Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or Windows Error?


  • This topic is locked This topic is locked
12 replies to this topic

#1 McMasterson

McMasterson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 18 December 2017 - 02:47 AM

Greetings,
 
I've run afoul a strange handful of problems on my PC lately and it's difficult to tell whether or not they stem from an infection or an error in the operating system. Webroot, Malwarebytes, and Spybot have all come up empty-handed, and I don't see anything of note in the FRST log, so it could very well be the latter, but I figured I ought to rule out a virus before proceeding with an OS fix.
 
But first, my FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by [redacted] (administrator) on HAL (17-12-2017 22:41:40)
Running from C:\Users\[redacted]\Downloads
Loaded Profiles: [redacted] (Available Profiles: [redacted] & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 8191.24 MB
Available physical RAM: 4359.84 MB
Total Virtual: 16380.66 MB
Available Virtual: 12058.85 MB
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\SYSTEM32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1061680 2017-11-07] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Run: [f.lux] => C:\Users\[redacted]\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2016-12-10]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{53E81521-532C-4A4E-8FEC-2A389D4C35A0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5E&ocid=SL5EDHP&osmkt=en-us
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {274479A7-C48F-47F3-AB79-9136661C6418} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {274479A7-C48F-47F3-AB79-9136661C6418} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {274479A7-C48F-47F3-AB79-9136661C6418} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {274479A7-C48F-47F3-AB79-9136661C6418} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-11-09] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-11-09] (Webroot)
Toolbar: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
 
FireFox:
========
FF ProfilePath: C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default [2017-12-14]
FF Homepage: Mozilla\Firefox\Profiles\iulxz2ta.default -> hxxps://news.google.com/nwshp?hl=en&tab=wn&ei=JvTKVc_CMZeOoQTN8KTICQ&ved=0CAUQqS4oBQ
FF NewTab: Mozilla\Firefox\Profiles\iulxz2ta.default -> hxxps://www.google.com/
FF Extension: (Disconnect) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\2.0@disconnect.me.xpi [2017-05-14]
FF Extension: (Bing Search) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\bingsearch.full@microsoft.com [2015-07-05] [Legacy] [not signed]
FF Extension: (Bookmark Favicon Changer) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2016-04-14] [Legacy]
FF Extension: (Custom New Tab) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\CNT@ednovak.net.xpi [2016-12-13] [Legacy]
FF Extension: (YouTube™ HD Plus) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2016-03-31] [Legacy]
FF Extension: (Speed DNS) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\speeddns@gmail.com.xpi [2016-05-04] [Legacy]
FF Extension: (Screengrab!) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-11-30]
FF Extension: (YouTube High Definition) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-10-18]
FF Extension: (Adblock Plus) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-19]
FF Extension: (Theme Font & Size Changer) - C:\Users\[redacted]\AppData\Roaming\Mozilla\Firefox\Profiles\iulxz2ta.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-11-19]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2017-11-09]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-05-04] ()
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
 
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://news.google.com/nwshp?hl=en&tab=wn"
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Profile: C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Bookmark Favicon Changer) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfnomgphggonodopogfbmkneepfgnh [2014-12-19]
CHR Extension: (YouTube) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google Search) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-16]
CHR Extension: (Cosmopolise) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm [2014-02-25]
CHR Extension: (Disconnect) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-12-10]
CHR Extension: (Webroot Filtering Extension) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-11-28]
CHR Extension: (Google Maps) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Toggle Adblock Plus) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdlpiobbbbdcaklklfalojacgifffohf [2014-02-25]
CHR Extension: (Awesome New Tab Page) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-12-20]
CHR Extension: (Your Quality for YouTube™) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2016-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-17]
CHR HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144464 2015-02-19] (CANON INC.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-04] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-15] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1061680 2017-11-07] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-09] ()
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-10-06] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-10-06] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-10-06] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [143744 2017-10-10] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67024 2017-11-09] (Webroot)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 22:41 - 2017-12-17 22:43 - 000030661 _____ C:\Users\[redacted]\Downloads\FRST.txt
2017-12-17 22:41 - 2017-12-17 22:41 - 002392064 _____ (Farbar) C:\Users\[redacted]\Downloads\FRST64.exe
2017-12-17 22:41 - 2017-12-17 22:41 - 000000000 ____D C:\FRST
2017-12-10 03:12 - 2017-12-10 03:12 - 000583211 _____ C:\Users\[redacted]\Downloads\jco.2017.76.1155.pdf
2017-12-10 03:08 - 2017-12-10 03:08 - 000000086 _____ C:\Users\[redacted]\Error Log.txt
2017-12-09 13:14 - 2017-12-09 13:14 - 000000030 _____ C:\Users\[redacted]\Bit Defender Virus.txt
2017-12-09 12:15 - 2017-12-05 11:36 - 000137200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-09 12:12 - 2017-12-05 13:17 - 040238576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 036301384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 035156368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 029345592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 023266584 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 019039792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 018208784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 016851768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-12-09 12:12 - 2017-12-05 13:17 - 015027984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 011782096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 003808144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 003347952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 001989944 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438859.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438859.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 001099848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 001031984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000981816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000616432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000527288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000505928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000446216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-12-09 12:12 - 2017-12-05 13:17 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-12-09 10:44 - 2017-12-09 10:44 - 000021232 _____ C:\Users\[redacted]\Downloads\Fix WU.zip
2017-12-06 23:41 - 2017-11-27 17:55 - 001991016 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438843.dll
2017-12-06 23:41 - 2017-11-27 17:55 - 001674552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438843.dll
2017-12-06 23:29 - 2017-11-15 17:41 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-12-06 23:29 - 2017-11-15 17:41 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-11-28 18:57 - 2017-11-16 20:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-28 18:57 - 2017-10-16 15:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-11-28 18:57 - 2017-10-16 14:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-11-28 18:57 - 2017-10-11 16:55 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-11-28 18:57 - 2017-10-11 16:37 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-11-28 18:57 - 2017-10-11 16:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-11-27 21:30 - 2017-11-27 21:30 - 000000000 ____D C:\Users\[redacted]\AppData\Local\CAPCOM
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 21:18 - 2012-08-01 20:48 - 000000000 ____D C:\ProgramData\WRData
2017-12-17 20:47 - 2014-10-07 20:32 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-17 12:25 - 2015-01-09 18:33 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-17 12:22 - 2016-05-12 23:49 - 000000000 ____D C:\Users\[redacted]\AppData\Local\CrashDumps
2017-12-17 12:04 - 2012-08-01 19:09 - 000000000 ____D C:\Users\[redacted]
2017-12-17 10:43 - 2009-07-13 20:45 - 000018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-17 10:43 - 2009-07-13 20:45 - 000018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-17 10:33 - 2009-07-13 21:13 - 000863400 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-17 10:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-17 10:29 - 2012-08-03 14:27 - 025946624 ___SH C:\Users\[redacted]\Thumbs.db
2017-12-17 10:26 - 2012-08-01 20:48 - 000182192 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-12-17 10:26 - 2012-08-01 20:48 - 000114672 _____ (Webroot) C:\Windows\system32\WRusr.dll
2017-12-17 10:26 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-15 00:52 - 2013-01-24 20:58 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 18:53 - 2017-10-27 19:29 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-14 18:53 - 2012-08-01 20:54 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-11 22:53 - 2017-08-27 21:46 - 000000000 ____D C:\Users\[redacted]\AppData\Roaming\brave
2017-12-09 23:45 - 2017-08-27 21:46 - 000000000 ____D C:\Users\[redacted]\AppData\Local\brave
2017-12-09 22:07 - 2017-10-13 23:25 - 000000000 ____D C:\Users\[redacted]\ansel
2017-12-09 21:17 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-09 12:57 - 2014-02-25 20:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-09 12:16 - 2015-01-09 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-09 12:16 - 2015-01-09 18:31 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-09 12:14 - 2016-03-10 22:36 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-09 11:15 - 2015-03-21 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-09 11:15 - 2014-02-25 20:28 - 000001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-09 11:14 - 2012-08-18 08:48 - 000000000 ____D C:\Users\[redacted]\AppData\Local\ElevatedDiagnostics
2017-12-09 01:45 - 2014-06-25 21:12 - 000000000 ____D C:\Users\[redacted]\Documents\Misc
2017-12-07 20:14 - 2015-01-09 18:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-07 00:48 - 2015-01-21 21:12 - 000000000 ____D C:\Users\[redacted]\AppData\Roaming\MPC-HC
2017-12-06 23:31 - 2015-01-09 18:36 - 000000000 ____D C:\Users\[redacted]\AppData\Local\NVIDIA Corporation
2017-12-06 23:30 - 2017-05-22 20:10 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-12-14 22:14 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2016-10-06 23:00 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-06 23:30 - 2015-01-09 18:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-05 19:20 - 2009-07-13 21:08 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-05 13:17 - 2017-10-23 22:11 - 003799032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-05 13:17 - 2017-10-10 17:34 - 019526696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-05 13:17 - 2017-09-21 19:11 - 022257256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-12-05 13:17 - 2017-09-21 19:10 - 004285704 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-05 13:17 - 2017-09-21 19:10 - 000492232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-12-05 13:17 - 2017-04-25 22:13 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-12-05 11:56 - 2016-10-06 23:00 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-05 11:32 - 2015-12-21 20:33 - 000607304 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-05 11:32 - 2015-12-21 20:33 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-05 11:32 - 2015-01-09 18:32 - 005966696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-05 11:32 - 2015-01-09 18:32 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-05 11:32 - 2015-01-09 18:32 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-05 11:32 - 2015-01-09 18:32 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-05 11:32 - 2015-01-09 18:32 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-03 19:52 - 2017-06-25 15:36 - 000000000 ____D C:\Users\[redacted]\eBay Sales
2017-12-02 12:58 - 2017-03-15 20:42 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-12-02 01:02 - 2015-11-10 19:02 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 20:30 - 2016-12-13 19:54 - 000000000 ____D C:\Users\[redacted]\AppData\LocalLow\Mozilla
2017-11-28 22:58 - 2016-08-03 22:29 - 000000000 ____D C:\Users\[redacted]\Documents\My Games
2017-11-28 20:44 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2017-11-28 20:18 - 2009-07-13 20:45 - 000383984 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-26 00:59 - 2014-10-07 20:09 - 000000000 ___RD C:\Users\[redacted]\Desktop\Games
2017-11-25 04:40 - 2015-01-09 18:32 - 007874971 _____ C:\Windows\system32\nvcoproc.bin
2017-11-19 23:20 - 2014-02-25 20:28 - 000000000 ____D C:\Users\[redacted]\AppData\Roaming\Mozilla
2017-11-19 21:36 - 2012-10-01 19:47 - 000003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor[redacted]
2017-11-19 21:36 - 2012-10-01 19:47 - 000000354 _____ C:\Windows\Tasks\HPCeeScheduleFor[redacted].job
2017-11-19 01:49 - 2015-05-21 23:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2015-12-16 19:12 - 2015-12-16 19:12 - 000002455 _____ () C:\Program Files (x86)\Reregister_&_Reset_Updates.bat
2015-01-10 11:56 - 2016-12-10 20:55 - 014147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-03-14 16:34 - 2015-03-14 16:34 - 000003584 _____ () C:\Users\[redacted]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-09 00:13
 
=================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2017 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/17/2017 12:22:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 9.0.3.0, time stamp: 0x4d906921
Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16
Exception code: 0xc0000374
Fault offset: 0x000ce85b
Faulting process id: 0xb68
Faulting application start time: 0x01d377725cc18dc4
Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: f65944de-e367-11e7-a34b-90e6bab38450
 
Error: (12/10/2017 08:07:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/07/2017 08:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: flux.exe, version: 4.55.0.0, time stamp: 0x59dd23af
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0014e51c
Faulting process id: 0x42c
Faulting application start time: 0x01d36fdfe5a0b750
Faulting application path: C:\Users\[redacted]\AppData\Local\FluxSoftware\Flux\flux.exe
Faulting module path: unknown
Report Id: 24b2298b-dbd3-11e7-bbda-90e6bab38450
 
Error: (12/03/2017 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (11/30/2017 06:47:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (12/17/2017 06:27:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/17/2017 06:26:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/17/2017 06:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V9 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/17/2017 06:26:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/17/2017 10:28:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/17/2017 10:26:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/17/2017 10:26:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (12/16/2017 01:18:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/16/2017 01:18:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/16/2017 01:05:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 

 

==================== End of FRST.txt ============================
 
 
And now, the problems:
  • I've been unable to use Windows Update for about a month now. I downloaded and ran the Windows Update Troubleshooter from the Microsoft website and it fixed several problems. However, this didn't repair the program completely as it still claims that it cannot connect to the service. 
  • File Hippo fails to connect to its update checker when the computer starts up. Oddly enough, if I manually check for updates with a right click, it works without a hitch.
  • I started receiving a notification about a BitDefender Threat Scanner error when I shut down. I tried replacing potentially missing/corrupted Spybot files to correct the "problem," but it still occurs. (The quotation marks are used to emphasize that this isn't really an issue, per se. Regardless, I think it may be related to the other problems.)
Regardless of these connectivity issues, my internet service is still working just fine. I'm not sure if the index service problems noted in the log are related, either. Please lend me a hand when you get a spare minute.
 
Thanks much.

Edited by nasdaq, 20 December 2017 - 09:29 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 PM

Posted 19 December 2017 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
Toolbar: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Awesome New Tab Page) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-12-20]
CHR HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
Include also the Addition.txt log that was created by the Farbar program.
===

Let me kow what problems you are having with this computer.

#3 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 19 December 2017 - 11:00 PM

FRST and the browser reset seemed to resolve the BitDefender error on shutdown, but I still can't connect to Windows Update at all, nor can I connect to the File Hippo service on start up. The Fix Log is as follows:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017

Ran by [redacted] (19-12-2017 19:26:42) Run:1

Running from C:\Users\[redacted]\Fix-it

Loaded Profiles: [redacted] (Available Profiles: [redacted] & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

SearchScopes: HKLM -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> {3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File

Toolbar: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"

CHR Extension: (Awesome New Tab Page) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-12-20]

CHR HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]

U0 SR; no ImagePath

U2 srservice; no ImagePath

 

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully

"HKLM\SOFTWARE\Policies\Google" => removed successfully

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534}" => removed successfully

HKLM\Software\Classes\CLSID\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} => key not found

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534}" => removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} => key not found

"HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534}" => removed successfully

HKLM\Software\Classes\CLSID\{3D5CB0CB-BE55-4ECE-98E0-FA6F37B6E534} => key not found

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully

HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found

HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully

HKLM\Software\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully

"Chrome NewTab" => removed successfully

CHR Extension: (Awesome New Tab Page) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-12-20] => Error: No automatic fix found for this entry.

"HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully

"HKLM\System\CurrentControlSet\Services\btwampfl" => removed successfully

btwampfl => service removed successfully

"HKLM\System\CurrentControlSet\Services\SR" => removed successfully

SR => service removed successfully

"HKLM\System\CurrentControlSet\Services\srservice" => removed successfully

srservice => service removed successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 141294304 B

Java, Flash, Steam htmlcache => 643500295 B

Windows/system/drivers => 0 B

Edge => 0 B

Chrome => 83142161 B

Firefox => 20984138 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 66228 B

Public => 0 B

ProgramData => 0 B

systemprofile => 42354435 B

systemprofile32 => 134387 B

LocalService => 132244 B

NetworkService => 66228 B

[redacted] => 1899024 B

DefaultAppPool => 66228 B

 

RecycleBin => 46189 B

EmptyTemp: => 898.4 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 19:27:30 ====



#4 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 20 December 2017 - 02:49 AM

I included some of the "Addition" text in my first post, but here's all of it:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017

Ran by [redacted] (17-12-2017 22:44:09)

Running from C:\Users\[redacted]\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2012-08-02 03:09:35)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1787848298-3200997694-3725144463-500 - Administrator - Disabled)

Guest (S-1-5-21-1787848298-3200997694-3725144463-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1787848298-3200997694-3725144463-1002 - Limited - Enabled)

[redacted] (S-1-5-21-1787848298-3200997694-3725144463-1001 - Administrator - Enabled) => C:\Users\[redacted]

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}

AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}

AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)

Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)

Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)

Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)

ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )

Brave (HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Brave) (Version: 0.19.112 - Brave Software)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.2.0 - Canon Inc.)

Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)

Canon MG5700 series User Registration (HKLM-x32\...\Canon MG5700 series User Registration) (Version:  - Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)

Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1827 - CyberLink Corp.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell System Detect (HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\9204f5692a8faf3b) (Version: 3.3.2.0 - Dell)

DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden

Elements 9 Organizer (HKLM-x32\...\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}) (Version: 9.0 - Adobe Systems Incorporated) Hidden

Elements STI Installer (HKLM-x32\...\{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}) (Version: 1.0 - Adobe Systems Incorporated) Hidden

f.lux (HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\Flux) (Version:  - f.lux Software LLC)

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)

FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)

HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)

HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)

HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

LG CyberLink Media Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2808 - CyberLink Corp.) Hidden

LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2808 - CyberLink Corp.)

LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 55.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.2 (x64 en-US)) (Version: 55.0.2 - Mozilla)

Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)

NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1931 - CyberLink Corp.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.18.44 - Webroot)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-12-17] (Webroot)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-11] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)

ContextMenuHandlers6-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-12-17] (Webroot)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1ED3C057-91D5-480E-971A-426613B24E95} - System32\Tasks\{C69BB714-D346-43A5-9147-45EE1CE23C8B} => C:\Windows\system32\pcalua.exe -a C:\Users\[redacted]\Downloads\iview435_setup.exe -d C:\Users\[redacted]\Downloads

Task: {1EDEEA26-0AB9-463D-89EA-32E796B5B5DC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)

Task: {2424F09D-486B-4DFB-A174-CFD376ACAC40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-21] (Adobe Systems Incorporated)

Task: {3CE4C08F-EE2A-48B0-AF46-08CD686E7EDD} - System32\Tasks\{7681A3D1-CE6E-48D3-A4D6-21FA0C26019F} => C:\Windows\system32\pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default

Task: {4DCED296-D485-4FE8-AC36-28F0B08FFE17} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)

Task: {5489F421-725A-4F72-BDC5-37C4AE686DFC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)

Task: {5496AF85-DAAA-407D-95D1-7EB882D8F817} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)

Task: {597992C8-5616-48A8-9791-F82D0E8DF0A2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)

Task: {59BD9F24-A7AC-4299-95C8-ACB056FC09B0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)

Task: {65F0E505-ADBC-4742-A5ED-F809900D3D14} - System32\Tasks\{6A14C91A-289F-4044-B2F8-5F1E5C430B4D} => C:\Windows\system32\pcalua.exe -a C:\Users\[redacted]\Downloads\AdobeAIRInstaller.exe -d C:\Users\[redacted]\Downloads

Task: {660790CC-7170-493E-B809-816DBE0AFB5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)

Task: {7335C86C-698F-48B0-8565-F0E0DBCBF271} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {82D44305-F9F9-4226-A0FC-A87431718072} - System32\Tasks\{D90D9876-7EA0-4703-AE60-1630E8A63976} => C:\Windows\system32\pcalua.exe -a C:\Users\[redacted]\Downloads\AdobeAIRInstaller.exe -d C:\Users\[redacted]\Downloads

Task: {8966ACD0-7A61-47FF-8BEA-27203B2DBF2F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)

Task: {8A873D62-F542-41F9-9536-CDFB2A3C7916} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

Task: {9DD8AD67-1226-47F1-AD86-DEFFDE246AC1} - System32\Tasks\AdobeAAMUpdater-1.0-HAL-[redacted] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)

Task: {A325BE3D-61AC-4558-BDDC-59BA99885B85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)

Task: {A409A689-F471-4F4B-BEAC-8D88EA6453FF} - \Test TimeTrigger -> No File <==== ATTENTION

Task: {B56BFAFE-ADE4-4DEB-98AA-ACDE3523CBA2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)

Task: {C4B46AF5-E028-4D3A-87AA-8E4AF8DF249C} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)

Task: {C546020A-355A-4C95-88F7-420980E367E5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)

Task: {CCC29193-C03F-49F9-8A16-B8FF87D47B60} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)

Task: {DE0D331A-02C9-473D-8F5B-E87DCA9F144D} - System32\Tasks\{FCAAD282-783A-48D9-A237-DA8C193CB672} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPESetup.exe" -d "C:\Program Files (x86)\Spybot - Search & Destroy 2"

Task: {E338F09E-9993-4ABE-98B3-E03BE7BB3923} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)

Task: {F3CDD19E-BBB9-45D0-8090-6C5D91AFDEDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {F6804C53-8BA1-42D4-9057-CAC467B3FDB0} - System32\Tasks\HPCeeScheduleFor[redacted] => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\HPCeeScheduleFor[redacted].job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-03-15 20:42 - 2016-02-04 10:53 - 000387144 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2016-10-06 23:00 - 2017-11-15 17:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-11-27 21:49 - 2008-07-10 23:04 - 000200704 ____N () C:\Windows\SysWOW64\HsMgr.exe

2012-11-27 21:49 - 2008-07-10 23:03 - 000282112 ____N () C:\Windows\system\HsMgr64.exe

2017-12-15 00:52 - 2017-12-05 20:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll

2017-12-15 00:52 - 2017-12-05 20:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll

2017-06-23 20:24 - 2016-09-13 13:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2017-06-23 20:24 - 2016-09-13 13:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2016-10-06 23:00 - 2017-11-15 17:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-06-23 20:24 - 2016-09-13 13:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2017-06-23 20:24 - 2017-05-12 10:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION

HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\.DEFAULT\...\[redacted]

 

There are 7937 more sites.

 

IE trusted site: HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\[redacted]

There are 7937 more sites.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 18:34 - 2017-08-30 22:40 - 000454691 ____R C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1         [redacted]

There are 15602 more lines.

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\[redacted]\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\[redacted]\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: BingSvc => C:\Users\[redacted]\AppData\Local\Microsoft\BingSvc\BingSvc.exe

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"

MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false

MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background

MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: LGODDFU =>  blrun

MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

MSCONFIG\startupreg: uTorrent => "C:\Users\[redacted]\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{63DD3308-83C3-43E2-AF7F-3ABD35CA8283}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe

FirewallRules: [{EAE54170-DFF7-4EC4-A877-BD32D040B9B0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

FirewallRules: [{FEFE81C8-6505-4BE7-8E29-6C213127F3D1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe

FirewallRules: [{083E0AAB-07DB-45E4-8EB3-505FF6A7FE1C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe

FirewallRules: [{C65C3C60-B64E-489E-B3C9-5E22C98BB317}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

FirewallRules: [{EAA00169-7055-4D50-BE1D-FF5A7D40BD06}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

FirewallRules: [TCP Query User{8FB9AF90-1FD8-4CFC-B8B4-FC979B494AFB}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe

FirewallRules: [UDP Query User{DBACE7B5-8D44-4C89-A5C3-D3DE884EEF59}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe

FirewallRules: [TCP Query User{4025545E-545A-4054-9841-29F65531212C}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe

FirewallRules: [UDP Query User{52D45952-C603-4C57-BC71-C87DF838578F}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe

FirewallRules: [{B27EBBB7-75B8-459C-9B41-C2DDD96533F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{A308DF0C-55D5-4CB9-A84F-5E990460A146}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{B49E252D-E3FA-4BD5-9574-C70131A2C1D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skullgirls\SkullGirls.exe

FirewallRules: [{62D452AD-5021-47C1-8F3A-F64A642AE616}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skullgirls\SkullGirls.exe

FirewallRules: [TCP Query User{61EB2B0C-36C1-4BC5-B135-EE88DF5E66C8}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe

FirewallRules: [UDP Query User{42AECE0E-FBC4-4BC8-8453-FCB449DF32ED}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe

FirewallRules: [{5D680302-B196-453D-A9B2-4E98B871CA01}] => (Allow) C:\Users\[redacted]\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{4ED59058-B8DD-4832-9671-3784FBF263C4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{6335FC29-5831-485C-AF02-008313F9680C}] => (Allow) LPort=2869

FirewallRules: [{0E0F71BE-16D1-48AD-88C8-C0409D40D4FE}] => (Allow) LPort=1900

FirewallRules: [{78F3284D-5A97-4E3D-8B8C-1B817499DBBB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{591F54F5-E01D-47AF-9AAE-A95B2D7F5F73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{08AE49CE-A6D4-491D-BF9E-10ABDEBB7BFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{6F0B37EF-3245-4EA7-B980-98E345FD08BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{188D66C4-CBF7-4461-97EC-600001712A29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{56B1CEFB-424F-4D4F-BF91-D93BEB8D574B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{AEC9C41C-F74A-4C2A-AD77-26F7B07F05C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B3C801B2-2826-44C3-AB28-02CC58675292}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\[redacted]

FirewallRules: [{8BD04805-D89E-4E53-B42B-48B680059F73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{5024EE65-F83B-48FC-B400-B5660D3FB21C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{88E4BC72-B546-4B68-B38C-F85BAF307D46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{26F20A40-CD73-4C86-ABD9-6C20FF4071DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{07C100DB-2695-4510-BD39-F3F27E3DF516}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{AFD4FD5E-0087-4CB9-9D6D-AEDB19778D3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0E0803CB-A8D1-4915-8FCB-53A557F54F9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{A34CEF96-1E13-48BC-9603-BC748F9E21AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{61FC1EA7-E63A-478C-9F2B-AB830D3FF150}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{6C90AE2D-3B07-4419-BE2C-61A359981307}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{ACF6F69F-4392-468D-852E-6CF85E1C9CBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{79B64F2E-1081-40BE-8A7B-2931020951DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{33FF1D8A-24CD-42B4-A354-902C542B010F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{E386BEFD-06BF-4716-AF2C-BF87AA5A3BD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{D4463561-C1CE-4505-9EC3-B577BEC18EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{D8E4B7EB-C8E5-444D-A24C-75DEE63E9876}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{B156D359-CBB4-46DC-997E-00EC6FC423FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{78FEFE95-A00B-4320-AE9E-70B1D7E62A49}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{87CE17A9-3148-4ADB-A010-E23A3A1AB2AE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{899DE2D3-CCC2-4006-9DF0-5056E3236E0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{20E6E037-1F11-4EA3-9F95-D3A40746050A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{922C113E-71F6-4CF1-A1FC-48F5937059C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{360AB3DE-FCED-4533-A1C4-55AD821A05CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{B63CF008-9882-4FDA-B3A4-8D1EE0954CF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{388AFEFF-C2A4-44B0-AD02-3A12A1F164F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{FC30C30E-11E0-4C01-A579-164C1B8B4BA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{6FC54E44-5DA0-443F-8DE0-354B9B16E007}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{582C6428-FCEA-41BC-B8F0-9EE4E1924CF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{7E054AE2-9DFE-4B0B-B131-EBA1B0159421}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{A0F9FEC9-CCC7-4406-A7FE-9778672C0597}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{F1F8DE98-C614-4937-8242-A9B0BC9C92F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{26D0DF1C-5C04-4ED4-BA48-0B8F5B7964AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{38569078-1FD0-4735-A794-B82F2CE7ED8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{79F27336-EEBB-4FD9-AAF8-FB371D14FA65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{E6FF8057-B6F5-43C5-B7AD-48A0A1D0B99F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{51078D98-EBE8-48A8-99D6-0F794B8C342B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{E91CC917-D59F-47F2-8BD0-23D78CEBA438}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{56030719-2389-4212-B3C3-31FB3A38954F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{20BFA86F-3ACB-49EC-8882-4BD3FF1D57BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{9BDAB454-E3A3-49AF-9D85-BEE92480C511}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{3B561F28-499D-4557-8399-AD37FBAF3453}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{84BDBDA2-6E9E-4063-ABDC-DC8218986529}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{1879E62C-28B5-4A72-96E6-76EAF64A9F52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{7A9AF289-4E2D-4312-B7E1-8F0D90754459}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{CEFD4850-C560-4DA7-B7EB-6435A386D546}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{60D05DD5-F1F2-46F6-A1A5-74B9F8C12961}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{660922AF-A0F1-4237-BA4A-D6B96559A8F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{F155C247-1192-4736-BA97-32E90C1E64E7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{5B531CA9-F0F3-4983-A44D-37DAB7B3F667}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{ABC6091A-958F-4303-83A1-E6887F91FA4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{FC0592D9-999C-49AB-9BA7-10BD1CB082E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{B7E7CD7B-357C-480C-B7BE-2A08E6EA1747}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [{781808E4-517D-4D7D-BB4F-5E63FC3D871A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\[redacted]

FirewallRules: [TCP Query User{0B77F948-3B52-41D3-8104-57543137D729}C:\program files (x86)\steam\steamapps\common\[redacted]-shipping.exe] => (Allow) C:\program files

FirewallRules: [{4C2F12FF-D524-4930-A968-3CE48EBBC0ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{18C3728E-373C-47BF-B3CB-DB06CFA154A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{D682CA5D-3DFA-451C-A432-D14E9D836AD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{405B07E1-FA1E-42F0-902C-E8188C50D882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/17/2017 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (12/17/2017 12:22:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PhotoshopElementsEditor.exe, version: 9.0.3.0, time stamp: 0x4d906921

Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16

Exception code: 0xc0000374

Fault offset: 0x000ce85b

Faulting process id: 0xb68

Faulting application start time: 0x01d377725cc18dc4

Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe

Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report Id: f65944de-e367-11e7-a34b-90e6bab38450

 

Error: (12/10/2017 08:07:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (12/07/2017 08:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: flux.exe, version: 4.55.0.0, time stamp: 0x59dd23af

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0014e51c

Faulting process id: 0x42c

Faulting application start time: 0x01d36fdfe5a0b750

Faulting application path: C:\Users\[redacted]\AppData\Local\FluxSoftware\Flux\flux.exe

Faulting module path: unknown

Report Id: 24b2298b-dbd3-11e7-bbda-90e6bab38450

 

Error: (12/03/2017 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.

 

Details:

            The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

Details:

            The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

            The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (11/30/2017 06:47:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

            Element not found.  (HRESULT : 0x80070490) (0x80070490)

 

Error: (11/30/2017 06:47:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

            The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

 

System errors:

=============

Error: (12/17/2017 06:27:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (12/17/2017 06:26:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (12/17/2017 06:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Active File Monitor V9 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/17/2017 06:26:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/17/2017 10:28:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

 

Error: (12/17/2017 10:26:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (12/17/2017 10:26:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

 

Error: (12/16/2017 01:18:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (12/16/2017 01:18:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (12/16/2017 01:05:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

 

CodeIntegrity:

===================================

  Date: 2015-01-22 19:53:53.554

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:53.299

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:52.969

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\SARDON~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:52.708

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\SARDON~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:43.612

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:43.347

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:43.011

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:42.753

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:30.398

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-01-22 19:53:30.142

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\[redacted]\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz

Percentage of memory in use: 46%

Total physical RAM: 8191.24 MB

Available physical RAM: 4359.84 MB

Total Virtual: 16380.66 MB

Available Virtual: 12058.85 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:583.98 GB) (Free:139.54 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.1 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 PM

Posted 20 December 2017 - 09:34 AM

Hi


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
Task: {A409A689-F471-4F4B-BEAC-8D88EA6453FF} - \Test TimeTrigger -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Lets check the Update issues.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#6 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 21 December 2017 - 12:54 AM

The driver fix was timely, as I was having issues installing the newest NVIDIA driver update (I've had issues doing so in the past as well). Interestingly, FRST stopped working the first time I ran it - went off without a hitch the second go 'round, though.

 

 

The Fix Log is as follows:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by [redacted] (20-12-2017 21:13:58) Run:3
Running from C:\Users\[redacted]\Fix-it
Loaded Profiles: [redacted] (Available Profiles: [redacted] & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
Task: {A409A689-F471-4F4B-BEAC-8D88EA6453FF} - \Test TimeTrigger -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => key not found
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A409A689-F471-4F4B-BEAC-8D88EA6453FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A409A689-F471-4F4B-BEAC-8D88EA6453FF}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found
"HKU\.DEFAULT\Software\Classes\exefile" => removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => removed successfully
"HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\exefile" => removed successfully
"HKU\S-1-5-21-1787848298-3200997694-3725144463-1001\Software\Classes\.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Driver Support" => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 21:14:11 ====

 

 

 

 

 

The FSS log is as follows:

 

 

Farbar Service Scanner Version: 27-01-2016

Ran by [redacted] (administrator) on 20-12-2017 at 21:38:33

Running from "C:\Users\[redacted]\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Policy:

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

 

Despite the claims in the log, File Hippo and Windows Update are still failing to connect, unfortunately.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 PM

Posted 21 December 2017 - 08:36 AM


Hi,
Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

Let me know if the Update Service problem persists.

p.s.
As for the File Hippo service you can reinstall the application and see how it goes.

#8 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 22 December 2017 - 12:58 PM

Yeah, I probably should have just reinstalled File Hippo right from the start as the new version is running just fine (LOL).

 

The Tweaking tool seems to have fixed everything - many thanks! Just as an FYI, I'll post the pre-scan Windows Repair log below. Presumably, these issues were fixed after running the tool, but I'll scan my PC once more tonight and post any errors that persist. Otherwise, I'll bid you adieu.

 

 

Tweaking.com - Windows Repair 2018 (v4.0.11) - Pre-Scan
¦ Computer: HAL (Windows 7 Home Premium 6.1.7601.23963 Service Pack 1) (64-bit)
¦ [Started Scan - 12/21/2017 11:06:23 PM]
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Scanning Windows Packages Files.
¦ Started at (12/21/2017 11:06:23 PM)
¦ 
¦ No problems were found with the Packages Files.
¦ 
¦ Files Checked & Verified: 12,051
¦ 
¦ Done Scanning Windows Packages Files.(12/21/2017 11:20:29 PM)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Scanning Reparse Points.
¦ Started at (12/21/2017 11:20:29 PM)
¦ 
Reparse Point: (Type: JUNCTION) (Name: My Documents) (Original Path: C:\Windows\SysWOW64\config\systemprofile\My Documents) (Target Path: C:\Windows\system32\config\systemprofile\Documents) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: NetHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\NetHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: PrintHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\PrintHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Recent) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Recent) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: SendTo) (Original Path: C:\Windows\SysWOW64\config\systemprofile\SendTo) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Start Menu) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Start Menu) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Templates) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Templates) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Music) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Music) (Target Path: C:\Windows\system32\config\systemprofile\Music) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Pictures) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures) (Target Path: C:\Windows\system32\config\systemprofile\Pictures) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Videos) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos) (Target Path: C:\Windows\system32\config\systemprofile\Videos) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
¦ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Music) (Target Path: C:\Users\[redacted]\Music)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Pictures) (Target Path: C:\Users\[redacted]\Pictures)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Videos) (Target Path: C:\Users\[redacted]\Videos)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Problems were found with the Reparse Points.
¦ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
¦ 
¦ Files & Folders Searched: 402,880
¦ Reparse Points Found: 83
¦ 
¦ Done Scanning Reparse Points.(12/21/2017 11:26:11 PM)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Checking Environment Variables.
¦ Started at (12/21/2017 11:26:11 PM)
¦ 
¦ This folder in the 'Path' variable doesn't exist: C:\PROGRAM FILES (X86)\AMD\ATI.ACE\CORE-STATIC
¦ 
¦ This folder in the 'Path' variable doesn't exist: 
¦ 
¦ Problems were found with the Environment Variables.
¦ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.
¦ 
¦ Done Checking Environment Variables. (12/21/2017 11:26:11 PM)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ [Finished Scan - 12/21/2017 11:26:11 PM]
¦ 
¦ [x] Scan Complete - Problems Found!
¦ [x]

Edited by McMasterson, 23 December 2017 - 12:57 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 PM

Posted 22 December 2017 - 01:53 PM

You should repair the Reparse points.

You already have the program so follow the instructions to repair it.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
===

There is also this remark that if not corrected some of the AMD may not been seen by the operating system.

This folder in the 'Path' variable doesn't exist: C:\PROGRAM FILES (X86)\AMD\ATI.ACE\CORE-STATIC

From the desktop, right click the Computer icon.
Choose Properties from the context menu.
Click the Advanced system settings link.
Click Environment Variables. In the section System Variables, find the PATH environment variable and select it. Click Edit. If the PATH environment variable does not exist, click New.
In the Edit System Variable.
Hiighlight the complete text and copy it to Notepad.

Paste the result in you next reply.

#10 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 22 December 2017 - 05:20 PM

Apologies if my response wasn't clear. I already ran the Windows Repair tool and - presumably - the reparse points have been repaired (that log I posted was recorded prior to the fix). I must have missed the repair log you mentioned, however, but I'll post it tonight.



#11 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 23 December 2017 - 12:55 AM

So it seems the reparse points weren't actually fixed during the first repair attempt and, unfortunately, they weren't fixed after the second attempt either. I also ran the Check Disk scan & repair, but to no avail. This is the "pre-screen" log after the second, full repair attempt:

 

 

 Tweaking.com - Windows Repair 2018 (v4.0.11) - Pre-Scan
│ Computer: HAL (Windows 7 Home Premium 6.1.7601.23964 Service Pack 1) (64-bit)
│ [Started Scan - 12/23/2017 2:47:48 AM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (12/23/2017 2:47:48 AM)
│ 
│ No problems were found with the Packages Files.
│ 
│ Files Checked & Verified: 12,387
│ 
│ Done Scanning Windows Packages Files.(12/23/2017 3:13:46 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (12/23/2017 3:13:46 AM)
│ 
Reparse Point: (Type: JUNCTION) (Name: My Documents) (Original Path: C:\Windows\SysWOW64\config\systemprofile\My Documents) (Target Path: C:\Windows\system32\config\systemprofile\Documents) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: NetHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\NetHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: PrintHood) (Original Path: C:\Windows\SysWOW64\config\systemprofile\PrintHood) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Recent) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Recent) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: SendTo) (Original Path: C:\Windows\SysWOW64\config\systemprofile\SendTo) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Start Menu) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Start Menu) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: Templates) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Templates) (Target Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Music) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Music) (Target Path: C:\Windows\system32\config\systemprofile\Music) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Pictures) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures) (Target Path: C:\Windows\system32\config\systemprofile\Pictures) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
Reparse Point: (Type: JUNCTION) (Name: My Videos) (Original Path: C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos) (Target Path: C:\Windows\system32\config\systemprofile\Videos) (Creation Time: 9/5/2012 4:16:33 PM)
Target Path doesn't exist!
 
│ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Music) (Target Path: C:\Users\[redacted]\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Pictures) (Target Path: C:\Users\[redacted]\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\[redacted]\Documents\My Videos) (Target Path: C:\Users\[redacted]\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
│ 
│ Files & Folders Searched: 404,524
│ Reparse Points Found: 83
│ 
│ Done Scanning Reparse Points.(12/23/2017 3:16:28 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (12/23/2017 3:16:28 AM)
│ 
│ This folder in the 'Path' variable doesn't exist: C:\PROGRAM FILES (X86)\AMD\ATI.ACE\CORE-STATIC
│ 
│ This folder in the 'Path' variable doesn't exist: 
│ 
│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.
│ 
│ Done Checking Environment Variables. (12/23/2017 3:16:29 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 12/23/2017 3:16:29 AM]
│ 
│ [x] Scan Complete - Problems Found!
│ [x] 
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x] 
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
└────────────────────────────────────────────────────────────────────────────────┘
 
 
The unrecognized path is as follows:
 
C:\ProgramData\Oracle\Java\javapath;C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC;C:\PROGRAM FILES (X86)\AMD\ATI.ACE\CORE-STATIC;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common

Edited by McMasterson, 23 December 2017 - 04:22 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:14 PM

Posted 23 December 2017 - 08:27 AM



It's possible that the error reported because your PATH is very long and is exceeding the limit of 260 characters

If all is well with the computer I would leave it alone.

If you need additional help on the issue I suggest you start a new topic in the Windows 7 Forum.
https://www.bleepingcomputer.com/forums/f/167/windows-7/

This is not malware and not my forte.

I will leave this topic open for 6 days.

Please return if you have any other malware problems.

#13 McMasterson

McMasterson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 23 December 2017 - 04:24 PM

Sounds good. Thanks again for all of your help, Nasdaq!  :thumbup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users