Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help might be infected by Crypted RAT


  • This topic is locked This topic is locked
18 replies to this topic

#1 Flanean

Flanean

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 November 2016 - 02:50 AM

Hello, I need to know if there are still some saviors of humanity and I need them to muster their strength to see if i am infected by a rat and remove it from my computer.

I am currently running scans with Bitdefender Total Security and Malwarebytes.

I think i might be infected, I'm not entirely sure but better to be paranoid than to not.

I also have received notification that someone has unsuccessfully tried to access my email from an unknown IP Address originating in the United Kingdom even though i do not live there.

Furthermore the RAT might be "crypted" to be fully undetected so my anti virus and anti malware programs might not catch them and be rendered useless.

 

I need someone to restore my faith in humanity!

 

 

FRST.log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by User (administrator) on WIN7-PC (16-11-2016 23:45:58)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User & Anna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\System32\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu(1).exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\odscanui.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [320208 2016-10-27] (Bitdefender)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [141192 2014-05-13] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => D:\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{B57BFD29-EBF1-47A4-9DE7-A23AC16F35E9}: [DhcpNameServer] 64.59.144.100 64.59.150.143

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-11-02] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-11-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-11-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-11-02] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: a3ft2acx.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default [2016-11-16]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\user.js [2015-05-30]
FF Extension: (Battletag for Battlelog™) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\battletag@jeremejevs.com.xpi [2016-04-27]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Dark YouTube Theme) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2016-10-07]
FF Extension: (NASA Night Launch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\nasanightlaunch@example.com.xpi [2016-05-06]
FF Extension: (BlackFox V2) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\zigboom@hotmail.com [2016-10-14]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Extension: (Multi-process staged rollout) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\features\{f2871743-972f-4335-8542-0a7da5889a5a}\e10srollout@mozilla.org.xpi [2016-10-06]
FF Extension: (Pocket) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\features\{f2871743-972f-4335-8542-0a7da5889a5a}\firefox@getpocket.com.xpi [2016-10-06]
FF Extension: (Firefox Hello) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\features\{f2871743-972f-4335-8542-0a7da5889a5a}\loop@mozilla.org.xpi [2016-10-06]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\features\{f2871743-972f-4335-8542-0a7da5889a5a}\malware-remediation@mozilla.org.xpi [2016-10-06]
FF Extension: (Multi-process staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2016-05-06] [not signed]
FF Extension: (Pocket) - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2016-05-06] [not signed]
FF Extension: (Firefox Hello) - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi [2016-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-11-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-02] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-11-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (Turn Off the Lights) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-11-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2016-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Morpheon Dark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-10-11] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [119688 2014-05-13] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242448 2016-02-23] (EasyAntiCheat Ltd)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
R2 MbaeSvc; D:\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2078216 2015-10-07] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-10-04] (Power Admin LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-10-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-07] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-10-27] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1306832 2016-11-07] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-28] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-10-27] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-10-27] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-15] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; D:\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [300840 2016-08-11] (Bitdefender)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-17] (Qualcomm Atheros Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-16] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-03-10] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S0 qbwg; System32\drivers\isvsyk.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 23:45 - 2016-11-16 23:46 - 00030745 _____ C:\Users\User\Downloads\FRST.txt
2016-11-16 23:45 - 2016-11-16 23:45 - 00000000 ____D C:\FRST
2016-11-16 23:38 - 2016-11-16 23:38 - 02412032 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-11-16 23:09 - 2016-11-16 23:11 - 00216288 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_23.09.10_log.txt
2016-11-16 23:08 - 2016-11-16 23:08 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2016-11-16 22:20 - 2016-11-16 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-16 22:19 - 2016-11-16 22:20 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-16 22:18 - 2016-11-16 22:18 - 01888264 _____ (Malwarebytes ) C:\Users\User\Downloads\mbae-setup-1.09.1.1261.exe
2016-11-16 22:13 - 2016-11-16 22:13 - 06761600 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu(1).exe
2016-11-16 15:09 - 2014-02-01 17:35 - 17942528 _____ C:\Users\User\Desktop\cd140201.iso
2016-11-16 14:27 - 2016-11-16 15:11 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-16 14:27 - 2016-11-16 15:08 - 00000101 _____ C:\Users\User\Downloads\rufus.ini
2016-11-16 14:27 - 2016-11-16 14:27 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\User\Downloads\rufus-2.11p.exe
2016-11-16 02:58 - 2016-11-16 03:04 - 680525824 _____ C:\Users\User\Downloads\ophcrack-vista-livecd-3.6.0.iso
2016-11-15 13:23 - 2016-11-15 13:23 - 06761600 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu.exe
2016-11-15 13:23 - 2016-11-15 13:23 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2016-11-06 23:48 - 2016-11-06 23:48 - 00038899 _____ C:\ProgramData\dm.1478504885.bdinstall.bin
2016-11-06 23:44 - 2016-11-06 23:44 - 00000000 ____D C:\ProgramData\bdch
2016-11-04 14:13 - 2016-10-25 12:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-04 14:13 - 2016-10-25 12:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-04 14:13 - 2016-10-25 12:21 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-04 01:43 - 2016-11-04 01:43 - 08270896 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup523pro.exe
2016-11-04 01:40 - 2016-11-04 01:40 - 00000000 _____ C:\Users\User\Downloads\Unconfirmed 70851.crdownload
2016-11-03 17:09 - 2016-11-03 17:09 - 00368371 _____ C:\Users\User\Downloads\f4se_0_02_07.7z
2016-11-03 13:04 - 2016-11-03 13:04 - 38376626 _____ C:\Users\User\Downloads\Vivid Fallout - Landscapes - 2k Update-1769-2-2.7z
2016-11-03 03:59 - 2016-11-03 03:59 - 02247390 _____ C:\Users\User\Downloads\DLL Files.zip
2016-11-03 03:26 - 2016-11-11 21:53 - 00000598 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-11-03 03:26 - 2016-11-11 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-11-03 03:26 - 2016-11-03 03:27 - 65444688 _____ (Microsoft Corporation) C:\Users\User\Downloads\NDP46-KB3045557-x86-x64-AllOS-ENU.exe
2016-11-03 03:26 - 2016-11-03 03:26 - 00000000 ____D C:\Users\User\Documents\Nexus Mod Manager
2016-11-03 03:26 - 2016-11-03 03:26 - 00000000 ____D C:\Users\User\AppData\Local\Black_Tree_Gaming
2016-11-03 03:25 - 2016-11-03 03:25 - 06449136 _____ (Black Tree Gaming ) C:\Users\User\Downloads\Nexus Mod Manager-0.63.6.exe
2016-11-02 13:17 - 2016-11-02 13:17 - 00000000 ____D C:\Users\User\Documents\Custom Office Templates
2016-11-02 11:45 - 2016-11-16 07:53 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4EA88D13-9892-4DB6-933B-AB7818D7F4C3}
2016-11-02 11:37 - 2016-11-02 11:37 - 00003224 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-11-02 11:27 - 2016-11-02 11:37 - 00002152 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-02 11:27 - 2016-11-02 11:37 - 00000000 ___RD C:\Users\User\OneDrive
2016-11-02 11:27 - 2016-11-02 11:27 - 00002100 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-02 11:27 - 2016-11-02 11:27 - 00002100 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-02 11:27 - 2016-11-02 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-11-02 11:26 - 2016-11-02 11:26 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-02 11:25 - 2016-11-02 11:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-02 11:21 - 2016-11-02 11:21 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-11-02 11:21 - 2016-11-02 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-11-02 11:20 - 2016-11-02 11:25 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-02 11:20 - 2016-11-02 11:20 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-02 11:18 - 2016-11-03 18:54 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-02 11:18 - 2016-11-02 11:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-11-02 11:17 - 2016-11-02 11:17 - 05575480 _____ (Microsoft Corporation) C:\Users\User\Downloads\Setup.X64.en-us_O365ProPlusRetail_0b4f8067-c793-40e1-8a67-c94b31a1cb3d_TX_PR_b_32_.exe
2016-11-02 11:16 - 2016-11-02 11:16 - 03798840 _____ (Microsoft Corporation) C:\Users\User\Downloads\Setup.X86.en-US_O365ProPlusRetail_0b4f8067-c793-40e1-8a67-c94b31a1cb3d_TX_PR_b_32_.exe
2016-11-02 00:58 - 2016-11-02 00:58 - 01885968 _____ (Malwarebytes ) C:\Users\User\Downloads\mbae-setup-1.09.1.1235.exe
2016-11-01 23:00 - 2016-11-01 23:00 - 00000714 _____ C:\Users\User\Desktop\Popcorn-Time.lnk
2016-11-01 23:00 - 2016-11-01 23:00 - 00000000 ____D C:\Users\User\AppData\Local\Chromium
2016-11-01 22:59 - 2016-11-01 22:59 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-11-01 22:57 - 2016-11-01 22:57 - 61757061 _____ (Popcorn Time) C:\Users\User\Downloads\Popcorn-Time-0.3.10-Setup.exe
2016-11-01 14:55 - 2016-11-01 14:55 - 00028752 _____ C:\ProgramData\agent.1478040911.bdinstall.bin
2016-10-20 19:11 - 2016-10-20 19:26 - 00000000 ____D C:\Users\User\Desktop\Joke
2016-10-20 19:10 - 2016-10-20 19:10 - 04892476 _____ ( ) C:\Users\User\Downloads\1475938322889-update-0.4.2.33(1).exe
2016-10-19 10:49 - 2016-11-03 18:39 - 00125800 _____ C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-18 17:40 - 2016-10-18 17:40 - 00036117 _____ C:\Users\User\Downloads\logs-1196455-2016-10-19.zip
2016-10-18 17:31 - 2016-10-18 17:31 - 00353363 _____ C:\ProgramData\cl.1476840573.bdinstall.bin
2016-10-18 17:31 - 2016-10-18 17:31 - 00038594 _____ C:\ProgramData\dm.1476840691.bdinstall.bin
2016-10-18 17:30 - 2016-10-27 06:43 - 01605376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-10-18 17:30 - 2016-10-27 06:43 - 00878072 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-10-18 17:30 - 2016-10-18 17:30 - 00253404 ____H C:\bdr-ld01
2016-10-18 17:30 - 2016-10-18 17:30 - 00009216 ____H C:\bdr-ld01.mbr
2016-10-18 17:30 - 2016-10-18 17:30 - 00002226 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2016-10-18 17:30 - 2016-10-18 17:30 - 00000684 ____H C:\bdr-cf01
2016-10-18 17:30 - 2016-10-18 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2016-10-18 17:30 - 2016-08-11 16:42 - 00300840 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-10-18 17:30 - 2016-04-18 11:37 - 49758821 ____H C:\bdr-im01.gz
2016-10-18 17:30 - 2015-12-04 18:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-10-18 17:30 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01
2016-10-18 17:29 - 2016-10-18 17:29 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-18 17:29 - 2016-03-10 06:41 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-10-18 17:29 - 2015-12-16 04:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-10-18 17:06 - 2016-10-18 17:06 - 04892476 _____ ( ) C:\Users\User\Downloads\1475938322889-update-0.4.2.33.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 23:46 - 2011-11-21 19:08 - 00187392 _____ C:\Windows\SysWOW64\freqdb.db
2016-11-16 23:24 - 2015-06-09 08:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-11-16 23:18 - 2009-07-13 20:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-16 23:18 - 2009-07-13 20:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-16 23:10 - 2015-07-20 03:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 22:53 - 2015-05-29 09:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-16 22:50 - 2016-03-06 20:37 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-11-16 17:05 - 2015-05-29 09:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-16 14:31 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-16 14:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-16 14:27 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-16 14:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-16 05:13 - 2015-06-28 23:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-16 02:52 - 2016-10-05 20:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-16 02:00 - 2015-05-31 02:49 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-11-14 16:48 - 2015-05-29 10:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-14 16:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 16:47 - 2015-10-07 01:56 - 00015586 _____ C:\bdlog.txt
2016-11-14 16:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-14 16:45 - 2015-06-13 06:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-11-14 13:55 - 2015-05-29 09:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 13:55 - 2015-05-29 09:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 16:58 - 2016-06-30 00:03 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-12 13:01 - 2016-02-15 15:47 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-11-12 03:01 - 2015-07-20 01:21 - 00000000 ____D C:\Users\User\Documents\The Witcher 3
2016-11-11 01:19 - 2016-02-23 13:24 - 00000000 ____D C:\Users\User\AppData\Local\UnrealEngine
2016-11-06 23:45 - 2009-07-13 20:45 - 00492584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-04 14:14 - 2016-10-04 20:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-04 14:14 - 2016-10-04 19:31 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-04 14:13 - 2016-10-04 20:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-04 14:13 - 2016-10-04 20:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-04 14:13 - 2016-10-04 18:24 - 00003828 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 14:13 - 2016-10-04 18:24 - 00003828 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 14:13 - 2016-10-04 18:24 - 00003778 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 14:13 - 2016-10-04 18:24 - 00003766 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 14:13 - 2016-10-04 18:24 - 00003590 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 14:13 - 2016-10-04 18:24 - 00003530 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-04 01:49 - 2015-06-29 10:40 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-11-04 01:48 - 2015-05-28 13:43 - 00000000 ____D C:\Windows\Panther
2016-11-04 01:43 - 2015-09-09 19:33 - 00000000 ____D C:\Windows\Minidump
2016-11-03 03:32 - 2016-08-10 02:18 - 00000000 ____D C:\Users\User\AppData\Local\Fallout4
2016-11-03 03:28 - 2015-05-28 13:16 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-02 11:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-02 11:22 - 2015-05-28 18:46 - 00125800 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-01 23:00 - 2016-09-11 11:46 - 00000000 ____D C:\Users\User\AppData\Local\Popcorn-Time
2016-10-28 00:21 - 2015-05-29 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-10-25 12:21 - 2016-10-04 20:03 - 01854008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-25 12:21 - 2016-10-04 20:03 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-25 12:21 - 2016-10-04 20:03 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-25 12:21 - 2016-10-04 20:03 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-25 12:21 - 2016-10-04 20:03 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-25 11:12 - 2016-10-04 18:24 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-18 22:25 - 2016-02-12 15:25 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3 Launcher
2016-10-18 20:30 - 2016-02-12 15:28 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2016-10-18 19:22 - 2016-02-12 15:28 - 00000000 ____D C:\Users\User\Documents\Arma 3
2016-10-18 17:33 - 2016-03-06 20:45 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-18 17:29 - 2015-08-06 03:02 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-18 17:28 - 2016-06-30 00:03 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-18 17:28 - 2015-05-31 02:50 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-18 17:28 - 2015-05-31 02:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-18 17:28 - 2015-05-31 02:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-18 17:28 - 2015-05-31 02:49 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-18 17:26 - 2016-03-13 10:12 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-10-18 17:25 - 2016-03-07 13:35 - 02470410 _____ C:\Windows\ZAM_Guard.krnl.trace

==================== Files in the root of some directories =======

2015-06-29 11:29 - 2015-06-29 11:29 - 0000000 ___SH () C:\Users\User\AppData\Local\LumaEmu
2015-07-22 16:09 - 2015-07-22 16:09 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2016-10-06 11:52 - 2016-10-06 11:52 - 0214615 _____ () C:\ProgramData\1475783472.bdinstall.bin
2016-11-01 14:55 - 2016-11-01 14:55 - 0028752 _____ () C:\ProgramData\agent.1478040911.bdinstall.bin
2016-10-18 17:31 - 2016-10-18 17:31 - 0353363 _____ () C:\ProgramData\cl.1476840573.bdinstall.bin
2016-10-06 11:53 - 2016-10-06 11:53 - 0052859 _____ () C:\ProgramData\dm.1475783587.bdinstall.bin
2016-10-18 17:31 - 2016-10-18 17:31 - 0038594 _____ () C:\ProgramData\dm.1476840691.bdinstall.bin
2016-11-06 23:48 - 2016-11-06 23:48 - 0038899 _____ () C:\ProgramData\dm.1478504885.bdinstall.bin

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\Nexus Mod Manager-0.63.7.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-07 23:28

==================== End of FRST.txt ============================

 

Attached Files


Edited by Flanean, 17 November 2016 - 03:19 AM.


BC AdBot (Login to Remove)

 


#2 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 22 November 2016 - 02:38 AM

Hello can anyone help?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 22 November 2016 - 02:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632417 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 25 November 2016 - 03:02 AM

Hi Flanean & Welcome to the forums ^_^,

 

 

Sorry for the delayed response. Too much load ;)

I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you    :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 01 December 2016 - 04:16 PM

Hi Flanean,

 

 

It has been quite some time since my last post. Are you still with me?

 

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:43 PM

Posted 04 December 2016 - 10:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:43 PM

Posted 07 December 2016 - 10:10 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 07 December 2016 - 11:07 PM

Hi Flanean,

 

 

It has been quite some time since my last post. Are you still with me?

 

 

 

-Pranav

Hey sorry for the delay but i'm ready to proceed hoping to find a resolution.



#9 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 08 December 2016 - 06:17 AM

Hi Flanean ^_^,


Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!
 
Going over your logs I noticed that you have uTorrent installed

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs as this is by far the most likely reason you were infected!
  • Files that are downloaded from these website are most likely infected, and even though they may appear to be what you wanted, they may infect your computer at the same time! Do not download files from your p2p client and if you do always scan the file with your anti-virus before executing them!
  • Websites that contain links to download are also highly likely to try and infect your computer! Please avoid them as much as possible and if pop-up boxes appear, always try and close them by clicking the cross at the top right of the window or terminating the browser!
  • The best way to eliminate the risk of infection from p2p applications are to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it, and remove all files downloaded from it until your computer is cleaned! After your computer is cleaned, please Practice Safe Internet and always scan downloaded files with an anti-virus before executing to minimize risk!
 
 
-Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#10 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 08 December 2016 - 07:12 AM

I have Utorrent installed but never use it at all its been along time since i opened it. I'm wondering if you are familiar with RAT (Remote Access Trojan) and have experience with one that uses something called a (Crypter) which makes the RAT undetected from most anti viruses. I believe they binded the Trojan to a legit .exe program and when you run the .exe program it installs the rat secretly while still making the .exe program work to seem legit. I think i am infected with one i just don't know how to find out i am and where to look, because i think the person behind it is watching my every move on the computer without making his detection known. If you don't have the experience with it can you help me find someone that is more experienced in this situation? Thank you.


Edited by Flanean, 08 December 2016 - 07:27 AM.


#11 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 11 December 2016 - 03:09 AM

Hey Flanean ^_^,

 

The FRST log files are stale. I would need a fresh set of logs.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
 
 
 
 

  • Download CKScanner by askey127 from http://downloads.malwareremoval.com/CKScanner.exe & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

 

 

Now, do you know anything about "Power Admin"? It is installed on your system and is depicted in the following entry -

S3 PAExec; C:\Windows\PAExec.exe [189112 2016-10-04] (Power Admin LLC)

Website for Power Admin - https://www.poweradmin.com/

 

 

Have a nice day!

 

Regards,

Pranav


Edited by blueelvis, 11 December 2016 - 03:11 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#12 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 11 December 2016 - 04:38 AM

Wow I don't know what power admin is and I don't really have any recollection of installing that before. And I'm wondering if i didn't install it how did it that program get on my computer? I'm really worried Pranav should i change my password for all my personal accounts?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by User (administrator) on WIN7-PC (11-12-2016 01:30:35)
Running from C:\Users\User\Desktop
Loaded Profiles: User & (Available Profiles: User & Anna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Sandboxie Holdings, LLC) D:\Sandboxie\SbieSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\System32\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper64.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(The NWJS Community) D:\Popcorn-Time\Popcorn-Time.exe
(The NWJS Community) D:\Popcorn-Time\Popcorn-Time.exe
(The NWJS Community) D:\Popcorn-Time\Popcorn-Time.exe
(The NWJS Community) D:\Popcorn-Time\Popcorn-Time.exe
(The NWJS Community) D:\Popcorn-Time\Popcorn-Time.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\User\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [320720 2016-11-17] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] ()
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [141192 2014-05-13] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => D:\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Steam] => c:\program files (x86)\steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Run: [SandboxieControl] => D:\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [1224896 2016-10-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => c:\program files (x86)\steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => D:\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [1224896 2016-10-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3948394229-4220822810-973707312-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{B57BFD29-EBF1-47A4-9DE7-A23AC16F35E9}: [DhcpNameServer] 64.59.144.100 64.59.150.143

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3948394229-4220822810-973707312-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3948394229-4220822810-973707312-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-17] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: a3ft2acx.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default [2016-12-11]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\user.js [2015-05-30]
FF Extension: (Battletag for Battlelog™) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\battletag@jeremejevs.com.xpi [2016-04-27]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Dark YouTube Theme) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2016-10-07]
FF Extension: (NASA Night Launch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\nasanightlaunch@example.com.xpi [2016-05-06]
FF Extension: (BlackFox V2) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\zigboom@hotmail.com [2016-11-29]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a3ft2acx.default\features\{f2871743-972f-4335-8542-0a7da5889a5a}\malware-remediation@mozilla.org.xpi [2016-10-06]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-11-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (Turn Off the Lights) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-12-02]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2016-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Morpheon Dark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-10-11] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [119688 2014-05-13] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242448 2016-02-23] (EasyAntiCheat Ltd)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
R2 MbaeSvc; D:\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2078216 2015-10-07] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-10-04] (Power Admin LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-10-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-07] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 SbieSvc; D:\Sandboxie\SbieSvc.exe [197264 2016-09-22] (Sandboxie Holdings, LLC)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-10-27] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1307344 2016-11-17] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-28] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-10-27] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-10-27] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-15] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 ESProtectionDriver; D:\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182944 2016-11-17] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [300840 2016-08-11] (Bitdefender)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-17] (Qualcomm Atheros Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 SbieDrv; D:\Sandboxie\SbieDrv.sys [204944 2016-09-22] (Sandboxie Holdings, LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-12-08] (BitDefender S.R.L.)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [43472 2016-12-07] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S0 qbwg; System32\drivers\isvsyk.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 01:30 - 2016-12-11 01:30 - 00031627 _____ C:\Users\User\Desktop\FRST.txt
2016-12-11 01:29 - 2016-12-11 01:29 - 02420224 _____ (Farbar) C:\Users\User\Desktop\FRST64(1).exe
2016-12-07 03:24 - 2016-12-10 00:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-12-07 02:57 - 2016-12-10 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-12-07 02:57 - 2016-12-10 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2016-12-07 02:57 - 2016-12-10 00:46 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-12-07 02:57 - 2016-12-07 20:18 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-12-07 02:57 - 2016-12-07 02:57 - 00043472 _____ C:\Windows\system32\Drivers\voxaldriverx64.sys
2016-12-07 02:57 - 2016-12-07 02:57 - 00001236 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-12-07 02:57 - 2016-12-07 02:57 - 00001181 _____ C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2016-12-07 02:57 - 2016-12-07 02:57 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2016-12-07 02:57 - 2016-12-07 02:57 - 00001092 _____ C:\Users\Public\Desktop\Voxal Voice Changer.lnk
2016-12-07 02:57 - 2016-12-07 02:57 - 00000000 ____D C:\ProgramData\NCH Software
2016-12-07 02:57 - 2016-12-07 02:57 - 00000000 _____ C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-12-07 02:54 - 2016-12-07 02:54 - 01009368 _____ (NCH Software) C:\Users\User\Downloads\vxlsetup.exe
2016-12-07 02:54 - 2016-12-07 02:54 - 00000000 ____D C:\Users\User\AppData\Roaming\NCH Software
2016-12-07 02:12 - 2016-12-07 02:12 - 01242448 _____ (Screaming Bee Inc.) C:\Users\User\Downloads\VP-Fantasy_Install.exe
2016-12-07 02:06 - 2016-12-07 02:06 - 01390200 _____ (Screaming Bee Inc.) C:\Users\User\Downloads\VP-CreaturesOfDarkness_Install.exe
2016-12-07 02:05 - 2016-12-07 02:05 - 01310344 _____ (Screaming Bee Inc.) C:\Users\User\Downloads\VP-Female_Install.exe
2016-12-07 01:56 - 2016-12-10 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2016-12-07 01:56 - 2016-12-07 01:56 - 00002082 _____ C:\Users\Public\Desktop\MorphVOX Pro.lnk
2016-12-07 01:56 - 2016-12-07 01:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Screaming Bee
2016-12-07 01:56 - 2016-12-07 01:56 - 00000000 ____D C:\ProgramData\Screaming Bee
2016-12-07 01:56 - 2016-12-07 01:56 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2016-12-07 01:55 - 2016-12-07 01:55 - 06734864 _____ C:\Users\User\Downloads\MorphVOXPro4_Install-1.exe
2016-12-04 16:02 - 2016-12-04 16:03 - 15302984 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64(1).exe
2016-12-04 16:02 - 2016-12-04 16:03 - 14458272 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x86(1).exe
2016-11-24 03:04 - 2016-11-24 03:14 - 00000000 ____D C:\Users\User\Desktop\juicy
2016-11-24 01:05 - 2016-11-24 01:05 - 15302984 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2016-11-24 01:05 - 2016-11-24 01:05 - 14458272 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x86.exe
2016-11-19 14:27 - 2016-11-19 14:27 - 00000000 ____D C:\Users\User\AppData\Local\Popcorn-Time
2016-11-19 14:09 - 2016-11-19 14:09 - 28396704 _____ (Popcorn Official) C:\Users\User\Downloads\Popcorn-Time-0.3.8-5-Setup (1).exe
2016-11-19 14:06 - 2016-11-19 14:06 - 28396704 _____ (Popcorn Official) C:\Users\User\Downloads\Popcorn-Time-0.3.8-5-Setup.exe
2016-11-18 05:49 - 2016-11-18 05:49 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-18 05:49 - 2016-11-18 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-18 05:49 - 2016-11-18 05:49 - 00000000 ____D C:\Program Files\iTunes
2016-11-18 05:49 - 2016-11-18 05:49 - 00000000 ____D C:\Program Files\iPod
2016-11-18 01:50 - 2016-11-18 01:50 - 00001885 _____ C:\Users\User\Desktop\ShadowExplorer.lnk
2016-11-18 01:50 - 2016-11-18 01:50 - 00000000 ____D C:\Users\User\AppData\Roaming\www.shadowexplorer.com
2016-11-18 01:49 - 2016-11-18 01:50 - 00969845 _____ (ShadowExplorer.com ) C:\Users\User\Downloads\ShadowExplorer-0.9-setup.exe
2016-11-18 01:48 - 2016-11-18 01:48 - 00040888 _____ C:\ProgramData\dm.1479462462.bdinstall.bin
2016-11-18 01:17 - 2016-11-18 01:17 - 00040886 _____ C:\ProgramData\dm.1479460639.bdinstall.bin
2016-11-18 01:08 - 2016-11-18 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2016-11-18 01:08 - 2016-11-18 01:50 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2016-11-18 00:15 - 2016-11-18 00:15 - 00040888 _____ C:\ProgramData\dm.1479456881.bdinstall.bin
2016-11-17 23:30 - 2016-11-17 23:30 - 00007136 ____N C:\bootsqm.dat
2016-11-17 23:12 - 2016-11-17 23:12 - 00040888 _____ C:\ProgramData\dm.1479453125.bdinstall.bin
2016-11-17 17:39 - 2016-11-17 17:39 - 00039642 _____ C:\ProgramData\dm.1479433191.bdinstall.bin
2016-11-17 17:29 - 2016-11-18 01:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-17 11:58 - 2016-11-18 01:46 - 00000000 ___RD C:\Sandbox
2016-11-17 11:54 - 2016-11-17 11:54 - 00000000 _____ C:\Windows\SysWOW64\RENC08C.tmp
2016-11-17 11:53 - 2016-11-17 11:53 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-11-17 11:52 - 2016-11-18 01:46 - 00000000 ____D C:\Users\User\Documents\My Filehippo Downloads
2016-11-17 11:38 - 2016-11-17 11:38 - 02190552 _____ C:\Users\User\Downloads\appmanagersetup_2.0_b4_292.exe
2016-11-17 11:38 - 2016-11-17 11:38 - 02190552 _____ C:\Users\User\Downloads\appmanagersetup_2.0_b4_292 (1).exe
2016-11-17 11:38 - 2016-11-17 11:38 - 00000693 _____ C:\Users\User\Desktop\FileHippo App Manager.lnk
2016-11-17 11:38 - 2016-11-17 11:38 - 00000693 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2016-11-17 11:20 - 2016-11-18 13:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-17 11:20 - 2016-11-18 01:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-11-17 11:03 - 2016-12-10 23:10 - 00002598 _____ C:\Windows\Sandboxie.ini
2016-11-17 11:03 - 2016-11-17 11:02 - 00000718 _____ C:\Users\User\Desktop\Sandboxed Web Browser.lnk
2016-11-17 11:02 - 2016-11-18 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-11-17 11:01 - 2016-11-17 11:02 - 08972944 _____ (Sandboxie Holdings, LLC) C:\Users\User\Downloads\SandboxieInstall.exe
2016-11-17 05:18 - 2016-11-17 05:19 - 06770304 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\ESETOnlineScanner_ENU (1).exe
2016-11-16 23:46 - 2016-11-16 23:48 - 00058566 _____ C:\Users\User\Downloads\Addition.txt
2016-11-16 23:45 - 2016-12-11 01:30 - 00000000 ____D C:\FRST
2016-11-16 23:45 - 2016-11-16 23:48 - 00048829 _____ C:\Users\User\Downloads\FRST.txt
2016-11-16 23:38 - 2016-11-16 23:38 - 02412032 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-11-16 23:09 - 2016-11-16 23:11 - 00216288 _____ C:\TDSSKiller.3.1.0.12_16.11.2016_23.09.10_log.txt
2016-11-16 23:08 - 2016-11-16 23:08 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2016-11-16 22:20 - 2016-11-16 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-16 22:19 - 2016-12-10 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-16 22:18 - 2016-11-16 22:18 - 01888264 _____ (Malwarebytes ) C:\Users\User\Downloads\mbae-setup-1.09.1.1261.exe
2016-11-16 22:13 - 2016-11-16 22:13 - 06761600 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu(1).exe
2016-11-16 14:27 - 2016-11-16 15:11 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-16 14:27 - 2016-11-16 15:08 - 00000101 _____ C:\Users\User\Downloads\rufus.ini
2016-11-16 14:27 - 2016-11-16 14:27 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\User\Downloads\rufus-2.11p.exe
2016-11-15 13:23 - 2016-11-18 00:13 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2016-11-15 13:23 - 2016-11-15 13:23 - 06761600 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 01:30 - 2011-11-21 19:08 - 00198656 _____ C:\Windows\SysWOW64\freqdb.db
2016-12-11 01:22 - 2015-07-20 03:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-11 01:02 - 2016-03-06 20:37 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-12-11 00:53 - 2015-05-29 09:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-11 00:18 - 2015-06-28 23:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-10 22:21 - 2009-07-13 20:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-10 22:21 - 2009-07-13 20:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-10 16:58 - 2016-06-30 00:03 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-10 16:53 - 2015-05-29 09:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-10 05:16 - 2016-10-05 20:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-10 05:11 - 2015-05-31 02:49 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-12-10 05:07 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 05:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-10 05:06 - 2016-11-02 11:45 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4EA88D13-9892-4DB6-933B-AB7818D7F4C3}
2016-12-10 05:01 - 2015-06-09 08:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-12-10 05:01 - 2015-05-29 10:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-10 05:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-10 05:01 - 2009-07-13 20:45 - 00492584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-10 01:07 - 2015-10-07 01:56 - 00031644 _____ C:\bdlog.txt
2016-12-10 00:46 - 2016-10-20 19:11 - 00000000 ____D C:\Users\User\Desktop\Joke
2016-12-10 00:46 - 2015-08-08 21:00 - 00000000 ____D C:\Users\Anna
2016-12-10 00:46 - 2015-06-30 21:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-10 00:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-12-09 21:17 - 2016-02-15 15:47 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-12-08 18:11 - 2016-10-18 17:29 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-12-03 21:31 - 2015-06-09 08:36 - 00000000 ____D C:\ProgramData\Skype
2016-11-30 01:46 - 2015-06-13 06:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-11-30 01:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-18 05:49 - 2015-06-11 20:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-18 01:46 - 2015-05-29 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-18 01:46 - 2015-05-29 02:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-18 01:45 - 2016-02-17 12:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-18 01:45 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-18 01:44 - 2016-11-02 11:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-11-18 01:44 - 2016-11-02 11:18 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-18 01:44 - 2015-05-29 09:55 - 00000000 ____D C:\Program Files\Java
2016-11-18 00:13 - 2015-05-28 21:30 - 00000000 ____D C:\Users\User\Downloads\4.1.0.2013_v17
2016-11-17 23:11 - 2015-08-06 03:05 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-17 23:10 - 2015-05-29 09:55 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-17 17:30 - 2016-11-02 11:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-17 11:53 - 2015-05-29 09:56 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-17 11:12 - 2016-10-18 17:29 - 00182944 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-11-17 10:51 - 2015-05-30 13:33 - 00013824 ___SH C:\Users\User\Downloads\Thumbs.db
2016-11-16 14:27 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-16 14:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-14 13:55 - 2015-05-29 09:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 13:55 - 2015-05-29 09:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 03:01 - 2015-07-20 01:21 - 00000000 ____D C:\Users\User\Documents\The Witcher 3
2016-11-11 21:53 - 2016-11-03 03:26 - 00000598 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-11-11 21:53 - 2016-11-03 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-11-11 01:19 - 2016-02-23 13:24 - 00000000 ____D C:\Users\User\AppData\Local\UnrealEngine

==================== Files in the root of some directories =======

2016-12-07 02:57 - 2016-12-07 02:57 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2016-12-07 02:57 - 2016-12-07 02:57 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-06-29 11:29 - 2015-06-29 11:29 - 0000000 ___SH () C:\Users\User\AppData\Local\LumaEmu
2015-07-22 16:09 - 2015-07-22 16:09 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2016-10-06 11:52 - 2016-10-06 11:52 - 0214615 _____ () C:\ProgramData\1475783472.bdinstall.bin
2016-11-01 14:55 - 2016-11-01 14:55 - 0028752 _____ () C:\ProgramData\agent.1478040911.bdinstall.bin
2016-10-18 17:31 - 2016-10-18 17:31 - 0353363 _____ () C:\ProgramData\cl.1476840573.bdinstall.bin
2016-10-06 11:53 - 2016-10-06 11:53 - 0052859 _____ () C:\ProgramData\dm.1475783587.bdinstall.bin
2016-10-18 17:31 - 2016-10-18 17:31 - 0038594 _____ () C:\ProgramData\dm.1476840691.bdinstall.bin
2016-11-06 23:48 - 2016-11-06 23:48 - 0038899 _____ () C:\ProgramData\dm.1478504885.bdinstall.bin
2016-11-17 17:39 - 2016-11-17 17:39 - 0039642 _____ () C:\ProgramData\dm.1479433191.bdinstall.bin
2016-11-17 23:12 - 2016-11-17 23:12 - 0040888 _____ () C:\ProgramData\dm.1479453125.bdinstall.bin
2016-11-18 00:15 - 2016-11-18 00:15 - 0040888 _____ () C:\ProgramData\dm.1479456881.bdinstall.bin
2016-11-18 01:17 - 2016-11-18 01:17 - 0040886 _____ () C:\ProgramData\dm.1479460639.bdinstall.bin
2016-11-18 01:48 - 2016-11-18 01:48 - 0040888 _____ () C:\ProgramData\dm.1479462462.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-07 23:28

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by User (11-12-2016 01:31:00)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-05-28 20:50:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3948394229-4220822810-973707312-500 - Administrator - Disabled)
Anna (S-1-5-21-3948394229-4220822810-973707312-1006 - Limited - Enabled) => C:\Users\Anna
Guest (S-1-5-21-3948394229-4220822810-973707312-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3948394229-4220822810-973707312-1005 - Limited - Enabled)
User (S-1-5-21-3948394229-4220822810-973707312-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.25.1378 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.18.898 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.18.898 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Creatures Of Darkness (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Creatures of Darkness Voices for MorphVOX (HKLM-x32\...\{00e68eab-1128-4d89-94ae-a83b286afd69}) (Version: 4.4.41 - Screaming Bee Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fantasy Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Fantasy Voices for MorphVOX (HKLM-x32\...\{86aac4fd-4cd3-48c5-825b-325c34aa5008}) (Version: 4.4.41 - Screaming Bee Inc.)
Female Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Female Voices for MorphVOX (HKLM-x32\...\{7deb85b1-333a-461a-9ae0-00b4b8a6e3e7}) (Version: 4.4.41 - Screaming Bee Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\{157F97DF-A001-36FB-A90C-55949FA130CA}) (Version: 54.0.2840.99 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HP My Display (HKLM-x32\...\{448286F7-9BCC-4254-A6DC-CB40DC852F55}) (Version: 2.09.13 - Portrait Displays, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.2013 - Marvell)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{3ac2ad7f-6aee-42ed-a008-6f9cbd1de922}) (Version: 4.4.63.1606 - Screaming Bee)
MorphVOX Pro (x32 Version: 4.4.63.1606 - Screaming Bee) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.7 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Popcorn-Time (HKU\S-1-5-21-3948394229-4220822810-973707312-1000\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Popcorn-Time (HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Sandboxie 5.14 (64-bit) (HKLM\...\Sandboxie) (Version: 5.14 - Sandboxie Holdings, LLC)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Squad (HKLM-x32\...\Steam App 393380) (Version: - Offworld Industries)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Elder Scrolls Online: Tamriel Unlimited (HKLM-x32\...\Steam App 306130) (Version: - Zenimax Online Studios)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.07 - Релиз от R.G. Steamgames)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.35 - NCH Software)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3948394229-4220822810-973707312-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3948394229-4220822810-973707312-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018E01CD-B481-47E7-9109-5351D292ACDC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {1239D141-76E3-4B41-A20B-8FAA66267354} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-18] (Adobe Systems Incorporated)
Task: {1C2545D6-27F1-469B-BCD7-C9544903CCBA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {27ACE3CA-B6DD-46FC-8DE3-8D706285CEDB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {32F2BE66-BEF0-4441-816D-FFFD3FB7C385} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {35F61E98-F036-4F5B-A69C-FB26F21C39F9} - System32\Tasks\{652F24E4-F50A-42C7-9992-EFE4609591D8} => pcalua.exe -a C:\Users\User\Downloads\sp69324.exe -d C:\Users\User\Downloads
Task: {4285A2CF-F66A-4F2D-B20A-A7419736AFF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {49520AE3-09A1-46E8-87B5-68D269222305} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4A015979-6723-4DF0-B10B-1FF860EC2BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {5A47624D-CACA-427B-AD3D-B2EC6D640718} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {84A68F3C-9D8B-4800-84EE-8C76B33916E6} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {8821EBEF-70C2-4CBE-80C0-CDAA8A5A622C} - System32\Tasks\AdobeAAMUpdater-1.0-WIN7-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {88D0CA15-CC00-4F25-A9A3-9F6B9DD0AE7E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {9025D182-520D-4A86-96FD-79DECA8E1E58} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {9EB771C5-51A5-4005-9EB3-B8297FE37357} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {B5E97064-35D0-488C-B8C4-F78050B4422C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {B93ED5E8-551D-4C6D-8180-1EDEAF75AD92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {BEEB0424-979E-40CA-B578-AF020B2F620C} - System32\Tasks\{3F043806-4025-443E-AE3A-814B6951CE9A} => Firefox.exe
Task: {C835F79C-1B5B-4853-A27C-5C4DF5EA1BB0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {CA6B500F-166F-4E6E-8F4C-38930E906B44} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {CC867128-6F0E-42F2-BD62-7472CE6B30DB} - System32\Tasks\{4C2ECDA4-C952-467D-AFF5-5CDEDC7913F1} => C:\Users\User\Downloads\mb\Efiflash.exe
Task: {DD391A1B-8009-4FE7-997B-F588B9716316} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {F8057541-E5CF-4C64-BF4C-DF8BE7B21531} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {FB280F40-3574-47C9-B200-6661E312FF83} - System32\Tasks\{A9458CFA-3FB6-40A3-B52A-04249D77F4ED} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x64.exe -d C:\Users\User\Downloads
Task: {FBE8EA9B-9FA6-4E63-849F-68D919294B1B} - System32\Tasks\{40E3C58A-A82C-4283-876C-D63747D00AA5} => C:\Users\User\Downloads\mb\Efiflash.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> D:\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\User\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj

==================== Loaded Modules (Whitelisted) ==============

2016-10-18 17:30 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2016-10-18 17:30 - 2016-11-17 11:10 - 00132104 ____N () C:\Program Files\Bitdefender\Bitdefender 2017\ECEvents.dll
2016-11-14 12:36 - 2016-11-14 12:37 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02351_002\ashttpbr.mdl
2016-11-14 12:36 - 2016-11-14 12:37 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02351_002\ashttpdsp.mdl
2016-11-14 12:36 - 2016-11-14 12:37 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02351_002\ashttpph.mdl
2016-11-14 12:36 - 2016-11-14 12:37 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02351_002\ashttprbl.mdl
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-04 21:04 - 2016-10-25 12:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-04 21:04 - 2016-10-25 12:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-04 21:04 - 2016-10-25 12:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-10-08 16:21 - 2015-10-08 16:21 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-02 11:37 - 2016-11-02 11:37 - 01864384 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-11-02 11:20 - 2016-10-30 08:12 - 08924864 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-05-28 21:27 - 2012-11-13 23:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-05-28 21:27 - 2012-11-13 23:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-10-18 17:30 - 2016-11-17 11:12 - 00023328 ____N () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdsystray.txtui
2012-06-12 18:34 - 2012-06-12 18:34 - 01213952 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2016-10-04 20:03 - 2016-10-01 11:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-11-21 18:48 - 2011-11-21 18:48 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2016-10-04 21:04 - 2016-10-25 12:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-02 11:37 - 2016-11-02 11:37 - 01383616 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-02 11:21 - 2016-10-30 06:18 - 08924864 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-01-17 15:21 - 2012-01-17 15:21 - 00068104 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\PEGAACPIDLL.dll
2014-05-13 12:36 - 2014-05-13 12:36 - 00058248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\VistaAPI.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-07 23:41 - 2016-06-07 23:41 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-04 21:04 - 2016-10-25 11:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-04 21:04 - 2016-10-25 11:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-04 21:04 - 2016-10-25 11:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-04 21:04 - 2016-10-25 12:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-04 21:04 - 2016-10-25 12:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-04 21:04 - 2016-10-25 11:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-04 21:04 - 2016-10-25 11:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-04 21:04 - 2016-10-25 11:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-04 21:04 - 2016-10-25 11:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-05-28 21:28 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-11-14 13:55 - 2016-11-08 12:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 13:55 - 2016-11-08 12:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2015-06-28 23:40 - 2016-09-07 19:14 - 00784672 _____ () c:\program files (x86)\steam\SDL2.dll
2015-06-28 23:40 - 2016-08-31 17:02 - 04969248 _____ () c:\program files (x86)\steam\v8.dll
2015-06-28 23:40 - 2016-08-31 17:02 - 01563936 _____ () c:\program files (x86)\steam\icui18n.dll
2015-06-28 23:40 - 2016-08-31 17:02 - 01195296 _____ () c:\program files (x86)\steam\icuuc.dll
2015-06-28 23:40 - 2016-10-12 17:58 - 02321696 _____ () c:\program files (x86)\steam\video.dll
2015-06-28 23:40 - 2016-01-26 23:49 - 02549760 _____ () c:\program files (x86)\steam\libavcodec-56.dll
2015-06-28 23:40 - 2016-01-26 23:49 - 00442880 _____ () c:\program files (x86)\steam\libavutil-54.dll
2015-06-28 23:40 - 2016-01-26 23:49 - 00491008 _____ () c:\program files (x86)\steam\libavformat-56.dll
2015-06-28 23:40 - 2016-01-26 23:49 - 00332800 _____ () c:\program files (x86)\steam\libavresample-2.dll
2015-06-28 23:40 - 2016-01-26 23:49 - 00485888 _____ () c:\program files (x86)\steam\libswscale-3.dll
2015-06-28 23:40 - 2016-10-12 17:58 - 00836896 _____ () c:\program files (x86)\steam\bin\chromehtml.DLL
2016-03-16 13:01 - 2016-07-04 14:17 - 00266560 _____ () c:\program files (x86)\steam\openvr_api.dll
2015-06-28 23:40 - 2016-10-12 17:58 - 00145696 _____ () c:\program files (x86)\steam\bin\audio.dll
2015-06-28 23:40 - 2014-04-08 20:25 - 00071680 _____ () c:\program files (x86)\steam\bin\mssmp3.asi
2015-06-28 23:40 - 2014-04-08 20:25 - 00153088 _____ () c:\program files (x86)\steam\bin\mssvoice.asi
2016-10-17 03:59 - 2016-08-04 12:56 - 49825056 _____ () c:\program files (x86)\steam\bin\cef\cef.winxp\libcef.dll
2015-06-28 23:40 - 2015-09-24 15:52 - 00119208 _____ () c:\program files (x86)\steam\winh264.dll
2016-11-01 07:26 - 2016-11-01 07:26 - 02208256 _____ () D:\Popcorn-Time\ffmpeg.dll
2016-11-01 07:26 - 2016-11-01 07:26 - 01872896 _____ () D:\Popcorn-Time\libglesv2.dll
2016-11-01 07:26 - 2016-11-01 07:26 - 00078848 _____ () D:\Popcorn-Time\libegl.dll
2016-11-01 07:26 - 2016-11-01 07:26 - 04065792 _____ () D:\Popcorn-Time\node.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\Desktop\FRST64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\adbfix.zip:BDU [1]
AlternateDataStreams: C:\Users\User\Downloads\AIO-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CG_5.5.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CreativeCloudSet-Up (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CreativeCloudSet-Up (2).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\CreativeCloudSet-Up.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\ESETOnlineScanner_ENU (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\esetonlinescanner_enu(1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\esetonlinescanner_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\esetsmartinstaller_enu (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\esetsmartinstaller_enu (2).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\flashplayer22pp_xa_install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbae-setup-1.09.1.1235.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mbae-setup-1.09.1.1261.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mb_bios_ga-z77x-ud3h_f20e (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\mb_bios_ga-z77x-ud3h_f20e.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\MorphVOXPro4_Install-1.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Nexus Mod Manager-0.63.6.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Popcorn-Time-0.3.8-5-Setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Popcorn-Time-0.3.8-5-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\rufus-2.11p.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\SandboxieInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Setup.X64.en-us_O365ProPlusRetail_0b4f8067-c793-40e1-8a67-c94b31a1cb3d_TX_PR_b_32_.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Setup.X86.en-US_O365ProPlusRetail_0b4f8067-c793-40e1-8a67-c94b31a1cb3d_TX_PR_b_32_.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\sp69034.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\sp69324.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\TunnelBear-Install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vc_redist.x64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vc_redist.x64.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vc_redist.x86(1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vc_redist.x86.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\VP-CreaturesOfDarkness_Install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\VP-Fantasy_Install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\VP-Female_Install.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\vxlsetup.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\winrar-x64-521.exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Zemana.AntiMalware.Setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\User\Downloads\Zemana.AntiMalware.Setup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-11 01:01 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3948394229-4220822810-973707312-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3948394229-4220822810-973707312-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3948394229-4220822810-973707312-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 64.59.144.100 - 64.59.150.143
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{07EDF0CD-BDDF-4BA7-96E0-C0280A307EA7}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{B2E2A7EC-42D2-472C-93DB-438A21E45E18}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [{84B810DD-3530-41B3-9CF1-1D8F20EDEAD1}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3634B33D-91B8-4076-8032-DD96A10816F9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2BC3BF2-7959-49E0-B691-AF1CE973FDAA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A4B2B3E3-598F-4E20-8359-ACDA1627434C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B2D44305-B1E1-49D2-90C2-295DE15968AB}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D2311E36-5EB3-42CE-9A53-0063425A5714}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E51C7B76-A4C7-48A5-8643-E11903F7C938}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{543C582B-C8D0-48A1-BE0C-B94F28A58951}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B164D763-1764-40FF-9630-F77E3B4718C8}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92219A8C-B9D1-4270-8C80-33EB53D11EF6}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{489E4144-9D43-4605-87B1-EEA4F872B583}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAB57147-F7EE-4383-9F13-F0EF316B034A}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56FA7532-CB1A-4562-A2C6-F16C21BEBB93}] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{398C95F9-8AE0-4848-ABE9-8007E59FDC44}] => C:\Users\User\AppData\Local\Temp\nsa4862.tmp\Installer-10794489.exe
FirewallRules: [{E765EB1E-92DA-44B6-8679-1FEC6FC2B5C4}] => C:\Users\User\AppData\Local\Temp\nsa4862.tmp\Installer-10794489.exe
FirewallRules: [{23F5D6C4-28B5-4882-AA7D-E1014EF648D2}] => D:\Dota 2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3956E127-E8AF-4775-8BF8-D4DB703A5DB3}] => D:\Dota 2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{30217CFA-97F4-45B8-85C4-E57E2942596F}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48101482-0142-426C-A4FC-B30C821B8D7E}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40499C80-C4F0-4141-B0EE-9AFFE97EA30D}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{508987CE-0CCC-4720-97E3-32F95F8DF972}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A7970934-67EB-4524-B19E-B9B353FE49BA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8D84D070-AE91-44F2-A296-4F543FF7A355}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{510F4370-9550-4414-BC75-B4AB9B9568E4}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{48222472-D9ED-4C0E-B187-F2638541D596}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F5C593B0-BDC2-4567-88C3-BCE7A463C2AD}] => C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{3E02F83B-8739-43CE-B976-51571144D817}] => C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{BE391622-DD3B-4A52-85F6-FC144DB8ABBE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{392A8D74-E66D-4092-A750-A3275C0C22FD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F90A4B31-8123-4323-85CE-5E4A6F226780}] => D:\SteamGames\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A4B0DCE4-C90E-4DEE-81B1-A25EF686667F}] => D:\SteamGames\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{1285E488-9A78-4949-BD52-346B932C15D0}] => D:\SteamGames\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7D6B4336-FADB-4490-86BB-2463C20862D1}] => D:\SteamGames\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A6ADFED0-BA41-4187-AC58-50462175A173}] => D:\SteamGames\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{93954169-0676-461C-9936-B42008FF7F72}] => D:\SteamGames\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{92A2EFCF-686C-4694-BC94-26D805A7EDB3}] => D:\SteamGames\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{5CB0FD84-C94B-42F6-A59C-363954A726FC}] => D:\SteamGames\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{496616E8-F271-4E59-8B93-52B3CA75345A}] => D:\SteamGames\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{D79AC543-A7D6-4F6A-AF8B-6A87771B9F3F}] => D:\SteamGames\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{C595A919-2436-4FAC-B7C4-AD7DE1DEA701}D:\steamgames\steamapps\common\arma 3\arma3.exe] => D:\steamgames\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{CC1482C2-FF9F-4BE3-90B1-2B222415B9A0}D:\steamgames\steamapps\common\arma 3\arma3.exe] => D:\steamgames\steamapps\common\arma 3\arma3.exe
FirewallRules: [{3459DE8E-EB16-444C-8EEC-8E26DE2878E0}] => D:\steamgames\steamapps\common\arma 3\arma3.exe
FirewallRules: [{D1BF60C6-558A-4D70-8DF2-64D17349BF7F}] => D:\steamgames\steamapps\common\arma 3\arma3.exe
FirewallRules: [{3257B6B6-A19B-4C8E-88EE-7BDD2869B669}] => D:\SteamGames\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{2C20B917-7078-4DB4-A414-21EDA73F057E}] => D:\SteamGames\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{42186D75-6BB3-407B-B9AE-2F669457A097}] => D:\SteamGames\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{42B06524-5B38-4503-A839-5B49F262F8E6}] => D:\SteamGames\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [TCP Query User{FC4A79B8-3A09-490B-AB54-861AF2D26ED1}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D8CB3D35-A26E-4F90-8CE7-FF4F8F7488AA}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{4CA6FA87-8CFE-4DEA-BB8E-5BBFCADAA871}] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{9BE1C41F-183E-4DF5-A5A8-D3F5E758B654}] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{8E5FA160-C56C-400F-AAD8-A900508058B3}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA8742F6-A99E-442A-AFD9-C06C840BBB76}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{850DEAD6-8DD8-4769-8804-A0881C8C3BF4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4934DE2A-C0A3-4C31-B49B-FB37ACB50138}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D0A3415-B13A-4368-A8A1-0630BD5252B0}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AE56DF3-32BB-441D-89E5-63A9A72A683F}] => D:\SteamGames\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{CF39DD11-2A1F-4D3B-9038-797759A24C43}] => D:\SteamGames\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{969FB476-4750-44EA-B117-57F0A6BAE170}D:\popcorn-time\nw.exe] => D:\popcorn-time\nw.exe
FirewallRules: [UDP Query User{E89F11FF-DFFB-41F9-B602-EF4F960BCADF}D:\popcorn-time\nw.exe] => D:\popcorn-time\nw.exe
FirewallRules: [{192C045D-164B-4A90-9115-CFDFFBB9E71A}] => D:\popcorn-time\nw.exe
FirewallRules: [{2EE04D2C-7BE5-439E-AD3B-6845A9EA343A}] => D:\popcorn-time\nw.exe
FirewallRules: [TCP Query User{D7A044FD-4A57-4DE6-8E3B-764EC71DF07F}D:\steamgames\steamapps\common\squad\squad\binaries\win64\squad.exe] => D:\steamgames\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{86E267A9-32D3-4A14-9D7F-B8A85CCCE45D}D:\steamgames\steamapps\common\squad\squad\binaries\win64\squad.exe] => D:\steamgames\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{81966E84-DC57-46F0-8912-141ACDA4FD8E}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A5B9B8CD-F2C7-4764-AE22-97BE80B0616D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2C077289-FED2-437D-809F-025CE97B4417}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D04D9FB9-7ED3-4A4A-8898-FEC6BB32763B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF817351-5106-4958-B8D8-EB810CD98B10}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{98BB30CF-A011-4C70-B8EA-253CC9BDD81B}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{26ADD98C-12E9-43AA-8193-CEE0C6A66EF3}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A2434EF-FF16-4639-808E-0A7456577868}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5F7E01A-4E48-4591-BBAE-593F00233FDF}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C55BE58-FF75-4E6E-8CBC-9BCFAE3B446D}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{641F1E54-1D66-4332-BF86-9A701EBC9112}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E27958D-62EA-4E4B-A8A7-47251BF7FBC2}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C59A2267-AECC-48BC-81E1-BF040F41FB57}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F508735-C51E-4E6F-80FA-132E52C56471}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{387D9FC3-F258-4231-82CC-921D32222B44}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17F86041-8480-4C46-B626-9871DA3D0D2D}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A7EABB3-7DAC-4A7D-8B8C-5F15D2FF8C15}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A62BD571-9EE4-488D-AEC6-F57592D70B6A}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7B318494-84C0-40A4-926B-C8D5BDDB0B34}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1588B65-A6D7-4BE2-A3FA-D9095A1A5CF0}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C646B120-857A-487F-B4F6-3F58FBC0A37C}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFCFE77A-7431-4A8A-BAB8-295370D7262D}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C74C2D1-86C1-444E-BB4E-5A4A04CA8306}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B46467F-A6E2-4054-842A-749233897867}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE554CAD-38F8-4B58-96D7-3B1332382162}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FCFAE02-5E39-46EC-B445-E2948CD0AB70}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4D4C110-529D-47B2-8FFA-41D509520754}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{47CC7814-D0A3-4DA4-97CA-2D5B547E6E53}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A4FA0643-C42A-4D5F-84A7-B665547BD548}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{90B70619-A244-4BB7-8BCF-B35E69BD9EF9}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2A9E49B1-5F73-4D6C-B3EB-ADE5F06860A8}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FFDAAE63-C966-42BC-94CA-95E94CA213B4}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6D21FDD5-55B7-4445-A914-DBB0825E4564}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{04BD6F45-5046-47D0-A9DB-B5A73D7F3E7C}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B2BA97F8-1790-4988-B203-0FA9505DCBA1}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33632DC2-AD43-4BB9-966E-066241513913}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B85300A2-E4FB-41F2-BB19-1F0D5E163C50}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BBE9867-259F-41E7-9E40-50E9046151F3}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF467858-57E4-4018-983A-4F002BF2DD4B}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B45C9418-23ED-43D9-B5BF-A2DF2527E66A}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{46CF480E-1E26-4BC8-9785-99D5E131FE25}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{944AF70E-5E1A-4244-BD24-6B9D0BB4A26B}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E5BBC205-919E-4D28-AD7E-E59E021ADDA2}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2324D640-719A-4821-B030-7801DC34A143}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F4CD7CC-4FE1-4C5D-A07E-CBD0E469D034}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B92CD5FF-94DA-4AAE-918D-5747605A2BF3}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{721FDDAE-0201-4C03-B1C8-35ACBDB67277}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2ABB3227-9AB9-4006-81D6-0C4149A8704F}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{87D01627-D306-468A-836C-6A7758176748}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43745128-2D19-44B2-8036-E7596B239D97}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3ACD4A40-A839-402C-BCE4-451BA06A4B50}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2B2FABC-8F65-4D1F-A3E9-3B667E1EBC5A}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE2A76CD-01CB-4C65-A164-53EF17044831}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D452D61A-2FC3-42D8-9396-4A4D93092266}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{49F07967-94D7-4BBF-9218-868EA735EF47}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0B120FC6-AB04-41D5-BF86-F9A704AB9D15}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D9B803AC-E85E-447A-AE1A-CABF8DC39D0C}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB6AF774-EBA1-4661-92DC-55471AB473A2}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D42A66D-4DF5-460D-81C3-B87856813C93}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48447B68-B55F-46B7-8B97-FA993774767E}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C45FAB3E-C7A3-4D41-8789-34361565AC88}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ADC2E397-9AFD-4C5D-8CBC-3C42FEF43371}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0838BC6-0AE8-4819-9FB2-5859B33B52C5}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5162277-0672-4493-BD54-E2FBF054A949}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC766C7F-47D7-485D-ABCF-9AB56430FB50}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{132A31DF-6121-4EA4-9D31-CFAC7856B18A}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0486052B-E638-4388-ACA2-4A1A733F7751}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{023AD6AA-BC6C-4979-908C-08F8A6DAABE1}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E00ED2C7-2BEA-4736-9B95-1B8E0BA55E9B}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CD6821E-4925-45E5-995E-11E5CEB69A27}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{19164477-E5A7-4D67-A326-B945FE0691F7}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F66A6EA-3204-4ED4-8D47-AADE97DDFC81}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{691720EA-7AE5-430B-867B-73E6F6F389DE}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29AB2D05-9A9D-46FA-81A9-71C5D0426E14}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CAC0295-C572-4BA4-9904-CF92BEB37884}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D3ED218-EE62-4617-9E79-6C3B72A9F7C7}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21D811F2-9C2F-47C4-BBB7-10DDAB1122E0}] => D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Restore Points =========================

10-12-2016 00:42:43 Restore Operation
10-12-2016 01:02:52 Windows Update

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2016 01:30:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu(1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/11/2016 01:29:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu(5).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/11/2016 01:29:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu (3).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/11/2016 01:29:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu (2).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/11/2016 01:29:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/11/2016 12:17:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 40c8

Start Time: 01d25386e1f34da9

Termination Time: 388

Application Path: D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: 4f300c8d-bf7a-11e6-8835-902b345e4c6c

Error: (12/10/2016 05:01:16 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2016 12:52:03 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (MorphVOX Pro). Additional information: 0x80070005.

Error: (12/10/2016 12:46:44 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/09/2016 09:17:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dota2.exe, version: 0.0.0.0, time stamp: 0x58347620
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc0000005
Fault offset: 0x000000000001883d
Faulting process id: 0x8f00
Faulting application start time: 0x01d2529ea6dc1086
Faulting application path: D:\Dota 2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e68ee392-be97-11e6-b0f1-902b345e4c6c


System errors:
=============
Error: (12/10/2016 02:58:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2016 05:01:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qbwg

Error: (12/10/2016 05:01:04 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Bitdefender Virus Shield service has reported an invalid current state 0.

Error: (12/10/2016 12:46:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qbwg

Error: (12/10/2016 12:46:32 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Bitdefender Virus Shield service has reported an invalid current state 0.

Error: (12/10/2016 12:43:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (12/10/2016 12:43:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/09/2016 01:52:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 4 time(s).

Error: (12/08/2016 02:18:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (12/07/2016 02:26:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 3 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 82%
Total physical RAM: 8152.03 MB
Available physical RAM: 1419.03 MB
Total Virtual: 16302.27 MB
Available Virtual: 7529.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:5.56 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:326.5 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7B3032F1)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 643F3D28)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 13 December 2016 - 03:57 PM.


#13 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 11 December 2016 - 07:35 PM

Can anyone help?



#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:13 AM

Posted 14 December 2016 - 04:31 AM

Hey Flanean ^_^,

 

 

I would like to tell you that please do not perform any financial transactions on the system till we are not sure that the system is not compromised. 

 

 

 

Download attached fixlist.txt file and save it to the Desktop.
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
Also, are you aware of the following applications?

 

As per the log files, it appears there are 2 user profiles available on the system. One is titled "User" and the other is "Anna". Is there someone else besides you who uses the system? Have you created the "Anna" user profile intentionally?

 

 

Have a nice day!

 

Regards,

Pranav

 

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 Flanean

Flanean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 December 2016 - 06:04 PM

Yes i am aware of all the applications they are harmless as i have installed them myself.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users