Jump to content

Recommended Posts

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Hello gyster72 and :welcome: Forum.

I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

 

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools with Administrator privileges.

With that being said, let's start.

 

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

j1Bynr2.pngMalwarebytes - Clean Mode

  • Double-clik on the Malwarebytes icon to open Malwarebytes and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, go in the Settings tab, and then under Protection scroll down a bit and make sure that the Scan for rootkits option is turned to On under Scan Options.
  • Click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

 

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

 

To summarize please post the entire contents of:
fixlog.txt produced by FRST.
Malwarebytes clean log.
AdwCleaner clean log.

 

How is the computer running? Can you tell me how is the Chrome browser behavior? Does it still returning strange results?

fixlist.txt

Link to post
Share on other sites

Hi Android 8888 and thank you for trying to help.  Here are all the log files, and yes, Google is still going to Google Custom Search and returning strange results (somewhat relevant, but very limited).

# AdwCleaner v6.044 - Logfile created 11/03/2017 at 10:50:56
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Guy - GWSLT
# Running from : C:\Users\Guy\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
[-] Service deleted: tap0901

***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
 
***** [ Web browsers ] *****
[-] [C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [987 Bytes] - [11/03/2017 10:50:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [1276 Bytes] - [11/03/2017 10:49:55]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1132 Bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Guy (11-03-2017 10:32:40) Run:1
Running from C:\Users\Guy\Desktop\MBF
Loaded Profiles: Guy (Available Profiles: Guy)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKLM-x32 -> {70E9B5F0-0D5D-48F8-A18C-5C28426593D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2217385405-944141822-793638676-1001 -> {70E9B5F0-0D5D-48F8-A18C-5C28426593D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
CHR Extension: (Norton Security Toolbar) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
ShortcutWithArgument: C:\Users\Guy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
CMD: ipconfig /flushdns
RemoveProxy:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{70E9B5F0-0D5D-48F8-A18C-5C28426593D3} => key removed successfully
HKCR\Wow6432Node\CLSID\{70E9B5F0-0D5D-48F8-A18C-5C28426593D3} => key not found.
HKU\S-1-5-21-2217385405-944141822-793638676-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70E9B5F0-0D5D-48F8-A18C-5C28426593D3} => key removed successfully
HKCR\CLSID\{70E9B5F0-0D5D-48F8-A18C-5C28426593D3} => key not found.
HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found.
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => key removed successfully
NVIDIA Wireless Controller Service => service removed successfully
C:\Users\Guy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

========= RemoveProxy: =========
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2217385405-944141822-793638676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2217385405-944141822-793638676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========
BITS transfer queue => 2511728 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37830873 B
Java, Flash, Steam htmlcache => 1301 B
Windows/system/drivers => 998943 B
Edge => 30532587 B
Chrome => 73195930 B
Firefox => 368500562 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 47502 B
NetworkService => 0 B
Guy => 7616122 B
RecycleBin => 2424424 B
EmptyTemp: => 499.4 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-03-2017 10:34:23)
"C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Could not move
==== End of Fixlog 10:34:23 ====
 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 3/11/17

Scan Time: 10:39 AM

Logfile:

Administrator: Yes

 

-Software Information-

Version: 3.0.6.1469

Components Version: 1.0.75

Update Package Version: 1.0.1477

License: Premium

 

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: GWSLT\Guy

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 406194

Time Elapsed: 2 min, 9 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)

 
Link to post
Share on other sites

I have never been to Europe (only flew over on my way to Russia).  The photos of Tavira are beautiful, and your English is very good - congratulations!  :) I live in Ridgecrest California, USA.  It is a small community of about 30,000 people in the Mojave desert.

Link to post
Share on other sites

Hi gyster72.

2 hours ago, gyster72 said:

The photos of Tavira are beautiful, and your English is very good - congratulations!  :)

Thank you for your compliment to Tavira. I hope you can come to visit Tavira one day. I have never been to United States and really is a Country that I would like to visit. I learned English language very early in my childhood since Tavira is a city of tourists. Then in High School and University. I also trained and improved my English reading and studying in other forums similar to Malwarebytes Forum, with particular emphasis to SpywareInfo Forum.

With that being said let's continue.


Please read the instructions in the link below and reset your Chrome browser:
https://support.google.com/chrome/answer/3296214?hl=en


Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please copy and paste the contents of RKlog.txt to your next reply.

How is the computer running and how is the Chrome behavior now?

Link to post
Share on other sites

RK found 11 threats...should I remove them?  Here is the log file:

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Guy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/11/2017 19:48:32 (Duration : 00:19:28)

¤¤¤ Processes : 1 ¤¤¤
[VT.Gen:Variant.MSILPerseus.10404] isupdate.exe(3176) -- C:\Program Files (x86)\InstallShield\isupdate.exe[-] -> Found

¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f3186e3-bbfa-41bb-8118-3fb19f78b762} | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Adw.Cloudguard][File] C:\Program Files\HP\HP Welcome\Microsoft.Win32.TaskScheduler.dll -> Found
[Adw.Cloudguard][File] C:\Program Files\HP\HP Welcome\Modules\Microsoft.Win32.TaskScheduler.dll -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZNLF128HCHP-000H1 +++++
--- User ---
[MBR] fabf632cec948b5aebff1d57ea6306c7
[BSP] c61874a0f4c59ad51b2416cb0ba22f24 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 6a8575f19104d733a84656234873c791
[BSP] 22b8768f3b49e540e5a8d97ce57c19d5 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 937131 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 1919246336 | Size: 16737 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

Link to post
Share on other sites

Hello gyster72.

Have you performed the reseting of the Chrome browser?

The entries detected by RogueKiller may not all be malicious and should be carefully analyzed before any removal.

  • Close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Re-run RogueKiller. Right-click on the icon and select Run as administrator.
  • Click Yes to accept any security warning that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • When the scan completes please do the following:

Checkmark (tick) the following against Processes entries:

[VT.Gen:Variant.MSILPerseus.10404] isupdate.exe(3176) -- C:\Program Files (x86)\InstallShield\isupdate.exe[-] -> Found

Checkmark (tick) the following against Registry entries and ensure that all other entries are not checkmarked:

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

Checkmark (tick) the following against Filesystem entries:

[Adw.Cloudguard][File] C:\Program Files\HP\HP Welcome\Microsoft.Win32.TaskScheduler.dll -> Found
[Adw.Cloudguard][File] C:\Program Files\HP\HP Welcome\Modules\Microsoft.Win32.TaskScheduler.dll -> Found

  • Click on Remove Selected button.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.


Next, I need to review a new set logs from FRST.

  • Right-click on the FRST64 icon and select Spcusrh.pngRun as Administrator;
  • Accept the disclaimer by clicking on Yes;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
    Credits: Aura
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

 

To summarize please post the entire contents of:
RKlog.txt log;
The two (FRST.txt and Addition.txt) logs produced by FRST.

Note: If anything is cut off, check to see where it was cut off an post the remainder in an additional reply.

How is Chrome behaving now?

Link to post
Share on other sites

Hi Android 8888, first of all, I apologize because I assumed we were going to delete those items (and did).  At first, both firefox and chrome would not connect to the internet, but this morning they do, and everything seems to be like it was - including the strange search results.  Here is the RK log (now 7 items found)

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Guy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/12/2017 09:34:05 (Duration : 00:16:05)

¤¤¤ Processes : 1 ¤¤¤
[VT.Gen:Variant.MSILPerseus.10404] isupdate.exe(1964) -- C:\Program Files (x86)\InstallShield\isupdate.exe[-] -> Found

¤¤¤ Registry : 6 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f3186e3-bbfa-41bb-8118-3fb19f78b762} | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZNLF128HCHP-000H1 +++++
--- User ---
[MBR] fabf632cec948b5aebff1d57ea6306c7
[BSP] c61874a0f4c59ad51b2416cb0ba22f24 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 6a8575f19104d733a84656234873c791
[BSP] 22b8768f3b49e540e5a8d97ce57c19d5 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 937131 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 1919246336 | Size: 16737 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


I deleted the items you listed that were also listed in RK (5 of the 7 that were listed).

Here's the Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Guy (12-03-2017 10:05:00)
Running from C:\Users\Guy\Desktop\MBF
Windows 10 Home Version 1607 (X64) (2016-09-24 04:49:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2217385405-944141822-793638676-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2217385405-944141822-793638676-503 - Limited - Disabled)
Guest (S-1-5-21-2217385405-944141822-793638676-501 - Limited - Disabled)
Guy (S-1-5-21-2217385405-944141822-793638676-1001 - Administrator - Enabled) => C:\Users\Guy
HomeGroupUser$ (S-1-5-21-2217385405-944141822-793638676-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.0.-33554178.38144848 - Audible, Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2217385405-944141822-793638676-1001\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.26 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0650 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2217385405-944141822-793638676-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.0.71 - Symantec Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7801 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.2 - WildTangent)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.1.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.1.4 - Wondershare Software)
World of Warships (HKU\S-1-5-21-2217385405-944141822-793638676-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BE2A464-2653-4DCE-BA8C-39FFCF4F2D51} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {0C272F6C-874C-4792-A440-00A31A84CDC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {103856DF-ED13-4302-9272-6EB3B513A0FE} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {166C4276-DF79-4D48-8389-2CB9F1DD13C5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {17DD4401-073B-4612-8559-590413AFAAB5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {2177DBC9-DDC7-4F41-A401-595BD53AA8FE} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel(R) Corporation)
Task: {237BC760-B559-4247-B444-8696F6EE52A4} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {276B925F-B8B2-4186-9839-9D671D1BB7BA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-02-20] (Symantec Corporation)
Task: {28E8AFBC-1DED-4056-A394-D37703D18D5C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Guy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {2989906F-0595-43A9-8E5C-43B235E70B2D} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-08-04] (AVAST Software)
Task: {32AEA430-F256-40BA-9F4B-5C0B57C43E63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {4A98834C-1FF2-4324-812C-5CD780F5E99C} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {53345609-BD36-4475-BE41-F54874252B58} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {588C1110-28C2-4F2E-82F0-31CF0048E237} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\Program Files (x86)\iRacing\d3dGear.exe [2017-03-10] (D3DGear Technologies.)
Task: {6EC4B4DF-177A-45CA-9FF0-A98D7ABEDD52} - System32\Tasks\HPDAS => C:\Program
Task: {7AE23125-4B4A-4BBE-9584-CBF7D9CDB494} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-05] (Google Inc.)
Task: {7B7472FF-F46E-4F2B-90B7-82C485D1922D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7C9A5DE1-D945-48EC-A71B-4E559D43B1B5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {7F81E2A9-67FB-48B0-92E4-8AA5719CAEFE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {88448104-87AC-466F-A706-BD6E60576B71} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8B083685-9D48-4733-BD73-CCD4A95C567A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {8FC50958-B5A8-4556-99B7-15D4282976FC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {905CB8B6-23B1-4999-A076-D3DB974A052E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {938B2BA4-58A5-4168-BF85-60D67E4EA001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9652B3F5-AD0C-4FD9-AF59-7A98901C40AA} - System32\Tasks\HPCeeScheduleForGuy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {98B0F5CB-ADAA-428F-8DB2-0CDC29F6CA0B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {AA3C5ADF-671E-436B-986A-44EC18323337} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-18] (Microsoft Corporation)
Task: {B55D6010-5476-464D-9EDC-72A37C379CA8} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {C2B1BE1E-66C2-4050-BD15-AA1565A5356F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {C3C1E155-59BA-4AC3-BB9C-9504BE6EBEE9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {C4A48DFA-6E51-4A90-8EB8-9E31D0CDBE85} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {CBDD1DC4-C6C8-474C-88E2-D429D18188E4} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-08-04] (AVAST Software)
Task: {D70DCC84-501E-4B3B-AE1B-2CC2DAC52E6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D7C2050C-0F1F-4183-86B0-F0DE7EB8DA6E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: {DA0FEB01-948A-44BC-8652-DA80144E02C8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {E297857B-58FA-4935-8143-E6052ADD1D7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {E45A8744-F2D0-4F11-9BBF-E35765E8C539} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {E98041C8-4C67-4694-BB7D-65109677DC93} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {EDD3CCBC-5994-49C4-955D-4E4F12643C6E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {F3546A10-17A1-4E55-942B-EA06D4AAE07E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {F3A8F166-F6B9-4ABC-8E23-5D3D24E62D83} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-20] ()
Task: {F3DC12FC-0516-438B-82F1-0802D43E585E} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {FFF99FC3-8EEA-4C67-9604-ABDB228870CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGuy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 11:51 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 20:51 - 2017-01-20 11:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 20:51 - 2017-01-20 11:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-22 12:17 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-02-28 12:48 - 2017-03-04 21:32 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-28 12:48 - 2017-03-04 21:32 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-08-04 17:20 - 2016-08-04 17:20 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-09-23 21:41 - 2017-02-09 15:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 11:51 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-04-01 04:35 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-11 10:41 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2016-09-23 22:35 - 2016-09-23 22:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:33 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:33 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:33 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:33 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:33 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:33 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:33 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 19:43 - 2017-02-22 19:43 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 19:43 - 2017-02-22 19:43 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 19:43 - 2017-02-22 19:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 17:18 - 2017-02-06 17:18 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-08 22:36 - 2017-03-08 22:37 - 01710080 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-03-08 22:36 - 2017-03-08 22:37 - 13327552 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2016-11-03 20:51 - 2017-01-20 11:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-03 20:51 - 2017-01-20 11:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 20:51 - 2017-01-20 11:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-11 10:41 - 2016-10-08 17:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-03-11 10:41 - 2016-07-21 11:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-11-03 20:51 - 2017-01-20 11:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-11-03 20:51 - 2017-01-20 06:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-03 20:51 - 2017-01-20 06:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-03 20:51 - 2017-01-20 06:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-03 20:51 - 2017-01-20 06:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-03 20:51 - 2017-01-20 06:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-03 20:51 - 2017-01-20 06:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-03 20:51 - 2017-01-20 06:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-26 20:59 - 2017-01-20 06:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-08-04 17:20 - 2016-08-04 17:20 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2015-10-30 00:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2217385405-944141822-793638676-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Guy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 198.40.251.36 - 97.64.168.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9BE2A77A-5583-43D4-8906-BDDCB33FD16F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7726931-2BB6-49B8-B3B0-8ED7CA951D86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB2B7D65-2843-4896-A918-AFF3B38063F5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{8C12F8AC-1F7A-4998-BD02-B82EA6B4AAEA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{ACBD141F-5C7D-40F8-A700-07E0F61249D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{58F5A488-C5E8-4434-A4B0-800E74C6B9B7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{37B91B80-F6F3-4A9C-93C8-4FDD7DCAB328}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{8F880346-5268-44D1-A092-900F28158640}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{8687D71C-7574-41C6-B243-FB966D9232CA}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{B78FF42A-2A7C-4499-8F64-AEF459C5535F}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{43C62FE4-1ADB-4A41-B217-919145D4C0A2}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{098342C1-320A-4AFD-9EC4-3F908CC8B07D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9B387CA7-00BD-4B35-B4CF-36B3EB398548}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{8B84E818-CE7C-4AD8-BBE8-E95DE4BAFD73}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{66CEE31C-C16B-4813-A56B-FEC0007F183D}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{13BDFE9C-C1D0-4EC3-93E1-8F65FD0394D5}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{6A1C7CA0-ED3F-480C-BB15-676A0E5B1989}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{63CF541F-B7FA-4707-87CC-FE5736DA6178}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{1DD98F50-F3CA-4F8B-B524-BE038066CD32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{E374E606-FE37-4888-B44F-543DED9D2563}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{DDBBB6CF-69FB-4B17-89FC-BB52D2F6423F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{AABDC796-3C80-4B92-B607-5DD75F1C8DB7}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{87772671-FE1A-477A-B053-D20F6A33CEE5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E7BA7A0-8F78-4D70-B748-3BE770D5FF95}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D19E6B8E-46DA-4F20-BB61-6439282C418F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEAFDB85-27B2-4B4A-9705-D7BF6ADC5F5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A0BD8C03-70E6-403C-8B55-8844259E7A73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{0FC053B8-F3E4-4915-ACE0-90D55C336FF1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E1DDFBF-F7FD-4B6D-B07B-72D9F1512E38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F646B16-0C27-43E7-884B-5F29F4A6AB41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6791B86-6D94-4587-A1D1-5C41C7CB9EBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0D40A16E-958B-4E05-B8DB-A8388C7C58BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E9F383B-B854-4692-B8F8-724C1F3FCE74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE48C9B5-F1D3-412A-989E-E370135E4687}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB898E2A-4B44-42BA-81A3-F2944A6A0BC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{60ABDC59-9E8F-4BE3-80E8-F70E60CE5723}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{A572953F-321B-40A6-9441-4EA0FF1C6D5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-03-2017 13:05:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2017 09:50:06 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2017 09:50:06 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2017 09:49:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2017 09:49:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2017 09:49:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1280
Faulting application start time: 0x01d29b4dd0d01a2b
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 57ad1538-03cb-4504-ad49-cddede688fca
Faulting package full name:
Faulting package-relative application ID:

Error: (03/12/2017 09:29:24 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR

DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Passive Policy 2 [2]

Error: (03/12/2017 09:29:24 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR

DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [1]

Error: (03/11/2017 09:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_24_0_0_221.exe, version: 24.0.0.221, time stamp: 0x588f9975
Faulting module name: NPSWF32_24_0_0_221.dll, version: 24.0.0.221, time stamp: 0x588f9a68
Exception code: 0xc000041d
Fault offset: 0x0001d676
Faulting process id: 0x2b28
Faulting application start time: 0x01d29ae6cb1e1d53
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
Faulting module path: C:\WINDOWS\System32\Macromed\Flash\NPSWF32_24_0_0_221.dll
Report Id: fba8e75b-a0c1-4d4c-803e-a3e8d83322f2
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 09:07:53 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/11/2017 09:07:53 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (03/12/2017 10:00:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The InstallShield Application Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/12/2017 09:50:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-375KI7V
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F3186E3-BBFA-41BB-8118-3FB19F78B762}.
The master browser is stopping or an election is being forced.

Error: (03/12/2017 09:35:01 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.16.
The computer with the IP address 192.168.0.4 did not allow the name to be claimed by
this computer.

Error: (03/12/2017 09:29:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.16.
The computer with the IP address 192.168.0.4 did not allow the name to be claimed by
this computer.

Error: (03/12/2017 09:29:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 09:29:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 09:29:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 11:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 09:26:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The InstallShield Application Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/11/2017 07:22:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-375KI7V
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F3186E3-BBFA-41BB-8118-3FB19F78B762}.
The master browser is stopping or an election is being forced.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16273.78 MB
Available physical RAM: 11379.26 MB
Total Virtual: 18705.78 MB
Available Virtual: 15108.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:20.43 GB) NTFS
Drive d: (DATA) (Fixed) (Total:915.17 GB) (Free:914.7 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:16.34 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (CANON_DC) (Removable) (Total:29.71 GB) (Free:2.78 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 1F7C44BA)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DDD880E1)

Partition: GPT.

========================================================
Disk: 2 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

And FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Guy (administrator) on GWSLT (12-03-2017 10:04:33)
Running from C:\Users\Guy\Desktop\MBF
Loaded Profiles: Guy (Available Profiles: Guy)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\ns.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\ns.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\conathst.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8801024 2016-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [268896 2016-04-14] (HP)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2017-02-16] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 198.40.251.36 97.64.168.12
Tcpip\..\Interfaces\{0fe76d02-1041-4d65-8bfb-10cd567c0913}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{5d1febee-37c0-4fac-a65e-202b5d736829}: [DhcpNameServer] 97.64.183.164 97.64.209.37
Tcpip\..\Interfaces\{5f3186e3-bbfa-41bb-8118-3fb19f78b762}: [DhcpNameServer] 198.40.251.36 97.64.168.12

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: zlr6hsp3.default
FF ProfilePath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\zlr6hsp3.default [2017-03-12]
FF Homepage: Mozilla\Firefox\Profiles\zlr6hsp3.default -> msn.com
FF Extension: (Video DownloadHelper) - C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\zlr6hsp3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-02-18]
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-03-11]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2017-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-25] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-22] ()
FF Plugin HKU\S-1-5-21-2217385405-944141822-793638676-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Guy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-26] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Google Drive) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-11]
CHR Extension: (YouTube) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-08-11]
CHR Extension: (Gmail) - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [238376 2016-05-26] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2016-01-19] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-22] (WildTangent)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2016-12-26] (Citrix Systems, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [892928 2016-06-02] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService64.exe [1126840 2017-03-10] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
S2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [42496 2017-02-28] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-08-06] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-08-04] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20170306.003\BHDrvx64.sys [1874136 2017-03-06] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-01-19] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-01-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-03-04] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170310.001\IDSvia64.sys [1038024 2017-03-08] (Symantec Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [186304 2017-03-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-12] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_5603cb253b01e5cd\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-04] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 09:29 - 2017-03-12 09:29 - 00000000 ___HD C:\OneDriveTemp
2017-03-11 20:48 - 2017-03-12 09:34 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-11 20:47 - 2017-03-11 20:47 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-11 20:47 - 2017-03-11 20:47 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 20:47 - 2017-03-11 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-11 20:47 - 2017-03-11 20:47 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-11 20:44 - 2017-03-11 20:45 - 34885984 _____ (Adlice Software ) C:\Users\Guy\Desktop\setup.exe
2017-03-11 11:45 - 2017-03-11 11:50 - 00000000 ____D C:\AdwCleaner
2017-03-11 11:44 - 2017-03-11 11:45 - 04031440 _____ C:\Users\Guy\Desktop\AdwCleaner.exe
2017-03-11 11:26 - 2017-03-11 11:26 - 00002476 _____ C:\Users\Guy\Downloads\fixlist.txt
2017-03-11 10:41 - 2017-03-11 10:41 - 00001540 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2017-03-11 10:41 - 2017-03-11 10:41 - 00000000 ____D C:\Users\Guy\AppData\Local\Wondershare
2017-03-11 10:41 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-03-11 10:41 - 2015-02-27 15:38 - 00214528 _____ () C:\WINDOWS\SysWOW64\WSCM32.dll
2017-03-11 10:39 - 2017-03-11 10:40 - 01046672 _____ C:\Users\Guy\Downloads\video-converter-ultimate_setup_full975.exe
2017-03-11 10:26 - 2017-03-11 10:26 - 00000000 ____D C:\Users\Guy\Documents\New folder
2017-03-09 16:28 - 2017-03-12 10:04 - 00000000 ____D C:\Users\Guy\Desktop\MBF
2017-03-09 16:23 - 2017-03-09 16:24 - 00042580 _____ C:\Users\Guy\Downloads\Addition.txt
2017-03-09 16:23 - 2017-03-09 16:24 - 00041846 _____ C:\Users\Guy\Downloads\FRST.txt
2017-03-09 16:22 - 2017-03-12 10:04 - 00000000 ____D C:\FRST
2017-03-04 17:11 - 2017-03-12 09:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-03-04 17:06 - 2017-03-04 17:06 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-28 12:49 - 2017-03-12 09:38 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-28 12:49 - 2017-03-12 09:29 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 12:49 - 2017-03-12 09:29 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-28 12:49 - 2017-03-12 09:29 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-28 12:49 - 2017-03-12 09:29 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-28 12:48 - 2017-03-04 21:32 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-28 12:48 - 2017-02-28 12:48 - 55566792 _____ (Malwarebytes ) C:\Users\Guy\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-28 12:48 - 2017-02-28 12:48 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-28 12:48 - 2017-02-28 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-28 12:48 - 2017-02-28 12:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 12:48 - 2017-02-28 12:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-28 12:26 - 2017-02-28 12:44 - 00000000 ____D C:\Users\Guy\AppData\Local\NPE
2017-02-22 20:42 - 2017-02-22 20:42 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-02-22 19:58 - 2017-02-22 19:58 - 00000000 ____D C:\Users\Guy\AppData\Local\Macromedia
2017-02-22 19:57 - 2017-02-28 12:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 19:57 - 2017-02-22 19:57 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-22 02:45 - 2017-02-22 02:45 - 00150032 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2017-02-22 02:45 - 2017-02-22 02:45 - 00120848 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2017-02-22 02:45 - 2017-02-22 02:45 - 00110088 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2017-02-20 21:36 - 2017-03-10 16:37 - 00003150 _____ C:\WINDOWS\System32\Tasks\D3DGearRawFrameCaptureTask
2017-02-14 22:23 - 2017-02-14 22:23 - 00000000 ____D C:\Users\Guy\ansel
2017-02-14 18:30 - 2017-02-14 18:30 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 18:30 - 2017-01-25 17:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-14 18:30 - 2017-01-25 17:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-14 18:30 - 2017-01-25 17:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-14 18:30 - 2017-01-25 17:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-14 18:28 - 2017-02-09 19:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-14 18:28 - 2017-02-09 19:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-13 17:47 - 2017-02-13 17:47 - 00112692 _____ C:\Users\Guy\Downloads\2016TurboTaxReturn (1).pdf
2017-02-13 17:44 - 2017-02-13 17:44 - 00112692 _____ C:\Users\Guy\Downloads\2016TurboTaxReturn.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 09:54 - 2016-09-23 21:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-03-12 09:50 - 2016-12-18 09:12 - 00000000 ____D C:\Users\Guy\AppData\LocalLow\Mozilla
2017-03-12 09:48 - 2016-09-23 21:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-12 09:37 - 2016-09-23 21:42 - 02033160 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-12 09:30 - 2016-09-23 21:41 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-12 09:29 - 2016-09-23 21:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-12 09:29 - 2016-08-04 17:19 - 00000000 ___RD C:\Users\Guy\OneDrive
2017-03-12 09:29 - 2016-08-04 17:17 - 00000000 __SHD C:\Users\Guy\IntelGraphicsProfiles
2017-03-11 23:10 - 2016-09-23 21:42 - 00000000 ____D C:\Users\Guy
2017-03-11 23:10 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 21:21 - 2016-08-05 21:10 - 00000000 ____D C:\Users\Guy\AppData\Local\CrashDumps
2017-03-11 21:07 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-11 20:45 - 2016-08-08 17:55 - 35013107 _____ C:\Users\Guy\Downloads\UserFormExample2.zip
2017-03-11 19:10 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-11 11:33 - 2016-07-22 12:18 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk
2017-03-11 11:21 - 2016-09-17 17:59 - 00000000 ____D C:\Users\Guy\Documents\Wondershare MediaServer
2017-03-11 10:42 - 2016-09-17 17:57 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-03-11 10:41 - 2016-09-17 17:57 - 00000000 ____D C:\ProgramData\Wondershare
2017-03-11 10:40 - 2016-09-17 17:57 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-03-11 10:27 - 2016-08-05 20:28 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGuy.job
2017-03-11 10:27 - 2016-07-16 04:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-11 10:27 - 2016-07-15 23:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-03-10 18:26 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 16:47 - 2016-08-06 09:07 - 00000000 ____D C:\Program Files (x86)\InstallShield
2017-03-10 16:39 - 2016-09-23 21:47 - 00003220 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGuy
2017-03-10 16:27 - 2016-08-12 17:15 - 00000000 ____D C:\Program Files (x86)\iRacing
2017-03-05 10:43 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-04 17:31 - 2016-08-04 17:53 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-04 17:06 - 2016-08-04 17:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-03-04 17:06 - 2016-08-04 17:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-03-04 17:06 - 2016-08-04 17:26 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-03-04 15:47 - 2016-08-04 17:27 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-03-04 15:47 - 2016-08-04 17:27 - 00008298 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-03-04 15:19 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-04 15:17 - 2016-04-01 04:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-28 18:40 - 2016-12-11 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-28 12:42 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 12:38 - 2016-09-23 21:47 - 00004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2017-02-28 12:26 - 2016-08-04 17:23 - 00000000 ____D C:\ProgramData\Norton
2017-02-22 20:43 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 20:43 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 20:42 - 2016-07-22 12:10 - 00000000 ____D C:\Intel
2017-02-22 20:41 - 2016-08-05 20:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 20:40 - 2016-08-05 20:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 19:58 - 2016-08-09 21:20 - 00000000 ____D C:\Users\Guy\AppData\Local\Adobe
2017-02-22 19:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 19:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 02:45 - 2016-09-23 21:41 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-02-22 02:45 - 2016-09-23 21:41 - 00113168 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-02-22 02:45 - 2016-02-22 02:05 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-02-22 02:45 - 2016-02-22 02:05 - 00113168 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-22 02:45 - 2016-02-22 02:04 - 00280072 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-02-21 22:29 - 2016-12-07 15:41 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-21 22:29 - 2016-08-04 17:19 - 00002400 _____ C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-20 18:54 - 2016-08-11 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-14 18:22 - 2016-12-26 20:59 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 18:22 - 2016-11-03 20:51 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-14 18:22 - 2016-09-23 21:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 18:22 - 2016-09-23 21:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-14 18:22 - 2016-07-22 12:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-13 21:27 - 2016-08-04 17:16 - 00000000 ___HD C:\Users\Guy\Documents\hp.applications.package.appdata
2017-02-10 12:29 - 2016-10-29 00:38 - 14516664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

==================== Files in the root of some directories =======

2016-12-26 20:59 - 2017-01-24 17:30 - 0015061 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-26 20:59 - 2017-01-20 22:48 - 0004801 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-03-11 20:47 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Guy\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-12 09:39

==================== End of FRST.txt ============================

 

 

Link to post
Share on other sites

Follow the instructions below to execute a fix on your system using FRST64, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

Based on the new RogueKiller log you posted, there are some bad entries that still remain in the system.

You need to remove those entries.

Please re-run RogueKiller with administrator privileges and perform a new scan.

When the scan completes please do the following:

 

Checkmark (tick) the following against Processes entries:

[VT.Gen:Variant.MSILPerseus.10404] isupdate.exe(1964) -- C:\Program Files (x86)\InstallShield\isupdate.exe[-] -> Found

 

Checkmark (tick) the following against Registry entries:

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found

 

Click on Remove Selected button. The removal starts, wait for it to end.
After the removal is done, a removal results screen appears.
Copy and paste the content in to your next reply for my review.


To summarize, your next post should include:
The contents of fixlog.txt;
The contents of RKlog.txt (the clean log).

How is the Chrome browser behaving now?

fixlist.txt

Edited by Android8888
To attach fixlist.txt
Link to post
Share on other sites

Here's the RK log:

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Guy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/12/2017 19:10:40 (Duration : 00:15:58)

¤¤¤ Processes : 1 ¤¤¤
[VT.Gen:Variant.MSILPerseus.10404] isupdate.exe(3288) -- C:\Program Files (x86)\InstallShield\isupdate.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 6 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Deleted
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f3186e3-bbfa-41bb-8118-3fb19f78b762} | DhcpNameServer : 198.40.251.36 97.64.168.12 ([United States][-])  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZNLF128HCHP-000H1 +++++
--- User ---
[MBR] fabf632cec948b5aebff1d57ea6306c7
[BSP] c61874a0f4c59ad51b2416cb0ba22f24 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 6a8575f19104d733a84656234873c791
[BSP] 22b8768f3b49e540e5a8d97ce57c19d5 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 937131 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 1919246336 | Size: 16737 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


and fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Guy (12-03-2017 19:06:49) Run:2
Running from C:\Users\Guy\Desktop\MBF
Loaded Profiles: Guy (Available Profiles: Guy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CreateRestorePoint:
EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-04]
2017-03-11 20:47 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Guy\AppData\Local\Temp\dllnt_dump.dll

End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKU\S-1-5-21-2217385405-944141822-793638676-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Scheduled to move on reboot.
C:\Users\Guy\AppData\Local\Temp\dllnt_dump.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11712191 B
Java, Flash, Steam htmlcache => 1304 B
Windows/system/drivers => 986102 B
Edge => 147645473 B
Chrome => 140981350 B
Firefox => 374199072 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 7382 B
NetworkService => 0 B
Guy => 27486282 B

RecycleBin => 0 B
EmptyTemp: => 670.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2017 19:08:22)

"C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx" => Could not move

==== End of Fixlog 19:08:22 ====

Here's what I get when I try to navigate to a url or do a search in Chrome:

There is no Internet connection

There is something wrong with the proxy server, or the address is incorrect.

ERR_PROXY_CONNECTION_FAILED
HIDE DETAILS
If you use a proxy server…
Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server: Go to the Chrome menu > Settings > Show advanced settings… > Change proxy settings… > LAN Settings and deselect "Use a proxy server for your LAN".
 
Update: I restarted the pc and now Chrome is working but the same problem persists.
Link to post
Share on other sites

Hello gyster72.

Please tell me, when you started this topic were you using a proxy server to access the Internet?

Now, what browser did you used to access the Internet and post your previous reply? Did you used a different browser than Chrome?

Thank you.

Edited by Android8888
To complete the reply.
Link to post
Share on other sites

Hello.

Okay if your Internet connection is working well on your computer and you can use Firefox, then you were not using a proxy. We removed a bad proxy in a previous fix with RogueKiller.

Did you reset Chrome browser settings to default as I instructed in my post ID: 5?

On 11/03/2017 at 10:05 PM, Android8888 said:

Please read the instructions in the link below and reset your Chrome browser:
https://support.google.com/chrome/answer/3296214?hl=en

If not, please do it now and let me know how is Chrome behaving at this point.

How to reset Chrome settings to default

Link to post
Share on other sites

Hi gyster72.

8 hours ago, gyster72 said:

I was able to run Chrome as Administrator, turned off proxy and it seems to have solved the problem.

I'm glad to hear that. Good work! :)

 

Now to make sure your computer is free of malware, please perform the following scan with ESET Online Scanner to search for leftovers.


  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  • Close all your programs and browsers.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

You can now re-enable your antivirus program.

 

Please post the ESET log (if it produced one) and let me know what issues or concerns remains on your computer.

Link to post
Share on other sites

Hello gyster72.

Do not run ESET for now.

Please re-run FRST64 and post a new set of logs for my review.

  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Accept the disclaimer by clicking on Yes;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
    Credits: Aura
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please upload both FRST.txt and Addition.txt in your next reply;

Thank you.

Link to post
Share on other sites

Hello gyster72.

I do not see evidence of malware in your logs. I suspect that some program may be acting to change the proxy settings.

Okay, please try the following:

Reboot the computer in Safe Mode: https://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

Once in Safe Mode, open Chrome and click the More icon (three vertical dots) in the screen's upper right corner.
Click "Settings" to open your Settings page.
Click "Show advanced settings" and click "Change proxy settings" to open the Windows Internet Properties dialog box.
Click "Settings" to open your connection's settings.
Click the check box labeled "Use a proxy server for this connection" to clear it and delete everything written (if present) in the Address box.
Click "OK" in both open dialog boxes to close them.

Reboot the computer in Normal Mode and check how is the Chrome behaving now.

Link to post
Share on other sites

Hi gyster72 and thank you for that information.

I suspect that the culprit for those changes in the proxy settings could be one of these two programs:


Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

 

If you don't need them for now (you can reinstall them at anytime), try to uninstall Avast SecureLine first, then remove the proxy settings, reboot the computer and see how it goes.
If that doesn't solve the proxy problem, try the same with Private Internet Access and check the result.

 

I will wait for your feedback.

Link to post
Share on other sites

Hello gyster72.

Can you try CurrPorts and monitor what is happening yourself, it is a portable tool no installation necessary. Download from the following link and unzip the contents to your Desktop.

http://www.nirsoft.net/utils/cports-x64.zip <------ 64 bit

Read the contained instructions for a basic understanding, it is very easy to use..... Right click on the tool and select "Run as Administrator".

When opened you will see your network activity. The easiest way to check what is happening is to "Right click" direct anywhere in the field and select "HTML report - All Items"
That will open the report in an easier to read format, have a look at the connections check the "Established" entries in the Local Address 127.0.0.1 (sixth column) and Local Port 8080 (fourth column). Then find the correspondent Process Name (first column).

Are any suspicious and not known or recognized process by your self?

Does Chrome still show strange search results?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.