Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox browser screen turns black during use


  • This topic is locked This topic is locked
12 replies to this topic

#1 Breakfix

Breakfix

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 November 2017 - 08:10 PM

Hi. Recently I have noticed that the performance of browsing web pages has become very slow. This is especially the case when using Youtube. I have not experienced this issue before with this laptop. On youtube when i click on any video it takes about 5 seconds before the browser decides to act and open the link. Then when the link is open it takes another 5 seconds to begin loading the page, and then I have to wait for the page to load. In past this use to be fast i didnt have to wait. I have also noticed that when i click on a youtube video and I'm waiting for the page to open I am unable to click on anything else whether inside or outside the browser. So it doesnt seem to be a broadband speed issue. I also use an ipad and I do not have this poor performance with the ipad. i am only having this issue with my laptop. Today as I was browsing a youtube video my entire firefox browser turned black. I tried to open a new tab to my home page (www.google.co.uk) and that too was completely black. I took a screenshot. I closed down the browser and opened it up again and it opened in google and everything seemed fine. Then about an hour later as i was in youtube I got another black screen. Now I am begining to think that I have an virus infection. Please can you help. Thank you.

 

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by raidb (administrator) on MSI (26-11-2017 00:53:48)
Running from C:\Users\raidb\Desktop\Bleeping Computer
Loaded Profiles: raidb & postgres (Available Profiles: raidb & postgres)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\ns.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
() C:\Program Files (x86)\SCM\SCM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1710.2791.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DonationCoder) D:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-08-24] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217016 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-02] (ESET)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2015-06-11] (SteelSeries ApS)
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-355355189-1155878267-3734476988-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-10-30]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{20cdb71d-77a3-4957-b354-1ee54cfc8381}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{71c3a377-5565-4acd-bdbc-0c64e37e2c6e}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oem15.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> {D6BC96D7-D4B3-450D-A826-D9E852B69612} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-06] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File

FireFox:
========
FF DefaultProfile: 88s9cv5w.default
FF ProfilePath: C:\Users\raidb\AppData\Roaming\Mozilla\Firefox\Profiles\88s9cv5w.default [2017-11-26]
FF Homepage: Mozilla\Firefox\Profiles\88s9cv5w.default -> www.google.co.uk
FF Extension: (Avira Browser Safety) - C:\Users\raidb\AppData\Roaming\Mozilla\Firefox\Profiles\88s9cv5w.default\Extensions\abs@avira.com.xpi [2017-10-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-06] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (Rapport) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-05-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-13]
CHR Extension: (Avira Browser Safety) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-13]
CHR Extension: (Norton Identity Safe) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\raidb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-355355189-1155878267-3734476988-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [595048 2015-09-11] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-02] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [444928 2015-08-10] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-07-15] (Micro-Star International Co., Ltd.) [File not signed]
R2 MsiTrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [313392 2017-08-10] (Novawave Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\NS.exe [326144 2017-11-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-02] (PostgreSQL Global Development Group) [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2017-10-05] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279104 2017-05-16] (Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1770136 2015-08-04] (Intel Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [117296 2015-07-30] (Rivet Networks, LLC.)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.1.7\Definitions\BASHDefs\20161208.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\160B020.007\ccSetx64.sys [187544 2017-11-10] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-02] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-10-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-10-09] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.1.7\Definitions\IPSDefs\20161208.005\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-12] (Windows ® Win 7 DDK provider)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-25] (Malwarebytes)
R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriver.sys [26976 2017-03-30] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-09-11] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\WINDOWS\System32\drivers\SAlphabt64.sys [31232 2014-10-08] (SteelSeries Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation)
S3 SAlphaPS2; C:\WINDOWS\System32\drivers\SAlphaPS264.sys [27520 2014-10-08] (SteelSeries Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-09-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-09-14] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\160B020.007\SRTSP64.SYS [812696 2017-11-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\160B020.007\SRTSPX64.SYS [49304 2017-11-10] (Symantec Corporation)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-10-10] (SteelSeries ApS)
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38688 2017-06-02] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-10] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NSx64\160B020.007\SymELAM.sys [24608 2017-11-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102600 2017-11-20] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\160B020.007\Ironx64.SYS [309984 2017-11-10] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\160B020.007\SYMNETS.SYS [566936 2017-11-10] (Symantec Corporation)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-04-16] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 00:52 - 2017-11-26 00:53 - 000000000 ____D C:\Users\raidb\Desktop\Bleeping Computer
2017-11-26 00:00 - 2017-11-26 00:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-11-25 22:13 - 2017-11-25 22:13 - 000002026 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-11-25 22:13 - 2017-11-25 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-25 22:13 - 2017-11-25 22:13 - 000000000 ____D C:\ProgramData\ESET
2017-11-25 22:03 - 2017-11-25 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-25 22:02 - 2017-11-25 22:03 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-25 20:45 - 2017-11-25 20:45 - 000003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-11-25 20:43 - 2017-11-25 20:43 - 000408808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-21 19:37 - 2017-11-21 21:44 - 000011112 _____ C:\Users\raidb\Desktop\English Indices of Deprivation by postcode.xlsx
2017-11-20 16:59 - 2017-11-20 16:59 - 000000000 ____D C:\Users\raidb\tox
2017-11-20 16:57 - 2017-11-20 19:08 - 000000000 ____D C:\Users\raidb\AppData\Roaming\tox
2017-11-20 16:38 - 2017-11-20 16:38 - 000000000 ____D C:\Users\raidb\AppData\Local\PlaceholderTileLogoFolder
2017-11-15 13:22 - 2017-10-25 09:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-15 13:22 - 2017-10-25 09:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-15 13:22 - 2017-10-25 09:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-15 13:22 - 2017-10-25 08:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-15 13:22 - 2017-10-25 08:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-15 13:22 - 2017-10-25 08:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-15 13:22 - 2017-10-25 04:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-15 13:22 - 2017-10-25 04:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 13:22 - 2017-10-25 04:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 13:22 - 2017-10-25 04:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-15 13:22 - 2017-10-25 04:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 13:22 - 2017-10-25 04:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 13:22 - 2017-10-25 04:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 13:22 - 2017-10-25 04:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 13:22 - 2017-10-25 04:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-15 13:22 - 2017-10-25 04:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 13:22 - 2017-10-25 04:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 13:22 - 2017-10-25 04:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-15 13:22 - 2017-10-25 04:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-15 13:22 - 2017-10-25 04:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-15 13:22 - 2017-10-25 04:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-15 13:22 - 2017-10-25 04:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-15 13:22 - 2017-10-25 04:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-15 13:22 - 2017-10-25 04:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-15 13:22 - 2017-10-25 04:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 13:22 - 2017-10-25 04:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-15 13:22 - 2017-10-25 04:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-15 13:22 - 2017-10-25 04:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-15 13:22 - 2017-10-25 04:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-15 13:22 - 2017-10-25 03:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 13:22 - 2017-10-25 03:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 13:22 - 2017-10-25 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-15 13:22 - 2017-10-25 03:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-15 13:22 - 2017-10-25 03:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-15 13:22 - 2017-10-25 03:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-15 13:22 - 2017-10-25 03:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-15 13:22 - 2017-10-25 03:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-15 13:22 - 2017-10-25 03:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-15 13:22 - 2017-10-25 03:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-15 13:22 - 2017-10-25 03:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 13:22 - 2017-10-25 03:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-15 13:22 - 2017-10-25 03:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 13:22 - 2017-10-25 03:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-15 13:22 - 2017-10-25 03:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-15 13:22 - 2017-10-25 03:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-15 13:22 - 2017-10-25 03:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 13:22 - 2017-10-25 03:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-15 13:22 - 2017-10-25 03:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 13:22 - 2017-10-25 03:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-15 13:22 - 2017-10-25 03:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 13:22 - 2017-10-25 03:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-15 13:22 - 2017-10-25 03:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-15 13:22 - 2017-10-25 03:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 13:22 - 2017-10-25 03:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 13:22 - 2017-10-25 03:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 13:22 - 2017-10-25 03:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-15 13:22 - 2017-10-25 03:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-15 13:22 - 2017-10-25 03:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 13:22 - 2017-10-25 03:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-15 13:22 - 2017-10-25 03:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 13:22 - 2017-10-25 03:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 13:22 - 2017-10-25 03:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 13:22 - 2017-10-25 03:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 13:22 - 2017-10-25 03:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-15 13:22 - 2017-10-25 03:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-15 13:22 - 2017-10-25 03:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-15 13:22 - 2017-10-25 03:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 13:22 - 2017-10-25 03:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-15 13:22 - 2017-10-25 03:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-15 13:22 - 2017-10-25 03:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-15 13:22 - 2017-10-25 03:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 13:22 - 2017-10-25 03:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 13:22 - 2017-10-25 03:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 13:22 - 2017-10-25 03:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 13:22 - 2017-10-25 02:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 13:22 - 2017-10-25 02:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 13:22 - 2017-10-25 02:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-15 13:22 - 2017-10-25 02:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 13:22 - 2017-10-21 12:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-15 13:22 - 2017-10-20 14:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-15 13:22 - 2017-10-20 05:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 13:21 - 2017-10-25 06:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-15 13:21 - 2017-10-25 04:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-15 13:21 - 2017-10-25 04:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-15 13:21 - 2017-10-25 04:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-15 13:21 - 2017-10-25 04:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 13:21 - 2017-10-25 04:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-15 13:21 - 2017-10-25 04:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-15 13:21 - 2017-10-25 04:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-15 13:21 - 2017-10-25 04:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-15 13:21 - 2017-10-25 03:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-15 13:21 - 2017-10-25 03:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-15 13:21 - 2017-10-25 03:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-15 13:21 - 2017-10-25 03:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-15 13:21 - 2017-10-25 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-15 13:21 - 2017-10-25 03:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-15 13:21 - 2017-10-25 03:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-15 13:21 - 2017-10-25 03:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 13:21 - 2017-10-25 03:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-15 13:21 - 2017-10-25 03:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-15 13:21 - 2017-10-25 03:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 13:21 - 2017-10-25 03:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-15 13:21 - 2017-10-25 03:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-15 13:21 - 2017-10-25 03:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 13:21 - 2017-10-25 03:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-15 13:21 - 2017-10-25 03:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-15 13:21 - 2017-10-25 03:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 13:21 - 2017-10-25 03:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-15 13:21 - 2017-10-25 03:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 13:21 - 2017-10-25 03:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-15 13:21 - 2017-10-25 03:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-15 13:21 - 2017-10-25 03:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 13:21 - 2017-10-25 02:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-15 13:21 - 2017-10-25 02:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-15 13:21 - 2017-10-25 02:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-15 13:21 - 2017-10-25 02:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-12 07:24 - 2017-11-12 07:24 - 000001593 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-12 07:24 - 2017-11-12 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-12 07:24 - 2017-11-12 07:24 - 000000000 ____D C:\Program Files\iTunes
2017-11-12 07:24 - 2017-11-12 07:24 - 000000000 ____D C:\Program Files\iPod
2017-11-11 11:57 - 2017-11-12 21:40 - 000000000 ____D C:\Users\raidb\Desktop\Humaira Claim
2017-11-08 09:21 - 2017-11-08 09:21 - 000002709 _____ C:\Users\raidb\Desktop\Microsoft Office Word 2007.lnk
2017-11-08 09:20 - 2017-11-08 09:20 - 000002671 _____ C:\Users\raidb\Desktop\Microsoft Office Excel 2007.lnk
2017-11-02 09:02 - 2017-11-02 09:02 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-02 01:16 - 2017-11-02 01:16 - 006754944 _____ (ESET spol. s r.o.) C:\Users\raidb\Downloads\esetonlinescanner_enu (1).exe
2017-11-02 01:13 - 2017-11-02 01:13 - 000000000 ___HD C:\Users\raidb\MicrosoftEdgeBackups
2017-10-30 22:06 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-10-30 22:06 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-10-30 22:06 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-10-30 22:06 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 00:53 - 2016-10-05 17:22 - 000000000 ____D C:\FRST
2017-11-26 00:44 - 2017-10-24 12:48 - 000004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90492BA8-C273-4C01-93DD-A0DCCC344837}
2017-11-26 00:37 - 2016-11-20 13:15 - 000000000 ____D C:\Users\raidb\AppData\LocalLow\Mozilla
2017-11-26 00:36 - 2016-09-17 00:29 - 000000058 _____ C:\Users\raidb\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-11-25 23:40 - 2017-10-24 12:56 - 000976298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-25 23:40 - 2017-10-24 12:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-11-25 23:35 - 2017-10-24 12:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-25 23:35 - 2017-09-29 08:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-25 23:35 - 2016-10-02 22:43 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-25 23:35 - 2015-09-12 00:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-25 23:33 - 2017-10-24 12:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-25 22:15 - 2017-09-29 13:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-25 22:14 - 2016-10-04 22:17 - 000000000 ____D C:\Users\raidb\AppData\Local\ESET
2017-11-25 22:13 - 2017-09-29 13:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-25 22:13 - 2016-10-04 23:23 - 000000000 ____D C:\Program Files\ESET
2017-11-25 22:07 - 2017-03-08 23:43 - 000000000 ____D C:\AdwCleaner
2017-11-25 22:06 - 2017-03-08 23:47 - 000000000 ____D C:\Users\raidb\Desktop\Security
2017-11-25 22:03 - 2016-10-02 22:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-25 21:11 - 2016-09-23 08:19 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-25 20:47 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-25 20:45 - 2017-09-29 08:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-25 20:45 - 2015-09-12 02:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-11-25 20:45 - 2015-09-12 02:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-11-25 20:09 - 2016-09-14 05:50 - 000000000 ____D C:\Users\raidb\AppData\Roaming\vlc
2017-11-25 20:08 - 2017-08-27 18:15 - 000000000 ____D C:\Users\raidb\Desktop\Yousra's downloads
2017-11-23 18:36 - 2017-09-29 13:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 18:36 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-22 07:12 - 2016-09-20 16:14 - 000000000 __RDL C:\Users\raidb\OneDrive\Documents\Scanned Documents
2017-11-21 15:37 - 2016-09-14 04:24 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 17:11 - 2017-10-24 12:51 - 000000000 ____D C:\Users\raidb\AppData\Local\Packages
2017-11-20 16:59 - 2017-10-24 12:50 - 000000000 ____D C:\Users\raidb
2017-11-20 10:24 - 2015-09-12 02:10 - 000102600 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-11-20 10:24 - 2015-09-12 02:10 - 000008471 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-11-19 17:35 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 21:55 - 2017-10-24 12:48 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 21:55 - 2016-09-19 16:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 19:15 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 19:15 - 2017-09-29 08:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 13:23 - 2017-09-29 13:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 18:41 - 2016-09-14 01:34 - 000002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 18:41 - 2016-09-14 01:34 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-14 13:35 - 2017-10-24 12:48 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 13:35 - 2017-10-24 12:48 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 12:52 - 2017-10-24 12:48 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 12:51 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 12:51 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-06 09:08 - 2016-10-03 17:24 - 000000000 ____D C:\ProgramData\Oracle
2017-11-06 08:34 - 2016-10-03 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-06 08:34 - 2016-10-03 17:24 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-06 08:33 - 2016-10-03 17:25 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-05 10:43 - 2017-10-24 21:44 - 000000000 ____D C:\Windows.old
2017-11-04 01:25 - 2017-09-29 13:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 01:25 - 2017-09-29 13:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 07:05 - 2016-09-14 01:33 - 000000000 __RDL C:\Users\raidb\OneDrive
2017-11-02 21:25 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-01 16:09 - 2017-10-24 12:48 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-355355189-1155878267-3734476988-1001
2017-11-01 16:09 - 2016-09-14 01:33 - 000002373 _____ C:\Users\raidb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 14:57 - 2017-10-20 16:52 - 000000000 ___DC C:\WINDOWS\Panther
2017-10-28 23:06 - 2017-10-26 23:42 - 000000000 ____D C:\Users\raidb\AppData\Roaming\dvdcss
2017-10-27 19:52 - 2017-09-12 19:11 - 000009682 _____ C:\Users\raidb\Desktop\Money Spent on Garmoyle.xlsx

==================== Files in the root of some directories =======

2016-09-17 00:29 - 2017-11-26 00:36 - 000000058 _____ () C:\Users\raidb\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-03-03 02:46 - 2017-03-03 02:46 - 000007915 _____ () C:\Users\raidb\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-11-25 17:02 - 2017-11-25 17:02 - 000000000 _____ () C:\Users\raidb\AppData\Local\Temp\yiiwo1lf.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-25 17:25

==================== End of FRST.txt ============================

 

 

 

 

Addition.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by raidb (26-11-2017 00:54:15)
Running from C:\Users\raidb\Desktop\Bleeping Computer
Windows 10 Home Version 1709 16299.64 (X64) (2017-10-24 13:07:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-355355189-1155878267-3734476988-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-355355189-1155878267-3734476988-503 - Limited - Disabled)
Guest (S-1-5-21-355355189-1155878267-3734476988-501 - Limited - Disabled)
postgres (S-1-5-21-355355189-1155878267-3734476988-1002 - Limited - Enabled) => C:\Users\postgres
raidb (S-1-5-21-355355189-1155878267-3734476988-1001 - Administrator - Enabled) => C:\Users\raidb
WDAGUtilityAccount (S-1-5-21-355355189-1155878267-3734476988-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioFXSetup (HKLM\...\{E1B6E9E2-75EF-4875-A12B-69AE6D95223F}) (Version: 1.2.701 - Nahimic) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Configure (HKLM-x32\...\{DCC0B140-2270-4DD4-BE3C-236576371003}) (Version: 20.015.08113 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1509.201 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1509.201 - Application)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5307.55 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{E248E287-CCDC-4F3C-A5AD-AA7ACE50D359}) (Version: 12.5.2010 - Blackmagic Design)
Dragon Gaming Center (HKLM-x32\...\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1701.0601 - Micro-Star International Co., Ltd.) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1701.0601 - Micro-Star International Co., Ltd.)
ESET Security (HKLM\...\{8B35CE46-1F7C-4B22-815E-AB6DC63EE3AB}) (Version: 11.0.149.0 - ESET, spol. s r.o.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{22CF21C4-4E46-458B-B363-E4890B53A650}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Bandwidth Control Filter Driver (HKLM\...\{D82FCE80-884C-4D03-9CAA-DFF0B33A2A39}) (Version: 1.1.55.1105 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{D8FE046B-D326-40FE-938B-4A4D75B5C192}) (Version: 1.1.55.1105 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{610C883E-4790-4D73-894A-059C82AAC2B5}) (Version: 1.1.55.1105 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.55.1105 - Rivet Networks)
Killer Wireless-AC 1535 Drivers (HKLM\...\{4E3EDD1F-C659-41BE-9159-FF83ED08CE94}) (Version: 1.1.55.1105 - Rivet Networks) Hidden
LauncherSetup (HKLM\...\{B76D1CC1-596E-43C2-B33F-7CEECA30534C}) (Version: 1.2.701 - Nahimic) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MFC RunTime files (HKLM-x32\...\{70C592EC-AE9B-4734-928B-676E824FB41E}) (Version: 1.0.0 - Extensoft) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-355355189-1155878267-3734476988-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x64 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Remind Manager (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.)
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
Nahimic for MSI (HKLM-x32\...\{177bcc7b-c662-4b70-adc1-07c2460e36f6}) (Version: 1.2.7 - Nahimic)
NahimicSettingsConfigurator (HKLM\...\{7A08A7EC-DB46-4DBF-AA20-B6CD31477E62}) (Version: 1.2.701 - Nahimic) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.11.2.7 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
Novabench (HKLM\...\{CC27A05D-9D9A-43C7-B202-96A0BAAC86B9}) (Version: 4.0.1 - Novawave Inc.)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
ProductDaemonSetup (HKLM\...\{550B8869-94C1-4AE4-8C91-50916008AB37}) (Version: 1.2.701 - Nahimic) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.127 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21275 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
SCM (HKLM\...\{F6E94387-38E9-4D98-9FE1-038F575768BA}) (Version: 13.017.06089 - Application)
Screenshot Captor 4.16.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.9.2015.1 - SteelSeries)
SteelSeries Engine 3.11.7 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.7 - SteelSeries ApS)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.184 - Synaptics Incorporated)
Thunderbolt™ Software (HKLM-x32\...\{5B88BE64-93E7-4D6B-83D0-37B911166FF2}) (Version: 15.2.35.250 - Intel Corporation)
UIInstallUpgrade (HKLM\...\{CE9EF2BA-F1BA-4233-8C78-10AB4DCF49A8}) (Version: 1.2.701 - Nahimic) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
ZoneAlarm Firewall (HKLM-x32\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.653.17211 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => c:\Program Files\WinZip\wzshls64.dll [2013-08-03] (WinZip Computing, S.L.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => c:\Program Files\WinZip\wzshls64.dll [2013-08-03] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => c:\Program Files\WinZip\wzshls64.dll [2013-08-03] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FB04A38-9A19-4571-A9C3-B96205203981} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {256C4FCE-7441-474E-9FA4-815A2C11AE44} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {25FA05FC-0BA4-48B6-9D36-38C86D631048} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-14] (Google Inc.)
Task: {26100A03-3283-4EBD-AB8C-CC756E6B65BF} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {29E405F8-C48C-4A8D-8842-5F8B810DAB09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-14] (Google Inc.)
Task: {34806316-9699-473A-8F7B-A393C11ED749} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {35B77AA2-CEE3-4C34-B795-10D6C6BA1D2C} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-08-24] ()
Task: {36749F14-DA05-4D8A-9A93-75661B3672CA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {480F490F-F519-46D6-BAE8-5F7AA1746B77} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-08-24] ()
Task: {59BC5FA4-9034-40C4-A95E-06A2FA9FA308} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {6400498B-EB79-4355-83EA-130296D05192} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-05-11] (CyberLink Corp.)
Task: {66FE329A-CB96-4BDB-ADA9-2C78B3CD54C3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {7901F83C-E59A-46E0-91CD-7A6788131035} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {A1A16BBC-194B-4C25-82C2-0730B50A6C91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {A7FE07CC-4DD3-47D5-A074-540E9271527D} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-07-25] (Micro-Star International Co., Ltd.)
Task: {B791D99B-9068-4198-8DC0-740917032511} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-08-24] ()
Task: {BCF86C08-F35B-4BB1-AFF0-24C8FFEB3B3E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {C8EC0675-75B2-4EFF-BDCF-9BE438A97853} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\WSCStub.exe [2017-11-11] (Symantec Corporation)
Task: {CBF71A4E-E197-42EA-A899-2A629FAB468B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {D3A914E2-F98F-44A7-A934-4884813ECEB2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-11-11] (Symantec Corporation)
Task: {D3CC7E32-395C-4727-8AAC-F2E967D014A8} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {FC44EFCD-6116-45C8-A2D7-FD95A5A2939D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 13:41 - 2017-09-29 13:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-08-24 22:16 - 2015-08-24 22:16 - 000210912 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2015-08-24 22:16 - 2015-08-24 22:16 - 000297440 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
2017-10-26 12:27 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-14 01:37 - 2013-04-02 03:41 - 000176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-09-14 01:37 - 2012-08-14 13:31 - 001328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2017-09-29 13:42 - 2017-09-29 14:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 13:42 - 2017-09-29 14:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-24 22:12 - 2015-08-24 22:12 - 000532448 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
2015-08-24 22:12 - 2015-08-24 22:12 - 000816128 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
2015-08-24 22:17 - 2015-08-24 22:17 - 000276992 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
2017-06-08 08:37 - 2017-06-08 08:37 - 000301848 _____ () C:\Program Files (x86)\SCM\SCM.exe
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\Program Files\iTunes\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\Program Files\iTunes\libxml2.dll
2014-01-22 17:44 - 2014-01-22 17:44 - 000075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 009315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2015-06-11 20:32 - 2015-06-11 20:32 - 000015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2015-06-11 20:32 - 2015-06-11 20:32 - 000011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2015-06-11 20:32 - 2015-06-11 20:32 - 000011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2015-06-11 20:32 - 2015-06-11 20:32 - 000115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-10-08 15:30 - 2014-10-08 15:30 - 000047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2015-06-11 20:32 - 2015-06-11 20:32 - 000034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-10-08 15:30 - 2014-10-08 15:30 - 001102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2015-06-11 20:33 - 2015-06-11 20:33 - 000030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2017-09-14 18:58 - 2017-09-14 18:58 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-26 10:59 - 2017-10-26 10:59 - 004252160 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1710.2791.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 09:47 - 2017-09-26 09:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1710.2791.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2015-08-24 22:11 - 2015-08-24 22:11 - 000262112 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
2015-08-24 22:11 - 2015-08-24 22:11 - 000180704 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIDevProps.dll
2015-09-12 00:13 - 2016-06-15 01:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-05 03:34 - 2015-09-05 03:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-355355189-1155878267-3734476988-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\raidb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
HKU\S-1-5-21-355355189-1155878267-3734476988-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{21C95284-3AE2-42D7-97A0-7DE8B61911F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{747C8605-B0A3-4890-9488-14C060692133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{E3C4DD67-29B1-47CF-9036-1C04D65DFD88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C064C5DE-559C-4E10-B009-CE901B023C16}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6354F1AE-737F-42A9-8003-C779FA9ADD03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28010968-EB27-4201-8D91-FF49ED790A35}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0BBC4FAD-1A0E-4F64-AC7F-E41EF8FB83DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46D1380B-F54A-4B46-B05B-F8596039A060}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D8950948-5833-4E38-BC35-691F9D710E56}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{30673C39-F5CB-49F6-8B24-354D629812E1}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{9C6BC1BE-984F-4612-A0BB-326DC67055E6}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{74B3E627-0179-4262-9994-20AB0F9733B5}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{06EA6549-873B-4D78-AB16-B1267453CE49}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{0EF37DF5-8945-4083-9043-4EACD730D137}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{736D514D-1904-49BB-8110-F612F1B6371B}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{3BDE51D0-7281-45AB-A23B-C259C1DF8F7F}] => (Allow) D:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{BB4F2ECD-8BDD-435D-B46F-662BC0957368}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{150AE182-9833-4BED-8541-3F51F7BF4335}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{54837414-A532-4074-9684-E803CEB8A4E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7AE289F6-EEE1-4935-AF97-3061F973D50E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D5EEA0C0-08F7-4674-8165-3CDDFB2909C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CBCF8532-CA9F-4028-B616-C9AF57324C5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AD6358BD-F54F-4619-B5F8-BDBB706F7581}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B657A49-00EC-48CA-9548-7D08D9C764C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8EE5037-4502-4BD9-8C24-F85D297D151D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C417B749-7FE8-4BB4-B9FB-788BA1B4BB26}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B7A442E-EC07-4E07-A5B2-A13C725D25BF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9AA59654-F7CE-496E-9BA2-64B972FD35D6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E85AC92E-758C-4863-895A-44CE2CE9FC31}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6336BE8B-E5A7-4B92-870D-C8FEA6CAEFF0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EF489E86-A4A8-4448-9E57-C00260DC2F72}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4BA40A2D-DF8D-4B14-B99D-1B8AB944BC03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2017 11:35:56 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/25/2017 10:08:08 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/25/2017 08:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SCM.exe, version: 13.17.6089.0, time stamp: 0x5938aa67
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffd3d7819e2
Faulting process id: 0x2fdc
Faulting application start time: 0x01d3662e1ff3f5e3
Faulting application path: C:\Program Files (x86)\SCM\SCM.exe
Faulting module path: unknown
Report Id: a1e76ea4-619b-4b89-b83e-79ac226287a6
Faulting package full name:
Faulting package-relative application ID:

Error: (11/25/2017 08:49:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SCM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at MSI.SCM.SCMII.Dispose(Boolean)
   at System.ComponentModel.Component.Finalize()

Error: (11/25/2017 08:44:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/25/2017 08:43:45 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/25/2017 07:25:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2017.39091.16340.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 13ec

Start Time: 01d366230e584177

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 69c151af-1e74-4203-8712-bf8e622f5b43

Faulting package full name: Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (11/25/2017 07:25:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MSI)
Description: App Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App did not launch within its allotted time.

Error: (11/25/2017 06:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2017.39091.16340.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2154

Start Time: 01d3661a243cd93b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 05b391fa-0cc4-4373-8002-8a650ec30c9e

Faulting package full name: Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (11/25/2017 06:21:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MSI)
Description: App Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App did not launch within its allotted time.


System errors:
=============
Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 11:35:44 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (11/25/2017 10:08:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 10:08:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2017 10:08:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-11-26 00:53:24.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:53:24.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:50:56.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:50:56.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:43:37.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-26 00:43:37.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-26 00:41:17.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:41:17.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-26 00:38:37.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-26 00:38:37.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 16336.36 MB
Available physical RAM: 13145.4 MB
Total Virtual: 18768.36 MB
Available Virtual: 15256.1 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:97.98 GB) (Free:36.43 GB) NTFS
Drive d: (Data) (Fixed) (Total:911.24 GB) (Free:820.56 GB) NTFS
Drive e: () (Fixed) (Total:20.27 GB) (Free:20.16 GB) NTFS
Drive h: (Yellow Yousra Bkup) (Fixed) (Total:698.64 GB) (Free:90.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: D5A4A4CC)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DC7A8C33)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 94819994)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 26 November 2017 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Disable one of the Firewall. You cannot have both enabled at the same time.
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
U3 iswSvc; no ImagePath
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0FB04A38-9A19-4571-A9C3-B96205203981} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\Users\raidb\AppData\Local\Temp\yiiwo1lf.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please post the log and let me know if the problem persists.

#3 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 26 November 2017 - 01:32 PM

Hi. Thank you for your reply. Below is the Fixlog.txt

i haven't used the computer for a lengthy period today so i am not able to tell if the problem persists. I think i will need a day or two to get back to you.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017
Ran by raidb (26-11-2017 18:11:58) Run:3
Running from C:\Users\raidb\Desktop\Bleeping Computer
Loaded Profiles: raidb & postgres (Available Profiles: raidb & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-355355189-1155878267-3734476988-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E896BE2B-2D5B-43DB-BD46-1DE9C15286FD}&mid=9410f6697d2347cfbf824dff96e5bd87-976836db4fb2ded0a580239f7893694414230f49&lang=en&ds=jt011&coid=avgtbdisjt&cmpid=&pr=sa&d=2017-06-07 01:26:08&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.7.0.632\AVG SafeGuard toolbar_toolbar.dll No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
U3 iswSvc; no ImagePath
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0FB04A38-9A19-4571-A9C3-B96205203981} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\Users\raidb\AppData\Local\Temp\yiiwo1lf.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-355355189-1155878267-3734476988-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FB04A38-9A19-4571-A9C3-B96205203981} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB04A38-9A19-4571-A9C3-B96205203981} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
C:\Users\raidb\AppData\Local\Temp\yiiwo1lf.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40385769 B
Java, Flash, Steam htmlcache => 12339856 B
Windows/system/drivers => 86160 B
Edge => 0 B
Chrome => 143735 B
Firefox => 13397486 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3162 B
NetworkService => 3466 B
raidb => 14907730 B
postgres => 0 B

RecycleBin => 0 B
EmptyTemp: => 84.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:12:12 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 27 November 2017 - 09:16 AM

I will be here.

#5 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 30 November 2017 - 03:48 PM

Hi. The problem seems to be resolved. No more black screen appearing. Also, youtube viodes open much faster. What was the issue? was it a virus



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 01 December 2017 - 09:04 AM

Hi,

Just some malware issues and a good cleanup of the temp files.
The running of 2 Firewall played a role.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 05 December 2017 - 01:32 AM

Thank you. Are you able to write a script for me that I can run with the Farbar tool to clean my computer/ temp files etc every month?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 05 December 2017 - 08:06 AM



Hi,

Have a look at this CClenaer tool.

https://www.howtogeek.com/172820/beginner-geek-what-does-ccleaner-do-and-should-you-use-it/

Use it wisely to remove Temporary files.


Download the program from this Home Site.
https://www.piriform.com/ccleaner
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 December 2017 - 09:36 AM

I no longer have the black screen but i am still experiencing some slow speeds when i surf the web/ yourube. I have noticed that the video and audio become out of sync when watching on my laptop, but the same video is fine when im watching on my ipad. I feel there is still something effecting the performance. Can you take one more look. Thank you.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 08 December 2017 - 01:46 PM

HI,

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
====

If that fails, run this fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers:

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Keep me posted.

#11 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 December 2017 - 02:38 PM

thanks. results below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by raidb (08-12-2017 19:29:35) Run:4
Running from C:\Users\raidb\Desktop\Bleeping Computer
Loaded Profiles: raidb & postgres (Available Profiles: raidb & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers:

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : fdf4:8e92:cb79:200:212d:1c7f:6fdc:d07a
   Temporary IPv6 Address. . . . . . : fdf4:8e92:cb79:200:91df:1938:c957:1326
   Link-local IPv6 Address . . . . . : fe80::212d:1c7f:6fdc:d07a%4
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
An error occurred while renewing interface Wi-Fi : unable to contact your DHCP server. Request has timed out.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers: =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unknown option '/allusers:'.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:31:57 ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 PM

Posted 09 December 2017 - 08:21 AM

Is it better now?

#13 Breakfix

Breakfix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 13 December 2017 - 10:13 AM

Yes. Thank you for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users