Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I have done my homework - now need you help please

Started by rm15 , Mar 30 2017 01:10 AM

Malware Chrome

Please log in to reply

#1
rm15

Posted 30 March 2017 - 01:10 AM

Member

Member
39 posts

Ok folks, would love some help here. This is nothing new for most of you but I must have pulled a brain-fart a few weeks ago and now I have some type of malware on my system. I have tried almost everything and I cannot seem to get rid of whatever it is that’s going on with my system. So whatever you can add to help, it would be very appreciated.

SYMPTOMS:

- Your standard pop-ups, redirects and so on

- Only happens with Chrome. (Tested with IE and Firefox and no issues there.)

SYSTEM:

- Acer laptop running Win 8.1 - 64 bit

- Chrome version: 57.0.2987.133 (64-bit)

- Syncing all types of settings, bookmarks, etc with one other device running Android

WHAT I HAVE DONE SO FAR:

To be honest, I do not remember everything I’ve tried but here is the just of it (and I did not do these in this order… this is me doing my personal version of a memory dump!)

- I updated my Norton AV and put the computer in safe mode and ran a complete system scan and nothing was detected

- Update my Chrome browser to latest version

- Looked through my bookmarks for anything strange, and nothing

- Reset all my Chrome settings

- When resetting my Chrome settings did not work I just deleted them all (those backed up by Google and the ones on my system) and started from scratch (except for my bookmarks, which I exported and then deleted from the browser and then after deleting all my settings, etc. I imported the bookmarks back.)

- Deleted Chrome itself from my system twice, the second time I also deleted all the related browser folders that were left behind when I removed the program, and then after reinstalling, no change

- I have looked at all the programs on my system and nothing there I do not know about

- I looked at my registry and start-up programs and nothing weird there

- I looked at all the tasks in “Task Scheduler” and nothing stood out there either (although I was not as detailed when looking things over in here as I was with my registry, etc.)

- I looked at “Task Manager” to see what is running and again, nothing weird

- Looked at the Chrome extensions I have added and the Chrome apps I’ve downloaded, nothing new/wrong there

- I did everything recommended on Google’s “Scan a Windows computer with the Chrome Cleanup Tool” site and no change and their tools did not point out anything weird either

- Ran “Malwarebytes” as well as maybe 4 other tools that I found online (I confirmed each was “safe” before downloading) and most found nothing and two did find some issues that I had them delete, but again, nothing. (Sorry, but I did not save their log files but to be honest, when I looked over their lists of things they found, nothing looked like it was a real issue. Most of the things they found and deleted where Cookies.)

This is all I can remember right now, but this is most of what I’ve tried.

WEIRD THINGS:

Looking at my Google dashboard for Chrome it says…

- I have over 300 bookmarks when I really only have about 120

- I have 8 extensions added to Chrome when I actually have more, I have 10

- I have made 49 changes in my Chrome settings when I don’t think I have made any changes at all to what comes as default (for sure I did not make 49 changes) And this figure was the same before I deleted all my setting and started over again. So maybe I am not "reading" this number right??

I can go on here but this is already too long of a post and I think I've covered what's pertinent. So what do you think? What can I do short of uninstalling Chrome and not using it again?

#2
RKinner

Posted 30 March 2017 - 05:49 AM

Malware Expert

Expert
24,622 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
rm15

Posted 30 March 2017 - 09:28 AM

Member

Topic Starter
Member
39 posts

I am posting these one at a time.

ADW CLEANER

ADW Cleaner found no issues so nothing to clean or delete and no Reboot. Also, looking at the log files seems I have run ADW Cleaner a few times since I got infected and those log files are also available if you want them. But per your request, here is the content of the log file for the scan I just ran.

*******************************

# AdwCleaner v6.045 - Logfile created 30/03/2017 at 08:23:07

# Updated on 28/03/2017 by Malwarebytes

# Database : 2017-03-30.1 [Server]

# Operating System : Windows 8.1 (X64)

# Username : Raffi - RAFFI_ACER_LPTP

# Running from : C:\Users\Raffi\Desktop\AdwCleaner.exe

# Mode: Scan

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.

No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5456 Bytes] - [13/03/2017 08:46:00]

C:\AdwCleaner\AdwCleaner[C2].txt - [5181 Bytes] - [23/03/2017 11:30:49]

C:\AdwCleaner\AdwCleaner[S0].txt - [5030 Bytes] - [13/03/2017 08:44:57]

C:\AdwCleaner\AdwCleaner[S1].txt - [4840 Bytes] - [23/03/2017 11:30:04]

C:\AdwCleaner\AdwCleaner[S2].txt - [1822 Bytes] - [23/03/2017 11:35:52]

C:\AdwCleaner\AdwCleaner[S3].txt - [1352 Bytes] - [30/03/2017 08:23:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1425 Bytes] ##########

#4
rm15

Posted 30 March 2017 - 09:34 AM

Member

Topic Starter
Member
39 posts

Junkware Removal Tool

This is the first time I am running this tool and here is the content of the the txt file

********************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.2 (03.10.2017)

Operating System: Windows 8.1 x64

Ran by Raffi (Administrator) on Thu 03/30/2017 at 8:31:53.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Raffi\Documents\add-in express (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/30/2017 at 8:32:41.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
rm15

Posted 30 March 2017 - 09:41 AM

Member

Topic Starter
Member
39 posts

FIRST

Never ran this one before either. Here are the files:

********************************

FIRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by Raffi (administrator) on RAFFI_ACER_LPTP (30-03-2017 08:37:55)

Running from C:\Users\Raffi\Desktop

Loaded Profiles: Raffi (Available Profiles: Raffi)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe

(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe

(Winstep Software Technologies) C:\Program Files (x86)\winstep\WsxService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Winstep Software Technologies) C:\Program Files (x86)\winstep\Nexus-Ultimate.exe

(Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Spotify Web Helper] => C:\Users\Raffi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-08] (Spotify Ltd)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [61F2E14DF1D88F32A2319B97D9176FED7BD436A5._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Raffi\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-11-09] (Yahoo!, Inc.)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Google Update] => C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-03-26] (Google Inc.)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\MountPoints2: {25758df2-ee32-11e5-82bb-206a8a9e3bd3} - "E:\windows\AutoRun.exe"

HKU\S-1-5-18\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\NAV.exe /m

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{120DFA15-FB80-414C-8C8F-FF8FE5040607}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{49B0C951-EB8E-4D77-B180-F12058C5F2E1}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{B749EF5E-6446-47D3-B40B-507096E9A039}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-1372970940-966452781-916677827-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-1372970940-966452781-916677827-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-01-08] (Microsoft Corporation)

BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-08] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-08] (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-08] (Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-08] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: zq9xt1nw.default-1490291299972

FF ProfilePath: C:\Users\Raffi\AppData\Roaming\Mozilla\Firefox\Profiles\zq9xt1nw.default-1490291299972 [2017-03-29]

FF Homepage: Mozilla\Firefox\Profiles\zq9xt1nw.default-1490291299972 -> www.google.com

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon

FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2017-03-28]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-11]

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.)

FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.)

FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome:

=======

CHR DefaultProfile: Profile 3

CHR StartupUrls: Profile 3 -> "hxxp://www.protopage.com/basturma"

CHR Profile: C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-03-30]

CHR Extension: (Easy Auto Refresh) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-03-28]

CHR Extension: (Home Button At Top Right) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bfejcgpdahgpmgadhgdadfiekmhgnifm [2017-03-28]

CHR Extension: (Tampermonkey) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-28]

CHR Extension: (Chrome Remote Desktop) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-28]

CHR Extension: (AdBlock) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-30]

CHR Extension: (Google Keep - notes and lists) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-03-28]

CHR Extension: (Subtle Scrollbars) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iepofmbkhfelkphdhkldbiemijmgcmlc [2017-03-28]

CHR Extension: (New incognito window) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kfjgnhdleafdmakapfmfjfepmpobpnap [2017-03-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-03-28]

CHR Extension: (Dark Horizon) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2017-03-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28]

CHR Extension: (Neater Bookmarks) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2017-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-28]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-1372970940-966452781-916677827-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Raffi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-06-28]

CHR HKU\S-1-5-21-1372970940-966452781-916677827-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider) [File not signed]

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)

R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)

R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-07-31] (Mediatek Inc.)

R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe [326160 2017-03-16] (Symantec Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)

S3 RaMediaServer; C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20170327.001\BHDrvx64.sys [1831064 2017-03-14] (Symantec Corporation)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170329.001\IDSvia64.sys [1038024 2017-03-13] (Symantec Corporation)

S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)

R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2207888 2014-07-04] (MediaTek Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)

S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation)

R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609010.00C\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-07] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-09] (Synaptics Incorporated)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160628.037\ENG64.SYS [X]

S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160628.037\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 08:37 - 2017-03-30 08:37 - 00025149 _____ C:\Users\Raffi\Desktop\FRST.txt

2017-03-30 08:37 - 2017-03-30 08:37 - 00000000 ____D C:\FRST

2017-03-30 08:35 - 2017-03-30 08:35 - 02424832 _____ (Farbar) C:\Users\Raffi\Desktop\FRST64.exe

2017-03-30 08:32 - 2017-03-30 08:32 - 00000624 _____ C:\Users\Raffi\Desktop\JRT.txt

2017-03-30 08:30 - 2017-03-30 08:30 - 01663904 _____ (Malwarebytes) C:\Users\Raffi\Desktop\JRT.exe

2017-03-30 08:15 - 2017-03-30 08:15 - 04089296 _____ C:\Users\Raffi\Desktop\AdwCleaner.exe

2017-03-29 16:12 - 2017-03-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro

2017-03-28 20:02 - 2017-03-28 20:02 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2017-03-27 23:17 - 2017-03-27 23:17 - 00000000 ____D C:\Program Files\NortonInstaller

2017-03-26 23:28 - 2017-03-26 23:28 - 00000017 _____ C:\Users\Raffi\AppData\Local\resmon.resmoncfg

2017-03-26 15:26 - 2017-03-26 15:26 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001UA

2017-03-26 15:26 - 2017-03-26 15:26 - 00003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001Core

2017-03-23 19:43 - 2017-03-23 19:52 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2017-03-23 19:43 - 2017-03-23 19:43 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\dvdcss

2017-03-23 11:04 - 2017-03-23 11:04 - 00000000 ____D C:\Program Files\Malwarebytes

2017-03-13 08:44 - 2017-03-30 08:23 - 00000000 ____D C:\AdwCleaner

2017-03-07 17:39 - 2017-03-28 20:11 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 23:56 - 2015-12-02 14:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation

2017-03-29 20:13 - 2015-01-08 21:54 - 00000000 ____D C:\Users\Raffi\AppData\Local\CrashDumps

2017-03-29 16:22 - 2015-01-08 14:43 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1372970940-966452781-916677827-1001

2017-03-29 15:53 - 2015-01-17 00:54 - 00000000 ____D C:\Users\Public\Documents\Winstep

2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\Users\Raffi\AppData\Local\Downloaded Installations

2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\ProgramData\Sonos,_Inc

2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos

2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\Program Files (x86)\Sonos

2017-03-28 20:31 - 2015-12-02 14:23 - 00000000 ____D C:\Program Files\Common Files\AV

2017-03-28 20:11 - 2014-03-18 03:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-28 20:11 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf

2017-03-28 20:07 - 2015-05-16 10:55 - 00000000 ____D C:\Users\Raffi\AppData\Local\NPE

2017-03-28 20:05 - 2015-09-19 13:25 - 00000000 ___RD C:\Users\Raffi\Google Drive

2017-03-28 20:05 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-28 20:02 - 2016-06-28 22:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

2017-03-28 20:02 - 2016-02-24 11:54 - 00000000 ____D C:\Windows\system32\Drivers\NSx64

2017-03-28 20:02 - 2015-05-16 10:56 - 00000000 ____D C:\NPE

2017-03-28 20:02 - 2015-01-10 21:48 - 00000000 ____D C:\Users\Raffi\AppData\Local\Adobe

2017-03-28 19:35 - 2015-01-19 16:38 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google

2017-03-28 00:07 - 2015-01-10 00:34 - 00001026 _____ C:\Windows\BRCALIB.INI

2017-03-27 16:00 - 2016-11-22 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2017-03-26 15:27 - 2015-01-08 22:11 - 00000000 ____D C:\Users\Raffi\AppData\Local\Google

2017-03-26 15:10 - 2015-01-09 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google

2017-03-26 15:00 - 2015-01-08 22:11 - 00000000 ____D C:\Program Files (x86)\Google

2017-03-23 11:31 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2017-03-23 11:25 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2017-03-22 00:36 - 2015-01-25 18:19 - 00000000 ____D C:\Users\Raffi\AppData\Local\Spotify

2017-03-22 00:28 - 2015-01-25 18:18 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Spotify

2017-03-20 12:41 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Adobe

2017-03-14 19:23 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi

2017-03-14 18:22 - 2015-01-19 19:49 - 00000000 ____D C:\ProgramData\Norton

2017-03-14 18:22 - 2015-01-19 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediatek Wireless

2017-03-14 18:22 - 2015-01-09 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-03-14 18:22 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP

2017-03-14 18:22 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps

2017-03-14 18:21 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\registration

2017-03-07 17:34 - 2016-02-24 11:54 - 00000000 ____D C:\Program Files (x86)\Norton Security

2017-03-07 14:49 - 2016-02-24 11:55 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2017-03-07 14:49 - 2016-02-24 11:55 - 00008298 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

2017-03-04 13:53 - 2015-04-21 17:33 - 00000000 ____D C:\Users\Raffi\AppData\LocalLow\Unity

2017-03-02 09:20 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-03-26 23:28 - 2017-03-26 23:28 - 0000017 _____ () C:\Users\Raffi\AppData\Local\resmon.resmoncfg

2014-10-05 15:50 - 2014-10-05 15:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2016-02-24 22:22 - 2016-02-24 22:22 - 0287934 _____ () C:\ProgramData\SplashID.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-26 04:49

==================== End of FRST.txt ============================

******************************

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by Raffi (30-03-2017 08:38:11)

Running from C:\Users\Raffi\Desktop

Windows 8.1 (Update) (X64) (2015-01-08 21:38:07)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1372970940-966452781-916677827-500 - Administrator - Disabled)

Guest (S-1-5-21-1372970940-966452781-916677827-501 - Limited - Disabled)

Raffi (S-1-5-21-1372970940-966452781-916677827-1001 - Administrator - Enabled) => C:\Users\Raffi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}

FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

Brother MFL-Pro Suite MFC-9560CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)

Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)

Google Chrome (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)

Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)

Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla)

Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla)

Nexus Ultimate 14.11 (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )

Norton Security (HKLM-x32\...\NS) (Version: 22.9.1.12 - Symantec Corporation)

novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland)

novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland)

NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden

Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)

Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)

Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 35.3.39010 - Sonos, Inc.)

SplashID Safe 7.2.4 (HKLM-x32\...\SplashID Safe) (Version: 7.2.4 - SplashData)

Spotify (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)

StartIsBack+ (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\StartIsBack) (Version: 1.7 - startisback.com)

Unity Web Player (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)

Yahoo Messenger (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\yahoomessenger) (Version: 0.8.231 - Yahoo! Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F89BF8-A7C9-4A27-9B5D-82822A832CEE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)

Task: {334FFF8E-2DDA-494C-B039-2EF768812EFD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)

Task: {462F1A1C-745C-4F45-9516-625366142B64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {49694A82-66EA-4845-98CE-8D370A1178C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001Core => C:\Users\Raffi\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)

Task: {4C46400E-6B73-445F-A45B-22F45477370E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)

Task: {50796CE1-C0BA-46C5-9410-B421D9EBBA48} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)

Task: {583233BC-7D8B-4F5A-BE0C-2444E46A9270} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)

Task: {5F26B7FA-7914-412A-8CB9-4A5F49C77B90} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {703F5D18-1821-4CF2-9D1E-4E5C6047B95C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft)

Task: {7658A0C9-245B-4D1D-A967-7C35EEAACF5B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()

Task: {8295A939-1F99-4CCD-B68F-C09FB8424C8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {83A782A7-5307-4CD9-BA8D-108D4AB0F882} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()

Task: {A18B2024-A522-4906-BBD1-11088AB13083} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)

Task: {ACEB3C48-6781-4D00-9F67-4F7DCB930D0A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\WSCStub.exe [2017-03-16] (Symantec Corporation)

Task: {BF12C8B9-F090-4923-8EC7-0E3A6DFE3DA0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001UA => C:\Users\Raffi\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)

Task: {D47B4DDA-07A1-498F-B37B-BED508A70A9E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)

Task: {D9383B6A-E1B9-43B7-A99F-50CBBA9ABB3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)

Task: {E2E45EA9-406C-4938-8858-5B865696A696} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-03-16] (Symantec Corporation)

Task: {E9431CCC-0887-4C9D-9E94-510A19CEB747} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)

Task: {F7BE031D-4707-4938-9845-B69382C3994E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Raffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

ShortcutWithArgument: C:\Users\Raffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

ShortcutWithArgument: C:\Users\Raffi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c99253a6a8da5785\Google Chrome.lnk -> C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

ShortcutWithArgument: C:\Users\Raffi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\82aa784c932b6712\Google Chrome.lnk -> C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

ShortcutWithArgument: C:\Users\Raffi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4958c7c8cc71330d\Google Chrome.lnk -> C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2015-01-08 14:44 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-01-08 14:44 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll

2015-01-10 00:34 - 2010-03-15 16:18 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2015-01-08 14:44 - 2015-01-08 14:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2017-03-29 23:08 - 2017-03-29 01:47 - 02885464 _____ () C:\Users\Raffi\AppData\Local\Google\Chrome\Application\57.0.2987.133\libglesv2.dll

2017-03-29 23:08 - 2017-03-29 01:47 - 00099672 _____ () C:\Users\Raffi\AppData\Local\Google\Chrome\Application\57.0.2987.133\libegl.dll

2015-01-10 00:34 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-05-16 11:06 - 2015-05-16 11:06 - 01086176 _____ () C:\Program Files (x86)\Winstep\wodTelnetDLX.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1372970940-966452781-916677827-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raffi\Google Drive\Pictures\Wallpaper\crane.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{B188B65E-B72E-4555-840C-34429D355F2F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{0AA5D0D2-BC33-4E8C-888D-1EED19D16990}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{F716554D-E4E8-4A0A-9694-80554B556470}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{C6CD2C51-A721-4660-8A37-FD629E859D88}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{201AE150-878F-4338-8755-80C88655B4FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{1E13F8D4-583E-410F-8CC5-4AFE101AB602}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{930F0CB2-8DA0-40F4-9F95-BC6E336944B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{229288E7-24C7-4D29-8636-07EB4AFD0FAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{8B00A3D6-DF9A-416B-8350-F956344D731B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe

FirewallRules: [{F928E59D-9765-433D-A820-FB74B096F2A6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe

FirewallRules: [{7BB9D122-7ACA-4425-8B63-0DAF2944BF68}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{9EB8953E-F465-4C2E-9273-0AE91AF8CD16}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{930D049A-6224-4AC9-92B6-5BFE22129649}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{F616F161-EC89-4589-A65C-0A7E2BFC1544}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{F73F7032-341D-4044-BE51-733937FCFEF8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{E865D6C3-8477-4159-BC08-5C4AD326DAC5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{0E233115-AC6F-4444-8EF4-371C6AAD9D65}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{F78ACAE2-B9FC-4A65-BE7A-7289C997A3A0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{24A519D5-6761-4A7C-8374-444859970D00}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{E8328229-5221-48DD-A5D8-39AE9E3502EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{90305B45-C9D4-43B4-BC07-7925E41ACD4F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{AE42C872-CB4B-4F03-A621-643BD928AE75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{21D39A8F-A59E-4D6A-A6D6-A293A9231201}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{DB3D8D6D-0A7C-42FF-B5AA-F278E23F727B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{0552F933-40DB-44E2-BA65-5821335934B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{C6DC71C5-2161-478C-907C-23C54515DDA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{D08D581B-33FA-48B2-9FF0-A355A214F7F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{192B5532-396C-4C15-8DA6-B44CCD8C4B9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{F49CB3E7-4DC1-4F88-9946-686EA6C4FB50}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

FirewallRules: [{006A19CA-4380-4508-966A-16F6CB3927BC}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

FirewallRules: [{1F10411B-4EE1-4134-8943-8FB08149917B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe

FirewallRules: [{4A745678-DDA4-4FE0-B127-9FDF1E971BE5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe

FirewallRules: [{97AC1BB8-4F7F-4C81-8F54-519B6C8CEECD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe

FirewallRules: [{1076EFEB-64EC-4225-959E-8377114EAC29}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe

FirewallRules: [{0E0BD877-D3B2-4EA6-B6E2-B1C6892654C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe

FirewallRules: [{1325B03C-32EB-490A-9F5D-FCC97EFBD758}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe

FirewallRules: [{489E14CA-ED54-4E82-9F92-46D8B0904247}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe

FirewallRules: [{45B33415-69D3-4D51-8892-73071F58FE09}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe

FirewallRules: [{A227B059-FA48-4843-BB4C-F0D6D3A42122}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe

FirewallRules: [{1FFCE112-59BC-4698-AB88-EDFFC92BE777}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe

FirewallRules: [{61B5DEA2-5B27-41CE-A4B1-D3B5DD475E14}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe

FirewallRules: [{2762CC07-FC27-4607-ADEA-A4FB3A47F8CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe

FirewallRules: [{3029A865-F52B-471E-8415-DAE38A1F92AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{95AF1486-A659-489D-BEA0-D8F0A68B971A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{5652F13E-8A22-4F6D-BA30-606017E67CDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{F5EC4F0C-CF60-45ED-8FC2-EEECE65C10BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{483059F3-068C-447D-B24F-B07D52EEDABB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{316D3348-8ADE-4257-8FC1-0362717360E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe

FirewallRules: [{601CDE2C-74DC-4E58-99F5-44AD6888332A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{07754E4A-9572-46A4-BD4E-C4B72586DBF1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

FirewallRules: [{92749470-4858-40D2-9573-E533CD3B70F9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe

FirewallRules: [{5AED7FD1-2368-45EE-8A82-15B092F88DEE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe

FirewallRules: [{4BA70707-4253-436E-A246-060AF75E2D1A}] => (Allow) LPort=54925

FirewallRules: [{AFDB33D7-BEFD-40A6-AF9B-3E5A38EB61FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{2546105B-7ADA-4C12-81F4-D953DA7AC99A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{E80F891B-D832-49E0-8EF3-52030AC55703}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{D9DF0246-A404-427C-8C71-9ADC585AF013}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe

FirewallRules: [{1C05C853-4F6A-4A62-A052-21DEFC0CE7C7}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe

FirewallRules: [{BE5E43DB-5815-4488-B392-AAD360109F44}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe

FirewallRules: [{57816D73-65F6-48A5-B421-BA974A02F65F}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe

FirewallRules: [{046BCA07-40CC-46AD-9E41-0251002CE1B3}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe

FirewallRules: [{181D72E1-6A7C-419F-B773-4B44A4DD8DAD}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe

FirewallRules: [{EABC3EAE-466C-4AC8-BE82-E35A5B2D198C}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe

FirewallRules: [TCP Query User{1BB85E22-735D-4800-9126-CB7BD549D788}C:\program files (x86)\splashdata\splashid safe\splashid safe.exe] => (Allow) C:\program files (x86)\splashdata\splashid safe\splashid safe.exe

FirewallRules: [UDP Query User{27CB2F88-D5CA-4F20-A863-FFF013EA2FC5}C:\program files (x86)\splashdata\splashid safe\splashid safe.exe] => (Allow) C:\program files (x86)\splashdata\splashid safe\splashid safe.exe

FirewallRules: [TCP Query User{ADC25FBB-802D-4D3F-AFE9-0719CC217CE3}C:\users\raffi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raffi\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{3D3AB909-FE3E-4AD0-921E-6BF159EC9BE0}C:\users\raffi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raffi\appdata\roaming\spotify\spotify.exe

FirewallRules: [{92A12606-8828-4690-9EC4-E57C4F90798B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe

FirewallRules: [{549CF028-7364-4B8C-9814-DD3B38755302}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe

FirewallRules: [{5FDB82EC-8AAB-44D0-8A92-A133850ED085}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe

FirewallRules: [{6004DB50-87E8-4484-BF41-49E79DD2FD58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-03-2017 18:20:37 Restore Operation

22-03-2017 05:57:39 Scheduled Checkpoint

28-03-2017 20:04:38 Norton_Power_Eraser_20170328200438338

30-03-2017 08:31:53 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/29/2017 08:43:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17037 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1970

Start Time: 01d2a906c1ce9114

Termination Time: 28

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 058567a8-14fb-11e7-830c-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/29/2017 08:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Acrobat.exe, version: 15.23.20070.19033, time stamp: 0x58a746a2

Faulting module name: Updater.api, version: 15.23.20053.15062, time stamp: 0x585d550c

Exception code: 0xc0000005

Fault offset: 0x00011bce

Faulting process id: 0x1a1c

Faulting application start time: 0x01d2a903888f6b90

Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Faulting module path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api

Report Id: d9e3ab34-14f6-11e7-830c-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/27/2017 10:11:52 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Acrobat.exe, version: 15.23.20070.19033, time stamp: 0x58a746a2

Faulting module name: Updater.api_unloaded, version: 15.23.20053.15062, time stamp: 0x585d550c

Exception code: 0xc0000005

Fault offset: 0x00006666

Faulting process id: 0xcec

Faulting application start time: 0x01d2a71d2650409e

Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Faulting module path: Updater.api

Report Id: 7816e683-1310-11e7-830a-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/27/2017 10:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Acrobat.exe, version: 15.23.20070.19033, time stamp: 0x58a746a2

Faulting module name: Updater.api_unloaded, version: 15.23.20053.15062, time stamp: 0x585d550c

Exception code: 0xc00001a5

Fault offset: 0x000185fa

Faulting process id: 0xcec

Faulting application start time: 0x01d2a71d2650409e

Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Faulting module path: Updater.api

Report Id: 779da912-1310-11e7-830a-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/26/2017 03:16:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.9600.17037 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b84

Start Time: 01d2a67d1540c948

Termination Time: 4

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: cc03ded1-1271-11e7-8309-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/17/2017 04:32:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: EXCEL.EXE, version: 15.0.4569.1504, time stamp: 0x52c5ed10

Faulting module name: EXCEL.EXE, version: 15.0.4569.1504, time stamp: 0x52c5ed10

Exception code: 0xc0000005

Fault offset: 0x0004fbc2

Faulting process id: 0x2358

Faulting application start time: 0x01d29f75775ea488

Faulting application path: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

Faulting module path: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

Report Id: 028af612-0b6a-11e7-8303-206a8a9e3bd3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/16/2017 08:47:00 AM) (Source: chromoting) (EventID: 3) (User: )

Description: Access denied for client: [email protected]/chromoting10E5B20F.

Error: (03/16/2017 08:46:44 AM) (Source: chromoting) (EventID: 3) (User: )

Description: Access denied for client: [email protected]/chromoting3E17CBA7.

Error: (03/16/2017 08:45:56 AM) (Source: chromoting) (EventID: 3) (User: )

Description: Access denied for client: [email protected]/chromoting30E55A23.

Error: (03/16/2017 08:45:38 AM) (Source: chromoting) (EventID: 3) (User: )

Description: Access denied for client: [email protected]/chromotingA6E9A5AA.

System errors:

=============

Error: (03/30/2017 08:32:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2017 08:32:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2017 03:03:03 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/30/2017 03:02:33 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/29/2017 05:34:58 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/29/2017 05:34:28 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/28/2017 08:02:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/28/2017 05:59:34 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/28/2017 05:59:04 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/27/2017 03:24:39 AM) (Source: DCOM) (EventID: 10010) (User: Raffi_Acer_Lptp)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

CodeIntegrity:

===================================

Date: 2015-12-08 01:08:59.838

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-19 17:54:42.923

Date: 2015-01-17 23:04:14.838

Date: 2015-01-16 11:51:59.307

Date: 2015-01-15 09:46:29.513

Date: 2015-01-14 09:18:55.231

Date: 2015-01-12 16:27:51.147

Date: 2015-01-11 15:42:15.694

Date: 2015-01-10 00:42:29.255

==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz

Percentage of memory in use: 13%

Total physical RAM: 16307.27 MB

Available physical RAM: 14137.58 MB

Total Virtual: 18739.27 MB

Available Virtual: 16210.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:221.9 GB) (Free:165.04 GB) NTFS

Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: E0FF060F)

Partition: GPT.

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: E0FF0617)

Partition: GPT.

==================== End of Addition.txt ============================

#6
rm15

Posted 30 March 2017 - 09:50 AM

Member

Topic Starter
Member
39 posts

Lastly, not sure about your preference, but here are the log files attached. Thank you very much for your help!!

Attached Files

Addition.txt 39.46KB 191 downloads
FRST.txt 31.62KB 173 downloads
JRT.txt 624bytes 172 downloads

#7
RKinner

Posted 30 March 2017 - 10:00 AM

Malware Expert

Expert
24,622 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

It's going to reboot. After it reboots:

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Also tell me if you still have problems with Chrome.

#8
rm15

Posted 30 March 2017 - 10:14 AM

Member

Topic Starter
Member
39 posts

Here is the first fix log

- FORGOT TO RUN FIX "AS ADMIN" THIS TIME hope that was ok

- IT DID NOT REBOOT but I will reboot manually now and then run again as you indicated

**************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by Raffi (administrator) on RAFFI_ACER_LPTP (30-03-2017 09:10:52)

Running from C:\Users\Raffi\Desktop\FIX

Loaded Profiles: Raffi (Available Profiles: Raffi)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe