Please help! bunch of issues that have come up.

Rustys · Sep 16, 2020

Read through the Sticky Thread and post the logs that are requested.

Malware Removal

If you're infected, post here. Please include logs and as much information as you can.

pchelpforum.net

confidential · Sep 16, 2020

Rustys said:
Read through the Sticky Thread and post the logs that are requested.

Malware Removal

If you're infected, post here. Please include logs and as much information as you can.

pchelpforum.net

i tried posting them, but i kept getting an error message. How do i post them?

Rustys · Sep 16, 2020

@jmarket you will need to tell us the error message

confidential · Sep 16, 2020

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 (ATTENTION: ====> FRST version is 2228 days old and could be outdated)
Ran by brad (administrator) on BRADS-PC on 14-09-2020 17:02:10
Running from C:\Users\brad\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Innovative Digital Technologies) C:\Users\brad\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\brad\AppData\Local\Google\Update\GoogleUpdate.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Innovative Digital Technologies) C:\Users\brad\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1129248 2013-01-18] (NVIDIA Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4876832 2020-09-14] (Webroot)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-12] (Valve Corporation)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [Akamai NetSession Interface] => C:\Users\brad\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [Spotify Web Helper] => C:\Users\brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-05] (Spotify Ltd)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [Spotify] => C:\Users\brad\AppData\Roaming\Spotify\spotify.exe [6621752 2014-09-05] (Spotify Ltd)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [Google Update] => C:\Users\brad\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-19] (Google Inc.)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3127840 2014-02-19] (Disc Soft Ltd)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Run: [AceStream] => C:\Users\brad\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-30] (Innovative Digital Technologies)
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3975557045-1143981633-976372736-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\brad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: ###MegaShellExtPending -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: ###MegaShellExtSynced -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: ###MegaShellExtSyncing -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ###MegaShellExtPending -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: ###MegaShellExtSynced -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: ###MegaShellExtSyncing -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brad\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 0xF3351533ADD1D101
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=3.1.28 -> C:\Users\brad\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\brad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\brad\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\brad\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\brad\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\brad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\brad\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\searchplugins\youtube-video-search.xml
FF Extension: HTTPS-Everywhere - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\https-everywhere@eff.org [2015-02-07]
FF Extension: AS Magic Player - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\magicplayer_unlisted@acestream.org [2016-02-20]
FF Extension: Webroot Password Manager - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-12-11]
FF Extension: WOT - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-12]
FF Extension: NoScript - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-10]
FF Extension: Adblock Plus - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\i8lundyz.default-1365654069902\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-10]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-03-02]
FF HKCU\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\brad\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: No Name - C:\Users\brad\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]

Chrome:
=======
CHR Extension: (Slides) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Docs) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-17]
CHR Extension: (Google Drive) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-17]
CHR Extension: (Hover your mouse on the video element for certain number of seconds, after which the webpage automatically dims) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-05-05]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-05]
CHR Extension: (YouTube) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Add to Amazon Wish List) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-05-05]
CHR Extension: (uBlock Origin) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-11-25]
CHR Extension: (Google Search) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Tampermonkey) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-10-20]
CHR Extension: (Facebook Color & Background Changer) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheljpcbhldkdiabdemaflamgfnbpnkd [2014-05-05]
CHR Extension: (Google Calendar) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-05-05]
CHR Extension: (Sheets) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (EditThisCookie) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-17]
CHR Extension: (Disconnect) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-05-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-05]
CHR Extension: (Cookie Manager) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2014-05-05]
CHR Extension: (Webroot Filtering Extension) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-10]
CHR Extension: (Facebook AdBlock) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2014-05-05]
CHR Extension: (Ace Script) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-04-21]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2014-10-20]
CHR Extension: (Highlight Keywords for Google Search) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2014-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Hover Zoom) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-05-05]
CHR Extension: (Incognito Tab Switch) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofeampmlffjabmpdebckhpmcjkcjkahi [2014-08-05]
CHR Extension: (Webroot Password Manager) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-08-17]
CHR Extension: (Netflix Party) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2016-12-06]
CHR Extension: (Showgoers for Netflix) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-12-06]
CHR Extension: (Gmail) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-15]
CHR Extension: (Reditr - The Best Reddit Client) - C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfcbbijgnhoebddbjpmlikabnbnddgb [2014-05-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-03-09]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-01-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-19] () [File not signed]
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2013-05-31] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1633008 2018-08-12] (Microsoft Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-11] (Google Inc.)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-08-05] (Hi-Rez Studios) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2269504 2018-12-17] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3130696 2018-12-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2425160 2018-12-04] (Overwolf LTD)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-27] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-07] ()
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [2035888 2020-07-16] (Webroot, Inc.) [File not signed]
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3000648 2020-07-16] (Webroot, Inc.) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4876832 2020-09-14] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-09-14] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2020-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2020-09-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72536 2020-09-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2020-09-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [113016 2020-09-14] (Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 openport; C:\Windows\system32\DRIVERS\openport.sys [23200 2015-06-26] (Tactrix Inc.)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [268720 2020-06-15] (Webroot, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [145128 2020-09-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-03-17] (Webroot)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2020-09-14 17:00 - 2020-09-14 17:02 - 00042452 _____ () C:\Users\brad\Desktop\FRST.txt
2020-09-14 17:00 - 2020-09-14 17:00 - 02297856 _____ (Farbar) C:\Users\brad\Downloads\FRST64 (1).exe
2020-09-14 16:56 - 2020-09-14 16:56 - 02297856 _____ (Farbar) C:\Users\brad\Downloads\FRST64.exe
2020-09-14 16:41 - 2020-09-14 16:43 - 00113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00000000 ____D () C:\Users\brad\AppData\Local\mbamtray
2020-09-14 16:41 - 2020-09-14 16:41 - 00000000 ____D () C:\Users\brad\AppData\Local\mbam
2020-09-14 16:40 - 2020-09-14 16:40 - 00261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-09-14 16:40 - 2020-09-14 16:40 - 00001845 _____ () C:\Users\Public\Desktop\Malwarebytes.lnk
2020-09-14 16:40 - 2020-09-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-09-14 16:40 - 2020-09-14 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes
2020-09-14 16:40 - 2018-12-04 08:09 - 00152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-09-14 16:38 - 2020-09-14 16:38 - 00000000 ____D () C:\ProgramData\WRCore
2020-09-14 16:37 - 2020-09-14 16:38 - 00845668 _____ () C:\Users\brad\Documents\cc_20200914_163713.reg
2020-09-14 16:37 - 2020-09-14 16:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2020-09-14 16:37 - 2020-09-14 16:37 - 00000000 _____ () C:\WINDOWS\setupact.log
2020-09-14 16:36 - 2020-09-14 16:38 - 00071855 _____ () C:\WINDOWS\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2020-09-14 17:02 - 2020-09-14 17:00 - 00042452 _____ () C:\Users\brad\Desktop\FRST.txt
2020-09-14 17:02 - 2014-08-06 19:57 - 00000000 ____D () C:\FRST
2020-09-14 17:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2020-09-14 17:00 - 2020-09-14 17:00 - 02297856 _____ (Farbar) C:\Users\brad\Downloads\FRST64 (1).exe
2020-09-14 16:59 - 2014-08-09 10:35 - 00000000 ____D () C:\Users\brad\Desktop\FRST-OlderVersion
2020-09-14 16:56 - 2020-09-14 16:56 - 02297856 _____ (Farbar) C:\Users\brad\Downloads\FRST64.exe
2020-09-14 16:54 - 2014-12-24 09:58 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{116F6D62-3422-4B22-AC3B-F93C0FA4D09E}
2020-09-14 16:43 - 2020-09-14 16:41 - 00113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-09-14 16:42 - 2013-01-16 13:54 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3975557045-1143981633-976372736-1002
2020-09-14 16:41 - 2020-09-14 16:41 - 00198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-09-14 16:41 - 2020-09-14 16:41 - 00000000 ____D () C:\Users\brad\AppData\Local\mbamtray
2020-09-14 16:41 - 2020-09-14 16:41 - 00000000 ____D () C:\Users\brad\AppData\Local\mbam
2020-09-14 16:40 - 2020-09-14 16:40 - 00261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-09-14 16:40 - 2020-09-14 16:40 - 00001845 _____ () C:\Users\Public\Desktop\Malwarebytes.lnk
2020-09-14 16:40 - 2020-09-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-09-14 16:40 - 2020-09-14 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes
2020-09-14 16:40 - 2014-08-04 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2020-09-14 16:40 - 2014-08-04 21:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2020-09-14 16:38 - 2020-09-14 16:38 - 00000000 ____D () C:\ProgramData\WRCore
2020-09-14 16:38 - 2020-09-14 16:37 - 00845668 _____ () C:\Users\brad\Documents\cc_20200914_163713.reg
2020-09-14 16:38 - 2020-09-14 16:36 - 00071855 _____ () C:\WINDOWS\WindowsUpdate.log
2020-09-14 16:38 - 2013-01-18 16:14 - 00000000 ____D () C:\Program Files\Webroot
2020-09-14 16:37 - 2020-09-14 16:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2020-09-14 16:37 - 2020-09-14 16:37 - 00000000 _____ () C:\WINDOWS\setupact.log
2020-09-14 16:37 - 2013-01-18 16:14 - 00173048 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2020-09-14 16:37 - 2013-01-18 16:14 - 00145128 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2020-09-14 16:37 - 2013-01-18 16:14 - 00103864 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2020-09-14 16:37 - 2013-01-18 16:14 - 00000000 ____D () C:\ProgramData\WRData
2020-09-14 16:33 - 2013-02-06 18:51 - 01797120 ___SH () C:\Users\brad\Desktop\Thumbs.db
2020-09-14 16:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2020-09-14 16:07 - 2014-09-24 00:15 - 00901148 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2020-09-14 16:03 - 2013-04-30 18:36 - 00000000 ____D () C:\Users\brad\AppData\Roaming\.ACEStream
2020-09-14 16:01 - 2014-11-03 22:43 - 00000000 ___RD () C:\Users\brad\OneDrive
2020-09-14 16:01 - 2013-01-16 13:47 - 00000380 _____ () C:\Users\brad\AppData\Roaming\sp_data.sys
2020-09-14 16:00 - 2013-08-29 21:16 - 00000085 _____ () C:\WINDOWS\SysWOW64\BRAgent.dat
2020-09-14 15:59 - 2014-11-03 21:48 - 00000000 ____D () C:\Users\brad
2020-09-14 15:59 - 2014-11-03 21:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2020-09-14 15:59 - 2014-10-16 12:04 - 00119296 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2020-09-14 15:59 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

Some content of TEMP:
====================
C:\Users\brad\AppData\Local\Temp\WRupdate1433862719.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-30 04:10

==================== End Of Log ============================

confidential · Sep 16, 2020

so i was able to post that first one without an error this time, but for the two other logs im getting this error
"Oops! We ran into some problems. Please try again later. More error details may be in the browser console."

jmarket · Sep 20, 2020

Hi there,

I see that you're running Windows 8.1. Have you thought about upgrading to Windows 10?

The reason you were getting errors posting is because you triggered one of our firewalls. It has since learned your usage pattern and you shouldn't get blocked again.

I don't really see any malware on your machine.

confidential · Sep 20, 2020

jmarket said:
Hi there,

I see that you're running Windows 8.1. Have you thought about upgrading to Windows 10?

The reason you were getting errors posting is because you triggered one of our firewalls. It has since learned your usage pattern and you shouldn't get blocked again.

I don't really see any malware on your machine.

yea i actually switched over to windows 10 yesterday, and wiped everything except for personal files and my laptop runs much better. but now my DVD drive does not work. i can put a disk in, and i hear it spin and move. but it never detects that there is a disk. i checked device manager and it says everything is working fine, and drivers are up to date. i booted in safe mode and tried, but again did not recognize a disc being in the drive.

jmarket · Sep 20, 2020

It sounds like the laser in the drive is defective. Do you have an external DVD drive you can test to verify?

veeg · Sep 24, 2020

Any updates?

confidential

Rustys

Malware Removal

confidential

Malware Removal

Rustys

confidential

confidential

jmarket

PCHF's Almighty Ruler

confidential

jmarket

PCHF's Almighty Ruler

veeg

PCHF Manager

Search

Search

Please help! bunch of issues that have come up.

We value your privacy