017 12:21:05 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:05 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:02 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:02 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (09/28/2017 12:21:02 PM) (Source: DCOM) (EventID: 10005) (User: PC-CR75H3R)

Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:

{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz

Percentage of memory in use: 9%

Total physical RAM: 12130.46 MB

Available physical RAM: 10959.62 MB

Total Virtual: 12130.46 MB

Available Virtual: 11057.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.21 GB) (Free:430.83 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 1E073421)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


Music Is The Reason,

Clint Crisher
Los Angeles, CA

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 28 September 2017 - 03:53 PM

Greetings.

Your computer is still clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 29 September 2017 - 01:04 PM

Ok so the problem is that the frst64.exe file according superantispyware has unsigned digital signature and was edited after download?

See screenshot

Attached File  Screenshot.png   295.46KB   1 downloads


Edited by Cli7nt, 29 September 2017 - 01:44 PM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 30 September 2017 - 09:07 AM

That is a false positive. FRST is an unsigned file and it was not modified during download. It is flagged because of its intrusiveness (intrusive in a good way). Scanning programs may identify certain files because they meet pre-identified program criteria. They don't necessarily conclude a program is bad, just that they meet a certain level criteria of intrusiveness and as a result they throw up a red flag.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 01 October 2017 - 10:15 AM

Well my laptop is still running all sorts of remote tasks and actions so I did the Bitdefender Rescue CD and here is what it found (It said the boot drive was not repaired. Also see the attached report from HitManPro as the results show many hacking utilities programs.

 

Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/bthudtask.exe' is infected with 'Gen:Variant.Strictor.58214'

 

Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/iexpress.exe' is infected with 'Gen:Trojan.Heur.FU.ju0@au!Tqpdi'

 

Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/proquota.exe' is infected with 'Gen:Variant.Strictor.83393'

 

Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/cttune.exe' is infected with 'Gen:Variant.Strictor.83319'

 

Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.15063.0_none_8081c377425d8edd/bthudtask.exe' is infected with 'Gen:Variant.Strictor.58214'

 

Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-cttune_31bf3856ad364e35_10.0.15063.0_none_6879ca273ef6607d/cttune.exe' is infected with 'Gen:Variant.Strictor.83319'

 

Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_4d62956f29fd17e9/iexpress.exe' is infected with 'Gen:Trojan.Heur.FU.ju0@au!Tqpdi'

 

Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_dcbc358d12d6701b/proquota.exe' is infected with 'Gen:Variant.Strictor.83393'

Attached Files


Edited by Cli7nt, 01 October 2017 - 01:49 PM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 01 October 2017 - 03:36 PM

Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
bthudtask.exe;iexpress.exe;proquota.exe;cttune.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:10:29 AM

Posted 02 October 2017 - 06:48 PM

Farbar Recovery Scan Tool (x64) Version: 01-10-2017

Ran by ABC7me (02-10-2017 16:45:05)

Running from C:\Users\ABC7me\Desktop

Boot Mode: Normal

 

================== Search Files: "bthudtask.exe;iexpress.exe;proquota.exe;cttune.exe" =============

 

C:\Windows\WinSxS\x86_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_dcbc358d12d6701b\proquota.exe

[2017-03-18 13:58][2017-03-18 13:58] 000031232 _____ (Microsoft Corporation) 56828B956CCB33F53D61FBEF40C10449 [File is digitally signed]

 

C:\Windows\WinSxS\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_4d62956f29fd17e9\iexpress.exe

[2017-03-18 13:59][2017-03-18 13:59] 000152064 _____ (Microsoft Corporation) 45CD093C9076C51BDBCA9899C7315D1C [File is digitally signed]

 

C:\Windows\WinSxS\x86_microsoft-windows-cttune_31bf3856ad364e35_10.0.15063.0_none_6879ca273ef6607d\cttune.exe

[2017-03-18 13:58][2017-03-18 13:58] 000312320 _____ (Microsoft Corporation) 2A19A23BE77A673577A3FEA6EADEAC86 [File is digitally signed]

 

C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.15063.0_none_8081c377425d8edd\bthudtask.exe

[2017-03-18 13:58][2017-03-18 13:58] 000037888 _____ (Microsoft Corporation) C0890FCE30B94297064CF13307CF759D [File is digitally signed]

 

C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe

[2017-03-18 13:57][2017-03-18 13:57] 000034304 _____ (Microsoft Corporation) AEF43B9AE30E6ED6E2A7CF33EB658542 [File is digitally signed]

 

C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe

[2017-03-18 13:56][2017-03-18 13:56] 000167424 _____ (Microsoft Corporation) 673B6274252DEC0BAB375E9FB2D8DD5B [File is digitally signed]

 

C:\Windows\WinSxS\amd64_microsoft-windows-cttune_31bf3856ad364e35_10.0.15063.0_none_c49865aaf753d1b3\cttune.exe

[2017-03-18 13:58][2017-03-18 13:58] 000325120 _____ (Microsoft Corporation) 887390CD049AEDAE8C83DF04C85CB20D [File is digitally signed]

 

C:\Windows\WinSxS\amd64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.15063.0_none_762d19250dfccce2\bthudtask.exe

[2017-03-18 13:57][2017-03-18 13:57] 000040448 _____ (Microsoft Corporation) CFCD868C869A22D5869E0FEC5B28AC5C [File is digitally signed]

 

C:\Windows\SysWOW64\bthudtask.exe

[2017-03-18 13:58][2017-03-18 13:58] 000037888 _____ (Microsoft Corporation) C0890FCE30B94297064CF13307CF759D [File is digitally signed]

 

C:\Windows\SysWOW64\cttune.exe

[2017-03-18 13:58][2017-03-18 13:58] 000312320 _____ (Microsoft Corporation) 2A19A23BE77A673577A3FEA6EADEAC86 [File is digitally signed]

 

C:\Windows\SysWOW64\iexpress.exe

[2017-03-18 13:59][2017-03-18 13:59] 000152064 _____ (Microsoft Corporation) 45CD093C9076C51BDBCA9899C7315D1C [File is digitally signed]

 

C:\Windows\SysWOW64\proquota.exe

[2017-03-18 13:58][2017-03-18 13:58] 000031232 _____ (Microsoft Corporation) 56828B956CCB33F53D61FBEF40C10449 [File is digitally signed]

 

C:\Windows\System32\bthudtask.exe

[2017-03-18 13:57][2017-03-18 13:57] 000040448 _____ (Microsoft Corporation) CFCD868C869A22D5869E0FEC5B28AC5C [File is digitally signed]

 

C:\Windows\System32\cttune.exe

[2017-03-18 13:58][2017-03-18 13:58] 000325120 _____ (Microsoft Corporation) 887390CD049AEDAE8C83DF04C85CB20D [File is digitally signed]

 

C:\Windows\System32\iexpress.exe

[2017-03-18 13:56][2017-03-18 13:56] 000167424 _____ (Microsoft Corporation) 673B6274252DEC0BAB375E9FB2D8DD5B [File is digitally signed]

 

C:\Windows\System32\proquota.exe

[2017-03-18 13:57][2017-03-18 13:57] 000034304 _____ (Microsoft Corporation) AEF43B9AE30E6ED6E2A7CF33EB658542 [File is digitally signed]

 

====== End of Search ======


Music Is The Reason,

Clint Crisher
Los Angeles, CA

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 02 October 2017 - 07:42 PM

Greetings Clint.

I ran this for a purpose. Every one of those files are digitally signed, meaning they are valid and not malicious. Now look at what you believe indicates an infection on your computer. In reality this report is flagging entries located on your livecd.
 

Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/bthudtask.exe' is infected with 'Gen:Variant.Strictor.58214'
Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/iexpress.exe' is infected with 'Gen:Trojan.Heur.FU.ju0@au!Tqpdi'
Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/proquota.exe' is infected with 'Gen:Variant.Strictor.83393'
Object '/run/media/livecd/WIN10PRO/Windows/SysWOW64/cttune.exe' is infected with 'Gen:Variant.Strictor.83319'
Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.15063.0_none_8081c377425d8edd/bthudtask.exe' is infected with 'Gen:Variant.Strictor.58214'
Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-cttune_31bf3856ad364e35_10.0.15063.0_none_6879ca273ef6607d/cttune.exe' is infected with 'Gen:Variant.Strictor.83319'
Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_4d62956f29fd17e9/iexpress.exe' is infected with 'Gen:Trojan.Heur.FU.ju0@au!Tqpdi'
Object '/run/media/livecd/WIN10PRO/Windows/WinSxS/x86_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_dcbc358d12d6701b/proquota.exe' is infected with 'Gen:Variant.Strictor.83393'


At the risk of seeming to be unkind, which is not my intention at all, it seems like you are looking for something that is simply not there. Your computer is still clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users